349a9334881f133d01ac8fb41c7a1cab15a707836a2dcf0914f651f9a049b2a1[.]exe[.]zip

General

Target

349a9334881f133d01ac8fb41c7a1cab15a707836a2dcf0914f651f9a049b2a1.exe.zip
Size

845KB
MD5

1e0acd57996c692690c68d6fabf535d3
SHA1

d3517311ad34758879c881527a4849d05ba9c9bb
SHA256

85c6ef3236b8c0d0dd9c3f2665162928cf2496e0e0a5c10ec415f43bb5a5569b
SHA512

f2151cc18da6e211654a81c25683134eb0ace033f80c0dbd5532a380d854f81b0c90f13cbd8f97a31b59c0576e9a4c09521191ae1492883d4ef569b3afe93edb
SSDEEP

24576:V/qi5T4R5jnnRxEAay8zntP/ISoTYD64Axz7i:VC+4v+AKtXISkyAxzG

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/349a9334881f133d01ac8fb41c7a1cab15a707836a2dcf0914f651f9a049b2a1.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/349a9334881f133d01ac8fb41c7a1cab15a707836a2dcf0914f651f9a049b2a1.exe

349a9334881f133d01ac8fb41c7a1cab15a707836a2dcf0914f651f9a049b2a1.exe.zip
.zip

Password: infected
349a9334881f133d01ac8fb41c7a1cab15a707836a2dcf0914f651f9a049b2a1.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 754KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE