c9da3b1d7af1a23bdb5bcc62db6914d7dbe3e0bc06f0dd649e817754626c5320[.]exe[.]zip

General

Target

c9da3b1d7af1a23bdb5bcc62db6914d7dbe3e0bc06f0dd649e817754626c5320.exe.zip
Size

3.2MB
MD5

7cbcee483832c0452393b7d6578acf17
SHA1

d8c17a520862d3d4eee7f06283a8a49e82539b78
SHA256

01bb1c177509f33d91a77d2e728eb5f3de44e23ad4c190821d2ee46c623dfdae
SHA512

cde13915663dcd60833e0f52af45ea2acb7ad33e3c57ad6e194950ad0cda9804dd6f9f20ee0538642acb84b15bf1b3c7337267e86c6ac1a52cdf4d6a44d1153f
SSDEEP

98304:bLk1YxWOplGqF1CbUuwV4Mcae2hRyzh+YPi9BRto8PHF6zH:bLk1YxVpl9bYwjNhRy8YPuvtDPHM

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/c9da3b1d7af1a23bdb5bcc62db6914d7dbe3e0bc06f0dd649e817754626c5320.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c9da3b1d7af1a23bdb5bcc62db6914d7dbe3e0bc06f0dd649e817754626c5320.exe

c9da3b1d7af1a23bdb5bcc62db6914d7dbe3e0bc06f0dd649e817754626c5320.exe.zip
.zip

Password: infected
c9da3b1d7af1a23bdb5bcc62db6914d7dbe3e0bc06f0dd649e817754626c5320.exe
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE