364a91ab48201619b1f0c50fd7f29a81d2c8e189f9235bd9f45d87df5beff12b[.]exe[.]zip

General

Target

364a91ab48201619b1f0c50fd7f29a81d2c8e189f9235bd9f45d87df5beff12b.exe.zip
Size

3.5MB
MD5

0dd9e15bbb072c1f43866883815bcd65
SHA1

fe90560e91a681b2d15193fbe23e8861033f0e49
SHA256

08ae3602cadda6fd9510f4d7b4410b9d2903868b569eb3cda6628ebbbf01bed5
SHA512

49895579adde957b8d3b45ff80e9a4fda5285badf93a7ca02573f3841f8893262152935ee3c9d28e6fa14eb93be82bdc9f8d3f538f5562fd41b1a4e82fad614f
SSDEEP

98304:WO41duIaVe5/mYGgX49bAbpdw0hbK6v1H6RF:ZEaVe5UdubrdaRF

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/364a91ab48201619b1f0c50fd7f29a81d2c8e189f9235bd9f45d87df5beff12b.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/364a91ab48201619b1f0c50fd7f29a81d2c8e189f9235bd9f45d87df5beff12b.exe

364a91ab48201619b1f0c50fd7f29a81d2c8e189f9235bd9f45d87df5beff12b.exe.zip
.zip

Password: infected
364a91ab48201619b1f0c50fd7f29a81d2c8e189f9235bd9f45d87df5beff12b.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE