f5b9a86340383292ce6e5f25a328b5add0203d70110449e4b9aef82e6fab3049[.]exe[.]zip

General

Target

f5b9a86340383292ce6e5f25a328b5add0203d70110449e4b9aef82e6fab3049.exe.zip
Size

3.4MB
MD5

9eb035c81e3eb5d22bfb0ef477a7f9bb
SHA1

a92c984ed99255bbb4c0cba3eef707d9eb05260f
SHA256

e276992b6ec1cbb07504ebee62d2ed97112ec6eb2cbf6dc8fb810b94b0ce5941
SHA512

acf05ac1a2f2f3feb61ce69a05c98054be4592958105b8a63dfd9d7a869264e880a313c4d7378c746b9fc9349a13d05cf3d64c2b2d8681be004496658bc08fe6
SSDEEP

49152:kirUWI5iqsEAkjewEJQSUx+Pl4Qe2mKu1eIU2r8orVQvq+wBBs/72eI3MFyJCccr:kirZI5MvijE9BmKIU2Im0Xiz3MFYCmYx

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/f5b9a86340383292ce6e5f25a328b5add0203d70110449e4b9aef82e6fab3049.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f5b9a86340383292ce6e5f25a328b5add0203d70110449e4b9aef82e6fab3049.exe

f5b9a86340383292ce6e5f25a328b5add0203d70110449e4b9aef82e6fab3049.exe.zip
.zip

Password: infected
f5b9a86340383292ce6e5f25a328b5add0203d70110449e4b9aef82e6fab3049.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE