837ff123b437e094c5ec4fb7e86f801d075479047ec6b9aa9aea02060ac0dcb4[.]exe[.]zip

General

Target

837ff123b437e094c5ec4fb7e86f801d075479047ec6b9aa9aea02060ac0dcb4.exe.zip
Size

93.5MB
MD5

f7a63667a3e78a02869638c2ad07d9d6
SHA1

3b0fa178064a7c1bd6672fca7fe7a592febe38f0
SHA256

0a52e1fd68b93e97f8a6ba8abc7b128b212b888543772d731afc6aaedde5ea4c
SHA512

2e4279e4ef84b18e174d2e6fe1d6f4eb6520e88182e172cb989f4ffb009eb9a9ff9f4bb056f7c66c37e5560b7aa16de9989f856e1b80235b9b402e13f6a848af
SSDEEP

1572864:tndEmgOVvXA3EgKSd/wm2TY+qJ85PEAKwBcHaIdNcPH820z3leTMN2TAxT1B8TUP:tzHvw3ElEwFlY8+AWNc6lA6fKX7oz1

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/837ff123b437e094c5ec4fb7e86f801d075479047ec6b9aa9aea02060ac0dcb4.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/837ff123b437e094c5ec4fb7e86f801d075479047ec6b9aa9aea02060ac0dcb4.exe

837ff123b437e094c5ec4fb7e86f801d075479047ec6b9aa9aea02060ac0dcb4.exe.zip
.zip

Password: infected
837ff123b437e094c5ec4fb7e86f801d075479047ec6b9aa9aea02060ac0dcb4.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE