565951c76c7a22d57ff56ec826aed0b348ecf64eff731f69dd276f1946609d7e[.]exe[.]zip

General

Target

565951c76c7a22d57ff56ec826aed0b348ecf64eff731f69dd276f1946609d7e.exe.zip
Size

4.5MB
MD5

4d27788bc7cb3e72d0f196d72b670776
SHA1

ed719db7d266385c82695b86960d16ab3f326305
SHA256

25e6153e1e4b900a3e8716a7e6ef2467ac6dc3fc6f3f8414abcff63af221906f
SHA512

14f9de28ce76bd0f403d0e7251c8c714bc24562f7f787bbe9dbed5336c306b703fb17d5ac842e05e115bfec6ce2ba05cb4342012660614d69c9adb18c22b18fb
SSDEEP

98304:vzlYhPnAX3e1vwq1rY5Mq/8f8+s9QTyBAtedQgXI7f1PWb:vzge3e1v1rY5J/U8l9QTyBAaXI7K

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/565951c76c7a22d57ff56ec826aed0b348ecf64eff731f69dd276f1946609d7e.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/565951c76c7a22d57ff56ec826aed0b348ecf64eff731f69dd276f1946609d7e.exe

565951c76c7a22d57ff56ec826aed0b348ecf64eff731f69dd276f1946609d7e.exe.zip
.zip

Password: infected
565951c76c7a22d57ff56ec826aed0b348ecf64eff731f69dd276f1946609d7e.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE