d9a2f5b1cb2675ded7dfd8d2925b1036832e817c57985aaa37f31bc23b3ba222[.]exe[.]zip

General

Target

d9a2f5b1cb2675ded7dfd8d2925b1036832e817c57985aaa37f31bc23b3ba222.exe.zip
Size

2.0MB
MD5

c2dd765ea46b8b1992a7db3b401c6b09
SHA1

25990c8666e474f8322b8d7bb15e1d64ec45fe7e
SHA256

56dc00d7ddb2cb6d485dc71fed32c483e036841c357877cb54814419573d3bb8
SHA512

160b98af6ed749f9bdf947a7e875039b04c3615db912fd8e895bdda225fb5ff899cda9b3cbaa59f3f84366c7a8c5d5c36820621cdbea455d3107a1468684b2a5
SSDEEP

49152:nY5wb2ew/7E4KygmWhFFVWhzDR0q7mju3WnAEFjwOLOii:Ux/woWF7Uv7mju3EFj5zi

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/d9a2f5b1cb2675ded7dfd8d2925b1036832e817c57985aaa37f31bc23b3ba222.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d9a2f5b1cb2675ded7dfd8d2925b1036832e817c57985aaa37f31bc23b3ba222.exe

d9a2f5b1cb2675ded7dfd8d2925b1036832e817c57985aaa37f31bc23b3ba222.exe.zip
.zip

Password: infected
d9a2f5b1cb2675ded7dfd8d2925b1036832e817c57985aaa37f31bc23b3ba222.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE