cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb[.]exe[.]zip

General

Target

cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe.zip
Size

426KB
MD5

ab53dd5f4a5d345df69de2044d6e4b15
SHA1

c1a710c26ec910b4cbe063b56c5ed2e6dc351dda
SHA256

9dc81cb4bb646441f55738256bb7f3ca059adcd43013d91bf11725d8e5932914
SHA512

188fe9e82163f2557157ab623cbaf5c849ef043c2ebc22fe35fdb679aa6f16042a3c21245b57c6af6ce4ec621b6c13b93f689efecf8ebe8826bcfe90c9b26162
SSDEEP

12288:bmQESjOtgKcAjqtRFc7wNpRifFATWWGZ3tD9IJZQ:aQE5m1UwNfifFTPZhyi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe

Files

cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe.zip
.zip

Password: infected
cf7cf5ca90529a2cedf59d92f97f6e603189d9c1fc8b8015d56a25d5ee3a30eb.exe
.exe windows:4 windows x86 arch:x86

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
GetVersionExA
LoadLibraryA
LoadLibraryExA
OpenProcess
WriteProcessMemory
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 441KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: - Virtual size: 660KB

UPX1 Size: 150KB - Virtual size: 152KB

.rsrc Size: 441KB - Virtual size: 444KB

.pe Size: 1024B - Virtual size: 4KB

UPX0 Size: - Virtual size: 2.1MB

UPX1 Size: 203KB - Virtual size: 204KB

.rsrc Size: 13KB - Virtual size: 16KB

pebundle Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 660KB

UPX1
Size: 150KB - Virtual size: 152KB

.rsrc
Size: 441KB - Virtual size: 444KB

.pe
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 203KB - Virtual size: 204KB

.rsrc
Size: 13KB - Virtual size: 16KB

pebundle
Size: 8KB - Virtual size: 8KB