860f318a98441dcd59cc18eedda665bf29782488409d4fd75b922f6f6f182967[.]exe[.]zip

General

Target

860f318a98441dcd59cc18eedda665bf29782488409d4fd75b922f6f6f182967.exe.zip
Size

303KB
MD5

6e96d78f7ae0d735fd1c73790f82b665
SHA1

b228c1ccc72ca958c211ea433d6ace5987b240a1
SHA256

bdffdb3c572827c32a7747927acb24096332dc854371acbfcf468e8c992e8fe2
SHA512

53e1ab71478d64e0e73da1d7d66d23fa5a74cb12e6de118a554d07779604e10e4b11a89bf49e565a9387825995388c044a324cd866f74f642e982b79fcab3076
SSDEEP

6144:JIajkdgL6tFzvAJC62a2E5z8v8ApKTLnNp5VMhBc7twP7Z8:aaI1fvAJb2a2E5z8kApALfQhBc7OP98

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/860f318a98441dcd59cc18eedda665bf29782488409d4fd75b922f6f6f182967.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/860f318a98441dcd59cc18eedda665bf29782488409d4fd75b922f6f6f182967.exe

860f318a98441dcd59cc18eedda665bf29782488409d4fd75b922f6f6f182967.exe.zip
.zip

Password: infected
860f318a98441dcd59cc18eedda665bf29782488409d4fd75b922f6f6f182967.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 303KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE