01224939ac638e6021b1d26a780f6696dc3d7d23954d0327077a7c398e89c4d7[.]exe[.]zip

General

Target

01224939ac638e6021b1d26a780f6696dc3d7d23954d0327077a7c398e89c4d7.exe.zip
Size

848KB
MD5

2369914c674f6b8525a932b594458f0b
SHA1

cff017e7aa61a1e8d24e032378db918b20faf7c9
SHA256

fe6f645f146a4416beef5c2d9b431467ae6bbd88e0c5aa854b055033dcb2a4d7
SHA512

dd5e9df8f146332da28409be491eb6062f6d2b2705ee69a9bf82dec0ec5c2e7c61f7282010605f794a2e469c42453395e4fd04d7a479ef77aeb966f5da11df43
SSDEEP

24576:VTLHKqYZDfNK5UmY0vlt5tm/KI3M3WPUUzbyVf:p+fLstEPzbQ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/01224939ac638e6021b1d26a780f6696dc3d7d23954d0327077a7c398e89c4d7.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/01224939ac638e6021b1d26a780f6696dc3d7d23954d0327077a7c398e89c4d7.exe

01224939ac638e6021b1d26a780f6696dc3d7d23954d0327077a7c398e89c4d7.exe.zip
.zip

Password: infected
01224939ac638e6021b1d26a780f6696dc3d7d23954d0327077a7c398e89c4d7.exe
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 804KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE