6e1806c27f6cf547af6aef078b2bbfdd9343a495bf3f5da4e92368ee86c004ac[.]exe[.]zip

General

Target

6e1806c27f6cf547af6aef078b2bbfdd9343a495bf3f5da4e92368ee86c004ac.exe.zip
Size

3.4MB
MD5

2934d1240b23ccf8f6721f78969d8b57
SHA1

dcc29e9db120c7669e280902db3c6f5267a84f86
SHA256

0c0be0ffe817cc93afc4cbf7e83c79e3ba6bb94f1593784fcb6c82f532322030
SHA512

6e7382f08ce8d4a7ca95c103be64b940eafa83a2c73e208bbcfe52e8ccfb9711f76b622d1350a9654137dcc526e6d045d955594171ee71616ab2ed5101ad29ef
SSDEEP

98304:F1HH2NIUVlR5nmMBDum94wdcV9p/69oFe:foJ0MBkpV7/69oM

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/6e1806c27f6cf547af6aef078b2bbfdd9343a495bf3f5da4e92368ee86c004ac.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6e1806c27f6cf547af6aef078b2bbfdd9343a495bf3f5da4e92368ee86c004ac.exe

6e1806c27f6cf547af6aef078b2bbfdd9343a495bf3f5da4e92368ee86c004ac.exe.zip
.zip

Password: infected
6e1806c27f6cf547af6aef078b2bbfdd9343a495bf3f5da4e92368ee86c004ac.exe
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE