927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547[.]exe[.]zip

General

Target

927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe.zip
Size

457KB
MD5

2e1463b35b11bca2f4f1319291bada70
SHA1

e36d656ffc8170ba3031f60e0b033a03aaebba33
SHA256

87d6719f91bdb4e252f5bf88f4ac2578f23087fa0cbc1568cddceff078a25a59
SHA512

dff33d3c8761a56b60221482ccdcf2dbe4dc5522065ed9ad26381cb08564e63f7ab5d7e8dafdb090bfe1596f3ff9235c7f6e5c89373a94e5cec24527c975d807
SSDEEP

12288:LOMuXnMNyOp8yRUGWkmn6pA559WZhTTNGb13YS:LvuX+7UxP6pA9WZ5T2

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe
unpack002/out.upx

927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe.zip
.zip

Password: infected
927ba89874f32f0695e667072564e792fcc6538d85f31f7c9e879d87ae6b4547.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 460KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ