18efe1ff6e54ee6f595a6271088b62623a7d0a5eca274fc5b31e082161d29671[.]exe[.]zip

General

Target

18efe1ff6e54ee6f595a6271088b62623a7d0a5eca274fc5b31e082161d29671.exe.zip
Size

3.2MB
MD5

a89c9ab86dd31269e6dda25dc0cd564d
SHA1

a2ea4a58c3e10cd4ec3381313efe8cd6fc458e36
SHA256

d1eba0be766314837a14d7df01ff27577ffbd84703e631bd170ff2de643f78cb
SHA512

f2a864f90573fbdfc96cf7610e84349c02aa8f091141d222c1ac48ceeb09fab015d5c619f43460bca519cd79104d438481385b3ad88f3c6689a15ae52583207f
SSDEEP

98304:QOvSla5x9s9V1z8l+nmwTUduH9x8Z6SpAjBD:O4n9s9VGlmmjdk94DujBD

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/18efe1ff6e54ee6f595a6271088b62623a7d0a5eca274fc5b31e082161d29671.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/18efe1ff6e54ee6f595a6271088b62623a7d0a5eca274fc5b31e082161d29671.exe

18efe1ff6e54ee6f595a6271088b62623a7d0a5eca274fc5b31e082161d29671.exe.zip
.zip

Password: infected
18efe1ff6e54ee6f595a6271088b62623a7d0a5eca274fc5b31e082161d29671.exe
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE