078f68ef2454f6c778b396c1b91565639e97432f9a2fbe327f6799d78c7fe2dc[.]exe[.]zip

General

Target

078f68ef2454f6c778b396c1b91565639e97432f9a2fbe327f6799d78c7fe2dc.exe.zip
Size

461KB
MD5

170fbea218dd9011cd22ac60c894321c
SHA1

4787c784f80020358231b81c9b6d0914fdddd17c
SHA256

befa6c47e52166604554f4a460f478025375b271a02900476946bdfb9e998ce0
SHA512

736d1e84fc0d764be0655a3f5b614b329b610fdb0bfc7e78c15c0a2c2fe6c433642f4fd5b8a03032314b73c324f544ece5ba807e493221d328703afc9386b3ee
SSDEEP

12288:yBN/C2Ld2Z+SfAzsBSddN5qhaauWTsY28wycoFtpdTz:CN/CY2w//3NJKTs8WOnTz

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/078f68ef2454f6c778b396c1b91565639e97432f9a2fbe327f6799d78c7fe2dc.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/078f68ef2454f6c778b396c1b91565639e97432f9a2fbe327f6799d78c7fe2dc.exe

078f68ef2454f6c778b396c1b91565639e97432f9a2fbe327f6799d78c7fe2dc.exe.zip
.zip

Password: infected
078f68ef2454f6c778b396c1b91565639e97432f9a2fbe327f6799d78c7fe2dc.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 462KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE