323a97082d7485ab69d77892140dcf5d7ef0d25c860ebd1e11374e4a2ad7a803[.]exe[.]zip

General

Target

323a97082d7485ab69d77892140dcf5d7ef0d25c860ebd1e11374e4a2ad7a803.exe.zip
Size

17.5MB
MD5

e53307dac69e924d93685310ed831480
SHA1

7eff4a8affaf011e08254a98c977c6657fae6a0b
SHA256

6f377d0f565718a37e41328b86349e0296af24efabfa972218e05625f9391207
SHA512

2fc489637af5f998a661309e46ff4f9b4408bb40f1756ba7cbb05d439d56dd67149cabda5f2fc32aaa2a84c737cbd5b94cb4886508dc1d0d8889da2dfbdb1a66
SSDEEP

393216:Fit84VkPl3Y13jkFfL/33MLNNV7MOVpp3jO:+7ehY1TkFT33MLNNhZpp3jO

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/323a97082d7485ab69d77892140dcf5d7ef0d25c860ebd1e11374e4a2ad7a803.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/323a97082d7485ab69d77892140dcf5d7ef0d25c860ebd1e11374e4a2ad7a803.exe

323a97082d7485ab69d77892140dcf5d7ef0d25c860ebd1e11374e4a2ad7a803.exe.zip
.zip

Password: infected
323a97082d7485ab69d77892140dcf5d7ef0d25c860ebd1e11374e4a2ad7a803.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE