3595f88cbf95406689f5faf171b180d6a0a1be6ab9a9e00c992194236f1ee628[.]zip[.]zip

General

Target

3595f88cbf95406689f5faf171b180d6a0a1be6ab9a9e00c992194236f1ee628.zip.zip
Size

4.0MB
MD5

bf824bf848a119dd0efdab74ca746830
SHA1

71e66f420b38917b674aab410435ea1816788a28
SHA256

cc758e6605bd0356720cf4f8d836a489688a4bf574b12e9b67f25916ef43575e
SHA512

ba997ceb672b727b4f62ee1f27cfb7b741046e9dc45f25d1b0fa10a35a92ddfb9cf88489065782a0dd9fdae30760986515cd676f872512971892bfc3a921eb1f
SSDEEP

98304:l/cj8lfehiHOOWMYW2n1dZe0bf0BHXoKQDYpWHDav2of6M:ijXkFHo0pQU0Q6M

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/E_FARM_5_2.EXE	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/E_FARM_5_2.EXE

3595f88cbf95406689f5faf171b180d6a0a1be6ab9a9e00c992194236f1ee628.zip.zip
.zip

Password: infected
3595f88cbf95406689f5faf171b180d6a0a1be6ab9a9e00c992194236f1ee628.zip
.zip
E_FARM_5_2.EXE
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 14.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE