642c213f0a3d7d3f416a7ca8c5bef293804c5bc0155e506957bc53057313fd85[.]exe[.]zip

General

Target

642c213f0a3d7d3f416a7ca8c5bef293804c5bc0155e506957bc53057313fd85.exe.zip
Size

266KB
MD5

a6fb14c1f091e5806f52be42c1ab89d9
SHA1

8f45457c72ed0be2ef4155dc5cc5ea1b3ba9672a
SHA256

5ddac396e4c112f54d1e3937552039c91916cd3d7f00e497dc5c33e7c398cd5e
SHA512

df1995d1bb10b88d6bffcb1ce6390634abf34be21cc5600eb24f422490c191c7f65f4697d72fe30f07aa0cd27628895ec10de67675822761719b5c8e842d0e83
SSDEEP

6144:LBjsvDMHfGMVyGQFiWrcVz1kYadyTKh3Mh+BDDlV4MMMSCLD:LBjsrMHeMBlV1kjyTIcwlV45MSCLD

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/642c213f0a3d7d3f416a7ca8c5bef293804c5bc0155e506957bc53057313fd85.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/642c213f0a3d7d3f416a7ca8c5bef293804c5bc0155e506957bc53057313fd85.exe

642c213f0a3d7d3f416a7ca8c5bef293804c5bc0155e506957bc53057313fd85.exe.zip
.zip

Password: infected
642c213f0a3d7d3f416a7ca8c5bef293804c5bc0155e506957bc53057313fd85.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 267KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE