cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb[.]exe[.]zip

General

Target

cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe.zip
Size

426KB
MD5

461d293a17a2533fddf11fbe30d3ded7
SHA1

18cc3818672fd5875819bc3484f1752b68dc09cc
SHA256

51d78c63dc8da30d54e2fbedbe839e0bd1f156229546a01b60becfed82062c69
SHA512

77454ec471baa29cc751d000500ae853a7cf53c0165cd935d9bd132d2d62fdb5d46b34766f9684a825cb66d248b8cf1e7cb9e983205581d044e90b440317b6bf
SSDEEP

12288:JULVSKgNIihOOUSvopNGdhf+JnDgB/J1oCgett6yD5E1S:JU4K8OOUSvopchmDg9J1RpSS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe

Files

cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe.zip
.zip

Password: infected
cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe
.exe windows:4 windows x86

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
GetVersionExA
LoadLibraryA
LoadLibraryExA
OpenProcess
WriteProcessMemory
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 441KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: - Virtual size: 660KB

UPX1 Size: 150KB - Virtual size: 152KB

.rsrc Size: 441KB - Virtual size: 444KB

.pe Size: 1024B - Virtual size: 4KB

UPX0 Size: - Virtual size: 2.1MB

UPX1 Size: 203KB - Virtual size: 204KB

.rsrc Size: 13KB - Virtual size: 16KB

pebundle Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 660KB

UPX1
Size: 150KB - Virtual size: 152KB

.rsrc
Size: 441KB - Virtual size: 444KB

.pe
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 203KB - Virtual size: 204KB

.rsrc
Size: 13KB - Virtual size: 16KB

pebundle
Size: 8KB - Virtual size: 8KB