a5cef3ef958f9a6e8eaab0349193c51614ccdcdae1969cc59893ee0f85a7e473[.]exe[.]zip

General

Target

a5cef3ef958f9a6e8eaab0349193c51614ccdcdae1969cc59893ee0f85a7e473.exe.zip
Size

3.5MB
MD5

12fa21c64621e733c2373e433314a8bb
SHA1

396348ee68298efea451e726400fd40be3d0134c
SHA256

ac29aa69b3f93c7a0a63c205b12927aa506fb7daf7b701377ea537c1bf8fda37
SHA512

4f05c9511eb81183511ac2105d9cde4985d77694c8db30fac48f69eb43b7d73bbc6d80836277ef18b5970e22a8f0f9d5418822eccd96e4217b2126aa50e63317
SSDEEP

98304:VMP7SwQNDM+ikPF3CCryBogHHyCEi/kApx6pWq15u:VM3gDM+dPF3TwogHHEG

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/a5cef3ef958f9a6e8eaab0349193c51614ccdcdae1969cc59893ee0f85a7e473.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a5cef3ef958f9a6e8eaab0349193c51614ccdcdae1969cc59893ee0f85a7e473.exe

a5cef3ef958f9a6e8eaab0349193c51614ccdcdae1969cc59893ee0f85a7e473.exe.zip
.zip

Password: infected
a5cef3ef958f9a6e8eaab0349193c51614ccdcdae1969cc59893ee0f85a7e473.exe
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE