8247104278bf9d58f5d317a9a302e8883fc601f979795f7461f5b6ccdbc57283[.]exe[.]zip

General

Target

8247104278bf9d58f5d317a9a302e8883fc601f979795f7461f5b6ccdbc57283.exe.zip
Size

116KB
MD5

5e7db9abe4dacd2255a605ef481c1aa6
SHA1

bc259c9fced200e5ad42d67b24231efc3539111f
SHA256

4e93fbc2e24176b055d22a717e662c29994a0e3848e4677c500f9aff1d83e985
SHA512

64f26b01bf22425260743efd3ad902c59fbd3f189a22023b19357097aba0a1a25bdabcbee71faf1589886a9d65d236d0cb8bb9a60db167d5a25191bc8eeb79db
SSDEEP

3072:xfAPNECk8wae6mFHxBrTc+Mmm+u9DrxGhFpgT2zH7G:pIFkTxeI2D1MzbG

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/8247104278bf9d58f5d317a9a302e8883fc601f979795f7461f5b6ccdbc57283.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8247104278bf9d58f5d317a9a302e8883fc601f979795f7461f5b6ccdbc57283.exe

8247104278bf9d58f5d317a9a302e8883fc601f979795f7461f5b6ccdbc57283.exe.zip
.zip

Password: infected
8247104278bf9d58f5d317a9a302e8883fc601f979795f7461f5b6ccdbc57283.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE