ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9[.]exe[.]zip

General

Target

ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe.zip
Size

72KB
MD5

0d79af89964c9b1231c63e050bae156b
SHA1

221b839fc9ba3f8fff7ea6a3be4bcdd6d0eea982
SHA256

9f66cd328b81e9b9771baf08fda1c25dccc2a91f3cbf1b47c66fdfe395f2e16a
SHA512

6174299d191a5dafc1677a24369880272c64945d63ab81c82defbf0860daf58ec500a881b01157b62d7a3186a1206e2c3449f57cb048d389ed9c447389b52b95
SSDEEP

1536:H0R6UvypjfuhiSugluQysjcn0PP5du7KoCuK3lLB0hOVwNf:H6XCT4FLjcn0HqGoCuK1L29Nf

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe
unpack002/out.upx

ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe.zip
.zip

Password: infected
ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VPX1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ