e684e957996c6a1baa8baf8a75780c36ddd8f9078692f99ae43b7baefb9fb12b[.]zip[.]zip

General

Target

e684e957996c6a1baa8baf8a75780c36ddd8f9078692f99ae43b7baefb9fb12b.zip.zip
Size

362KB
MD5

308eafa8e5654a0758af1b5216cf9a76
SHA1

ca716e6e13c504e3e6c0bda7df2c160ed9798339
SHA256

84e3169643fd6d9a96a4c2f53c8018942d0e39802528b8572b037a4fcd6717ff
SHA512

8b8852ff45db1b9fb62df017e4f07a184a5a644eea5df777832f18df1531393c825bef074caf5d43e5f1af62508326525480f1ded47784d9b1c00d337433ecd3
SSDEEP

6144:rOistnVvrtS0bQUGOFAjzyzXWPcNCbreREW8qD4kJb9+1qa87/MdCHBo+1U:rWnprdbHG4+MWGZEz6JJQMD2ChjU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/TorrentSpy-0.2.4.25-win32/TorrentSpy-0.2.4.25.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/TorrentSpy-0.2.4.25-win32/TorrentSpy-0.2.4.25.exe

e684e957996c6a1baa8baf8a75780c36ddd8f9078692f99ae43b7baefb9fb12b.zip.zip
.zip

Password: infected
e684e957996c6a1baa8baf8a75780c36ddd8f9078692f99ae43b7baefb9fb12b.zip
.zip
TorrentSpy-0.2.4.25-win32/TorrentSpy-0.2.4.25-win32.nfo
TorrentSpy-0.2.4.25-win32/TorrentSpy-0.2.4.25.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE