dfff8dcf4b11d09aca6019d12b8f17199f60ed3929a6d6a375d2de97f3db7537[.]exe[.]zip

General

Target

dfff8dcf4b11d09aca6019d12b8f17199f60ed3929a6d6a375d2de97f3db7537.exe.zip
Size

334KB
MD5

69501cd238761bb1ea5f82febbedb0ed
SHA1

8886018e082ca793833b19fae8b8178255812d48
SHA256

133f057e866e79ed399d413d4d3d0a30bd146ef55ead13e2a07742a188f670ed
SHA512

43fd5facdd0bc501355923c0e53edca946352b10e0a2a43b605d08c544693e9599ee9998210aacf106b33fc2adfa8ede2797732f2e687a307a99e73d58d341c5
SSDEEP

6144:WflXxgupKQhPH379t+9zpcDe7sxqwcF//20QnNpXvktbH2wzRRnQw4g/:UBjpKy37qaxTQXLkxvU2mRR6W

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/dfff8dcf4b11d09aca6019d12b8f17199f60ed3929a6d6a375d2de97f3db7537.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dfff8dcf4b11d09aca6019d12b8f17199f60ed3929a6d6a375d2de97f3db7537.exe

dfff8dcf4b11d09aca6019d12b8f17199f60ed3929a6d6a375d2de97f3db7537.exe.zip
.zip

Password: infected
dfff8dcf4b11d09aca6019d12b8f17199f60ed3929a6d6a375d2de97f3db7537.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 696KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 335KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE