18dff74e00f29141dff6af97088aaa2bc8123df68361c8133b957ca1ba90c07d[.]exe[.]zip

General

Target

18dff74e00f29141dff6af97088aaa2bc8123df68361c8133b957ca1ba90c07d.exe.zip
Size

8.2MB
MD5

99d38618140d64288e52ea25cf62e905
SHA1

ca53d5591945e87017ae3793026f86c5d4b46f82
SHA256

c8c377dfa96e42fcd429167411a71785badcd921cc632a73fa05078c27752b96
SHA512

fedfd5c28b7ff138bea1e89d4b89d66690e77d53dfbda417c49130b0ad8a8559c4a0286ddf7251705efc92932a8d472663d8106eae9a5585b861ad4ef9bdd262
SSDEEP

196608:N2WGtuSL8FVSZKrJjO6CIu7CkNhRN1FhpT+mA47WA:N2lrL8FVAT6M7hNnFhp33

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/18dff74e00f29141dff6af97088aaa2bc8123df68361c8133b957ca1ba90c07d.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/18dff74e00f29141dff6af97088aaa2bc8123df68361c8133b957ca1ba90c07d.exe

18dff74e00f29141dff6af97088aaa2bc8123df68361c8133b957ca1ba90c07d.exe.zip
.zip

Password: infected
18dff74e00f29141dff6af97088aaa2bc8123df68361c8133b957ca1ba90c07d.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 11.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE