927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547[.]exe[.]zip

General

Target

927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe.zip
Size

457KB
MD5

7d167f0a8015d5f5e1faf5632766211a
SHA1

d3f0b5fc882f3e14196dba197fbf22e45a9a8b63
SHA256

7e21ded0fe5abc951b9a0576d31ccd8275d921d551f8175a56e4b8d16b4e03de
SHA512

0050e09b6af69b0a68464002218736bfba250dc4fd33d93ee41f238d55bcd582209f5787ca80bb6c38c83e5dc4f4e28a13c60784fb8e8e9f0ea7f6d939facac4
SSDEEP

12288:fd59kuDCqlvDcQOE8lWu6Spd5VAQpgLFhhz5EKFgE+C:hk4vDcQOLIu6SpdzAQpgLXN5EBE+C

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe
unpack002/out.upx

927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe.zip
.zip

Password: infected
927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 460KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ