1851c3618e068caef8f0b9c8dea6f102df066ff9da3c4dee23e738fc1ab78593[.]zip[.]zip

General

Target

1851c3618e068caef8f0b9c8dea6f102df066ff9da3c4dee23e738fc1ab78593.zip.zip
Size

140KB
MD5

c2b06cfc5beee594673daa79beba5123
SHA1

3771bf9088f52830cf1f9e8b3680e316ab5d6f05
SHA256

ce2ce85c68e7214f199e4aa12f53b0d56fefe25315a90af2151a25bb981daf7a
SHA512

897b7dc2b1eca8b1cc52c316aeccb3e8fb1c4dbe883874fe44b2e6e8b2d05e507965b9514625d37a683baa162c36649c9d701a57f58fa0c2d2b849c9e3fed1be
SSDEEP

3072:cdheTtUeZRc5w9T0U8wW13s4xtySW0jiSkWodL1P2XBUujUz3a:cdyKa0lwsjxMAuSkWEUBA3a

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/tHe_S - patch 0.1 alpha.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/tHe_S - patch 0.1 alpha.exe

1851c3618e068caef8f0b9c8dea6f102df066ff9da3c4dee23e738fc1ab78593.zip.zip
.zip

Password: infected
1851c3618e068caef8f0b9c8dea6f102df066ff9da3c4dee23e738fc1ab78593.zip
.zip
tHe_S - patch 0.1 alpha.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE