8c714078ee865ca935276ca6eef77c93e421213f75a6a3e91e84fe07b64a3980[.]exe[.]zip

General

Target

8c714078ee865ca935276ca6eef77c93e421213f75a6a3e91e84fe07b64a3980.exe.zip
Size

470KB
MD5

5ab5dbe73680a3d5d9961304bc846116
SHA1

d03ca0be18b3524fa6030ae7624e80e4fe757e0b
SHA256

a5aebc4ae8e994733a537b8488c426c217c1e24792246087998f0e8a6ed1cb65
SHA512

4eaaf66af2e8d7d0f3c23a683bb519dc683b3ced2c2b6660075dceb304ce296feb739b944f00115b42d3664ef7b092d8d2a80d2da201ee098d3684c03863a832
SSDEEP

12288:AcPASj77Jo6mtRr2jSlZMZnAND9UtO3kyPPp6:AcPJF0BaSMZnAhky3p6

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/8c714078ee865ca935276ca6eef77c93e421213f75a6a3e91e84fe07b64a3980.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8c714078ee865ca935276ca6eef77c93e421213f75a6a3e91e84fe07b64a3980.exe

8c714078ee865ca935276ca6eef77c93e421213f75a6a3e91e84fe07b64a3980.exe.zip
.zip

Password: infected
8c714078ee865ca935276ca6eef77c93e421213f75a6a3e91e84fe07b64a3980.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 916KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 473KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE