f64e09f76f30a8ab341d174353a9451dec19bae39fb01cf25970ed6720f23e5d[.]exe[.]zip

General

Target

f64e09f76f30a8ab341d174353a9451dec19bae39fb01cf25970ed6720f23e5d.exe.zip
Size

164KB
MD5

8c38a7cdc6d184afd1244044da0b8b47
SHA1

f6929b34b62a9abdb4ec853559e6a914d95df490
SHA256

de6a9d9e6b89c9a1008eba877bb18f2445174308b97c9e6dfe478f78e32c4d22
SHA512

4589abb965af3a941834244f4cbdd33998f6246e037e0b8f15dc437e7dea6a01622388b4eb966938fe1e6cebd662ca64fcc8dc0dc95c9c9a1962d23852982d82
SSDEEP

3072:/tbOirgLabD0IkRAqst5X86alJkjpzkCxPzaCIEI9woDmU2RsaLl3wNs:ZOirgLabU+t5N0bO3IEI9woV2jlwC

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/f64e09f76f30a8ab341d174353a9451dec19bae39fb01cf25970ed6720f23e5d.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f64e09f76f30a8ab341d174353a9451dec19bae39fb01cf25970ed6720f23e5d.exe

f64e09f76f30a8ab341d174353a9451dec19bae39fb01cf25970ed6720f23e5d.exe.zip
.zip

Password: infected
f64e09f76f30a8ab341d174353a9451dec19bae39fb01cf25970ed6720f23e5d.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE