b110f849dab45540ce6cb40dc6f094a0bc181b3d91c4879a23a4733e6ff64775[.]zip[.]zip

Sharing

Target

b110f849dab45540ce6cb40dc6f094a0bc181b3d91c4879a23a4733e6ff64775.zip.zip
Size

64KB
MD5

2266713103e1d10af3b04974eec864a8
SHA1

460319b30d6acc654d51f7176778580c52e61ece
SHA256

1b139b53729da04743b162c3d9e8fa126ff39449713715a20b295b82da4297bc
SHA512

1ff58b1589c3045c9cd7fc3f3c80d9f0860c343fcd6cde22e6ba27ca0297d064695841a7c84ec49e8eabea8daf03896e8f6592de796d84cb7c9aecd86e572888
SSDEEP

1536:4jqMBt6jEz1MyegH2kL4vX60Q8z0OyV7cGz/sodHTtEwJSDy:4+RjeMSL4vX60Q8z0O1Gz/rHTtjS+

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/sameon.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/sameon.exe

b110f849dab45540ce6cb40dc6f094a0bc181b3d91c4879a23a4733e6ff64775.zip.zip
.zip

Password: infected
b110f849dab45540ce6cb40dc6f094a0bc181b3d91c4879a23a4733e6ff64775.zip
.zip
file_id.diz
sameon.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 988KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
surprise.nfo