1cf9b2aa732bd0c65a83c55d96ba98c4ed462b93720d7fd8c0bcc53683bfcffb[.]exe[.]zip

General

Target

1cf9b2aa732bd0c65a83c55d96ba98c4ed462b93720d7fd8c0bcc53683bfcffb.exe.zip
Size

17.3MB
MD5

8bb8c01bf717ee4f9e601935f3d28586
SHA1

f7261549cb23824ece1e7f678e5da36265cd56be
SHA256

021015b52213e536c8f13e16963675d1382e28a73f7121070de98c9bfbbb734c
SHA512

ba92218c4dbea6aa7bf09a9e836de93e74c7b3a616ae7f53603523853bc672af547f0688f0a8f8f47137f27beca1e8af2291c858a5642905118eca523a5b8c97
SSDEEP

393216:6+HFK3oq2ajo9P9W2ftVCftSKaiOHj83n4218Vx9uTDp:6IEjoJ9W210VIHw4rVx9uZ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/1cf9b2aa732bd0c65a83c55d96ba98c4ed462b93720d7fd8c0bcc53683bfcffb.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1cf9b2aa732bd0c65a83c55d96ba98c4ed462b93720d7fd8c0bcc53683bfcffb.exe

1cf9b2aa732bd0c65a83c55d96ba98c4ed462b93720d7fd8c0bcc53683bfcffb.exe.zip
.zip

Password: infected
1cf9b2aa732bd0c65a83c55d96ba98c4ed462b93720d7fd8c0bcc53683bfcffb.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 30.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE