989b500ba4ae423d0bc88fdd8eb0d377f20fa29c3c8f0bd84377ff5792755319[.]exe[.]zip

General

Target

989b500ba4ae423d0bc88fdd8eb0d377f20fa29c3c8f0bd84377ff5792755319.exe.zip
Size

645KB
MD5

167de19e29199757188b33acc99d1feb
SHA1

bc0ffc61ecb0582ef338b6a0a182e6b56f5f98a3
SHA256

aca733aaa203a6627839ccc939840144225c6d83e851c15c27285cc0b2c33b3c
SHA512

4b281f18da331bbf78040d92c4f96c28df3f5886461df73cabf5030d50d5424a6626a7a19118e26af7ec0e638666a4322a63c7fb7a4006cc8f3eebbe073656df
SSDEEP

12288:FWVOIG+u43alwPbPHMhTyFKq/sTiSh2hWWnUVSC4CiMwdrjeN6VuPsH08H0bL6hT:Ycr+uwswTPeyMq/s2SgMWnUVdF8i6VuK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/989b500ba4ae423d0bc88fdd8eb0d377f20fa29c3c8f0bd84377ff5792755319.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/989b500ba4ae423d0bc88fdd8eb0d377f20fa29c3c8f0bd84377ff5792755319.exe
unpack002/out.upx

Files

989b500ba4ae423d0bc88fdd8eb0d377f20fa29c3c8f0bd84377ff5792755319.exe.zip
.zip

Password: infected
989b500ba4ae423d0bc88fdd8eb0d377f20fa29c3c8f0bd84377ff5792755319.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 612KB - Virtual size: 616KB

.rsrc Size: 65KB - Virtual size: 68KB

Headers

File Characteristics

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 9KB - Virtual size: 9KB

.rdata Size: 196KB - Virtual size: 196KB

.eh_fram Size: 158KB - Virtual size: 158KB

.bss Size: - Virtual size: 68KB

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 250KB - Virtual size: 250KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 612KB - Virtual size: 616KB

.rsrc
Size: 65KB - Virtual size: 68KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 9KB - Virtual size: 9KB

.rdata
Size: 196KB - Virtual size: 196KB

.eh_fram
Size: 158KB - Virtual size: 158KB

.bss
Size: - Virtual size: 68KB

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 250KB - Virtual size: 250KB