ae1d5e1c4f82bf4f35ed906b465705c900e578b86c7760e507e61e0ff52d18bc[.]exe[.]zip

General

Target

ae1d5e1c4f82bf4f35ed906b465705c900e578b86c7760e507e61e0ff52d18bc.exe.zip
Size

1.8MB
MD5

fc6a40e5d81f22b87941e122575c7853
SHA1

93843aa62134c64a9af47ddf1bb2b716a6963877
SHA256

362bca01eccee31c5e61bfd84dcc9a8ba7608806fa3e6f741269a9adf8341247
SHA512

4810fcc90171421883d6b7dee1568c6efc08d4f085de3b63e5473ff9966091f0e37b7eff682ef1f1df39f63ba630300018d304391b48564d2d9f573e02d5c933
SSDEEP

49152:s+S/4zjjq4aNZdMojYW71YWdcPjD2kmxxGDqOxjYPLIO3:zSwPj8tb1YWdcP8xGDqOxjU3

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ae1d5e1c4f82bf4f35ed906b465705c900e578b86c7760e507e61e0ff52d18bc.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ae1d5e1c4f82bf4f35ed906b465705c900e578b86c7760e507e61e0ff52d18bc.exe

ae1d5e1c4f82bf4f35ed906b465705c900e578b86c7760e507e61e0ff52d18bc.exe.zip
.zip

Password: infected
ae1d5e1c4f82bf4f35ed906b465705c900e578b86c7760e507e61e0ff52d18bc.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE