feda13518c737dd085f41f4d97e862c7ffbf999fd7d53e56d6165f988c3c3afb[.]exe[.]zip

General

Target

feda13518c737dd085f41f4d97e862c7ffbf999fd7d53e56d6165f988c3c3afb.exe.zip
Size

12.6MB
MD5

425f0d175287f4668b0b5d7f63addae7
SHA1

c39ad4a5bc36b6d724da1761cefc232beb6f550a
SHA256

2281596331cb4c143bf2776f79c7a32ececca58b7ce160aa8539c3cd4e829541
SHA512

1f758843aadfd3bc528b7a3f081d0d0aa771c051cbb45b6de16c114f68d217bfdaa25eef34c748641cd8ecbfbfebc003e81fd9d0d33fb67062dbe5d4e5c006d0
SSDEEP

393216:VtYs44opBDC+5tSOacnjTAX/Sq3Yv/L8hlii:bYXBDpE7ejTAX/gvjE9

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/feda13518c737dd085f41f4d97e862c7ffbf999fd7d53e56d6165f988c3c3afb.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/feda13518c737dd085f41f4d97e862c7ffbf999fd7d53e56d6165f988c3c3afb.exe

feda13518c737dd085f41f4d97e862c7ffbf999fd7d53e56d6165f988c3c3afb.exe.zip
.zip

Password: infected
feda13518c737dd085f41f4d97e862c7ffbf999fd7d53e56d6165f988c3c3afb.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE