c92ba16649ee131b682394e971f5ecf325577305470b0b9640951474e9de674f[.]exe[.]zip

General

Target

c92ba16649ee131b682394e971f5ecf325577305470b0b9640951474e9de674f.exe.zip
Size

3.5MB
MD5

994b00cb465d855854bda7951e66c976
SHA1

36eda7e0ddf002bc9bae6bd0b40dd1cd7e419966
SHA256

f0b010f81c47c52660740c56859c4022cc9e9529be2b41f3a9a19007ad82c1b6
SHA512

bb7b5a3f0932332a55812e6ab27646729a289056693feed0124e22ecc675494679d4ab3c249942a8afc4d8451a9c17322ff29e3ddd891705f4854f11e16a00c7
SSDEEP

98304:FzsSVOm0z9wxkK1UUyrsKYe+TV9fZi1yYLoaLMthX:FpgjeMsRkNLVMf

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/c92ba16649ee131b682394e971f5ecf325577305470b0b9640951474e9de674f.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c92ba16649ee131b682394e971f5ecf325577305470b0b9640951474e9de674f.exe

c92ba16649ee131b682394e971f5ecf325577305470b0b9640951474e9de674f.exe.zip
.zip .ps1

Password: infected
c92ba16649ee131b682394e971f5ecf325577305470b0b9640951474e9de674f.exe
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE