3a1c8dae1b144004253020eddacab84c9914dd30e9f95cbbe96223dd697c7334[.]exe[.]zip

General

Target

3a1c8dae1b144004253020eddacab84c9914dd30e9f95cbbe96223dd697c7334.exe.zip
Size

3.5MB
MD5

ac370651f68c8cf11482c5b21f3d8e3f
SHA1

6750d333eedc3e3b48426164eaee5bedc55f2c95
SHA256

0d55d77f78b8ef3cd934696426d173e429cbafbb391591b37f9b10cd294b1fa9
SHA512

e6a1dd7e38ad8681c1305616d695afdc1fe5504cd9847ea79d6e976d1924e44e272d4359f3e9290e366de9e3eaab9df34b9e671f0be400b5c2a24c0c0d36add9
SSDEEP

98304:A6sa0nKGqwV9NtjQeZqJ+NhyaI2DO2a914+:AfHKRG3Z3/lO2ao+

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/3a1c8dae1b144004253020eddacab84c9914dd30e9f95cbbe96223dd697c7334.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3a1c8dae1b144004253020eddacab84c9914dd30e9f95cbbe96223dd697c7334.exe

3a1c8dae1b144004253020eddacab84c9914dd30e9f95cbbe96223dd697c7334.exe.zip
.zip

Password: infected
3a1c8dae1b144004253020eddacab84c9914dd30e9f95cbbe96223dd697c7334.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE