10b454f3b1952aa3a6d60f02c1f1bf59fc6a09c41755c5a54ff0afd21cccfbcc[.]zip[.]zip

General

Target

10b454f3b1952aa3a6d60f02c1f1bf59fc6a09c41755c5a54ff0afd21cccfbcc.zip.zip
Size

167KB
MD5

a0612a0528a85ffa2126ba97dfa4fddc
SHA1

f31dd0af3d68801e7ab3285899d0c9b3c5f33c66
SHA256

2136f4cc451c3ad5f0d82e9991b4b6ad54212a671865d1ff28bf8657a8d0bf65
SHA512

13d3f7cb5af02b12749b0a0bb9a919a3f05a5327b76605fd5c417b6293ee663f81415faaca5ef4552ea03a85b88fe24d89f7faacd8f9cb3f9594ac69d841b094
SSDEEP

3072:2ZpUQcNAWZT54aGo6YydvZGz/alshJiMWxHieSCSUKLht80gQQc:7QcNlJ6YQRcEMWxHpSCSUQh9

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/232_Read.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/232_Read.exe

10b454f3b1952aa3a6d60f02c1f1bf59fc6a09c41755c5a54ff0afd21cccfbcc.zip.zip
.zip

Password: infected
10b454f3b1952aa3a6d60f02c1f1bf59fc6a09c41755c5a54ff0afd21cccfbcc.zip
.zip
232_Read.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE