69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34[.]exe[.]zip

General

Target

69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.zip
Size

4.0MB
MD5

687efe1533bcc03d7336f5c005d46ed4
SHA1

6070b395b735fb987d27e5415c8168d0eefbd23b
SHA256

c3b6b919a0bb74a042da9fe83dbe24886922ac73aeb454ffd7f75c7f01e36511
SHA512

a970b67074645dee777d1c874e8f53bf85e5dd95397a8da77c210351789ef7ca59566cf1e37b74a619f144ab19c5d6386532e26602728d4ef07b863adce42c6b
SSDEEP

98304:DWQql3WwzG9lJJucn+nzSMa2dKWqcIRfS:DNqdWw4JJQSidh/v

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe

69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.zip
.zip

Password: infected
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 13.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE