0b5be63fee764ca3e32f38da18698dd579a807f92ef458824247ddbb94b0a8bc[.]exe[.]zip

General

Target

0b5be63fee764ca3e32f38da18698dd579a807f92ef458824247ddbb94b0a8bc.exe.zip
Size

1.1MB
MD5

0e2a79b82a0895599c6f7269469be2c9
SHA1

3004c1a85682d44b9d9fecb1c66ac44037e4a27d
SHA256

21d58f0e35d45f0c6528dfeca8742654425970b7f35c06ff5b6c0bb214de370f
SHA512

8f76e429ea9944d924834781065ad68e45408a05c20a7a071bbab025cb86c0321b502a8945f82a5efdda2a152c67a0e023310deb38e33cc344c20bbddc3efb34
SSDEEP

24576://VHUb6icxU8J9bsuLWsHgH+peIrxXjES3uEPnghj/f+yrJ:H2GNHsuvHKoeU5red2yrJ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/0b5be63fee764ca3e32f38da18698dd579a807f92ef458824247ddbb94b0a8bc.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0b5be63fee764ca3e32f38da18698dd579a807f92ef458824247ddbb94b0a8bc.exe

0b5be63fee764ca3e32f38da18698dd579a807f92ef458824247ddbb94b0a8bc.exe.zip
.zip

Password: infected
0b5be63fee764ca3e32f38da18698dd579a807f92ef458824247ddbb94b0a8bc.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma1
Size: 916KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE