a48fdda1fa0c1fbd2dd34b9c4150da301af28089aa07ab170d6d0697c0c43326[.]exe[.]zip

General

Target

a48fdda1fa0c1fbd2dd34b9c4150da301af28089aa07ab170d6d0697c0c43326.exe.zip
Size

6.9MB
MD5

9ac9a67595bd0c5982e70fa214ea5381
SHA1

6804d69458d0a999f5a5fee9e79245e1fb25f552
SHA256

ac629384d8690753d7d5c4bfa03513cf305639dd3d02be4fc76fc5c009fb5d43
SHA512

5d5e595cf936732535a1e82ee18714fcf54f3c81e9ce34ef0f7810bbe12354996819c9816580223dc6869dcc20e03ceacea0f03314e475bf2187e575ebc94663
SSDEEP

196608:l95w+//rz7SlxsGvdPfZyqSFoaf8qcM4d+7n:lf//rEZdSTfJC+D

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/a48fdda1fa0c1fbd2dd34b9c4150da301af28089aa07ab170d6d0697c0c43326.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a48fdda1fa0c1fbd2dd34b9c4150da301af28089aa07ab170d6d0697c0c43326.exe

a48fdda1fa0c1fbd2dd34b9c4150da301af28089aa07ab170d6d0697c0c43326.exe.zip
.zip

Password: infected
a48fdda1fa0c1fbd2dd34b9c4150da301af28089aa07ab170d6d0697c0c43326.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE