0000bfd0097f09c17ccc0968dd02f6f1984cd1d0c97d9e32e4eceaeb0b42bfad[.]zip[.]zip

General

Target

0000bfd0097f09c17ccc0968dd02f6f1984cd1d0c97d9e32e4eceaeb0b42bfad.zip.zip
Size

248KB
MD5

77a3740d93cb40119e7b5be75802cbb4
SHA1

7e658c8ed62e5bca6868393d7fc3b9a8b1ce598b
SHA256

b2118982a39154669be41c949bae28ee6cc908d38f22fee57d9041697d0ba760
SHA512

62861cd099528b5492c531b0158dadb3d4207cb5f923bfaa8de07e3304c582a46c78710ea44c8c0ba8a3d776519d24b32683321d627dd64d0d34fc8cb5d3dfbd
SSDEEP

6144:BbGeA25oLNBnMdlO6qp2kpbr7PHyGBmq+peEiP/M+oM:fz1dMrAkJP5B9Y21

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/MajHLI.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MajHLI.exe

0000bfd0097f09c17ccc0968dd02f6f1984cd1d0c97d9e32e4eceaeb0b42bfad.zip.zip
.zip

Password: infected
0000bfd0097f09c17ccc0968dd02f6f1984cd1d0c97d9e32e4eceaeb0b42bfad.zip
.zip
MajHLI.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 247KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MajHLI.xml