b0bbba50c4b4fabd29a1940e8d25a7ea0c528324df7cbbba146dba36a5d593d9[.]exe[.]zip

General

Target

b0bbba50c4b4fabd29a1940e8d25a7ea0c528324df7cbbba146dba36a5d593d9.exe.zip
Size

276KB
MD5

a88266d09a1d207d86487bb284835482
SHA1

78b06e4d7891190def001b565f2243f93ad951d1
SHA256

61ac7768c4775752206437fe0963583ab66cf12d4840cb84786f73fc0ea3de38
SHA512

87c0ce2356b1d4b90a12627da807d4bceb9b8e6acd52462cdea58ffd32fb4e08812e2545d2797853328ee96a061fd7031deb812f2bcdb253335506e5bf33b3f1
SSDEEP

6144:oirRUpTwa1u9l+pjyAU9PpOjs7gbPTkH+NqFJLqLYGP:o6RUpTwa1FuP+wGHIfmLR

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/b0bbba50c4b4fabd29a1940e8d25a7ea0c528324df7cbbba146dba36a5d593d9.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b0bbba50c4b4fabd29a1940e8d25a7ea0c528324df7cbbba146dba36a5d593d9.exe

b0bbba50c4b4fabd29a1940e8d25a7ea0c528324df7cbbba146dba36a5d593d9.exe.zip
.zip

Password: infected
b0bbba50c4b4fabd29a1940e8d25a7ea0c528324df7cbbba146dba36a5d593d9.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 276KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE