1539235791fd6cafd779f90da3f5a5522c439c0152289dc655c0e77147173655[.]exe[.]zip

General

Target

1539235791fd6cafd779f90da3f5a5522c439c0152289dc655c0e77147173655.exe.zip
Size

512KB
MD5

d1db9381d7ebf7a7aff49cd3104d165c
SHA1

9f36eb4070d2459c73d5fa5c78c5051d0cb341b8
SHA256

b8959fa39e42a01739a8bf57ea17f9787aff24611e250bd5b5fcd4362ffa1411
SHA512

17340337ed1d1b1f33a7243e6a96fcb7136051b12823a614351f2522a3eeea67e6d1a847579f3dbdc3a060fb2e48c7d41a00546ab7d80378e942013dd31d644e
SSDEEP

12288:xbMCLHXOHbOeSGnZx3RJB3WFCByh0VBZkhfvGUX:xIqsbwSWFCMmZqfdX

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/RP-Visualizations.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/RP-Visualizations.exe

1539235791fd6cafd779f90da3f5a5522c439c0152289dc655c0e77147173655.exe.zip
.zip

Password: infected
1539235791fd6cafd779f90da3f5a5522c439c0152289dc655c0e77147173655.exe
.zip
RP-Visualizations.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 486KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE