51097991bff5f18ba604ce4394d3eecf7c4c9c2747c5a9425c668a307de733c9[.]exe[.]zip

General

Target

51097991bff5f18ba604ce4394d3eecf7c4c9c2747c5a9425c668a307de733c9.exe.zip
Size

793KB
MD5

2066515fde68f6bbb9174781c6287248
SHA1

285adf05be12f3a8d592b56465065586b6bb4117
SHA256

d2e52d516b0c32c663fa405d6523097b29abc5c5ac2711dde1be8c7301461dec
SHA512

b70de3c1a147c857d94d885ad5cd35e96502620e7bb75bbb30f90bbf2b22a3230038c1339a600e7e8ddd6b79269645a75f0e072826eb11f4fb0dedd3f929e12d
SSDEEP

12288:uJq3kRo03dWFmCiwLN4s6vxge4u3ibZxAucDD9ojWskJyGJvro96zlRXCfcygGg0:iq3ku6dWF1xL+8WU0SWPzGfLgGgJziT3

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/51097991bff5f18ba604ce4394d3eecf7c4c9c2747c5a9425c668a307de733c9.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/51097991bff5f18ba604ce4394d3eecf7c4c9c2747c5a9425c668a307de733c9.exe

51097991bff5f18ba604ce4394d3eecf7c4c9c2747c5a9425c668a307de733c9.exe.zip
.zip

Password: infected
51097991bff5f18ba604ce4394d3eecf7c4c9c2747c5a9425c668a307de733c9.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE