806062d87954556a9b9ba3eebd5f1f19c216a1cef0e6661c75c22e252f0eef8c[.]exe[.]zip

General

Target

806062d87954556a9b9ba3eebd5f1f19c216a1cef0e6661c75c22e252f0eef8c.exe.zip
Size

717KB
MD5

2130a949c4145bd6d93318ad403d4dad
SHA1

5a89bc8b918d81294b78965bd33a61b802eeee68
SHA256

929da7bda77e9766de4c5d3f1bca0e1cd628f314b9a3cd04fd8b485c653eaa4b
SHA512

8fcd3f1c58d55d19a2fcf657ed4379a84538bb83f8ff3bce3f78b57e44cee9b4e58e6cde1856c994e4d83e3a4e3209f01a5a5c664f744700f00db5f0ee51d32e
SSDEEP

12288:uQZ9Zv10Ow73kYVisCjwDQ3+IC5eWHhRS1rypvle/GwJDU5ardfi9cKzt0sMEXwK:umv1M73kKishDQ3eeWEryDe/GwC5+wuQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/806062d87954556a9b9ba3eebd5f1f19c216a1cef0e6661c75c22e252f0eef8c.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/806062d87954556a9b9ba3eebd5f1f19c216a1cef0e6661c75c22e252f0eef8c.exe

806062d87954556a9b9ba3eebd5f1f19c216a1cef0e6661c75c22e252f0eef8c.exe.zip
.zip

Password: infected
806062d87954556a9b9ba3eebd5f1f19c216a1cef0e6661c75c22e252f0eef8c.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 702KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE