784fedb03a75848abadb551102909d2a2e8156727ff56a278eb905b5952540dc[.]exe[.]zip

General

Target

784fedb03a75848abadb551102909d2a2e8156727ff56a278eb905b5952540dc.exe.zip
Size

404KB
MD5

70d1f5f2deaf43e1c3e1ef98eddabf36
SHA1

179ec6f2a970f855c3d4d556ee09ac142724a8a4
SHA256

b4557d02d97d45840f58ac963c0d737e069a01175149941ceb9c653c711dfd09
SHA512

813430f299beb8ed9acb7e63ac53d7e475cb0b6575b129dbde4b9a142c27b990f6af07edfdbebf8602e5746f3fa321f39eb764e15ec4c1ebcb3b5f2e08f041b5
SSDEEP

6144:jTFcix2LPDSAEpxTUbXc3lvdVQnmvLqhdy2VqQ/zpXORoORL3z33MbpkdTLlKFOf:lPMDSPKbudVVj442L0tH3yEmOEJhXA/

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/784fedb03a75848abadb551102909d2a2e8156727ff56a278eb905b5952540dc.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/784fedb03a75848abadb551102909d2a2e8156727ff56a278eb905b5952540dc.exe

784fedb03a75848abadb551102909d2a2e8156727ff56a278eb905b5952540dc.exe.zip
.zip

Password: infected
784fedb03a75848abadb551102909d2a2e8156727ff56a278eb905b5952540dc.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 397KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE