6e5f3ad380e4f9e3e391f7a4ca7987c56e5f3744b7829859b5c5732a53bff69a[.]exe[.]zip

General

Target

6e5f3ad380e4f9e3e391f7a4ca7987c56e5f3744b7829859b5c5732a53bff69a.exe.zip
Size

14.4MB
MD5

7c85324a7ff95174d9f4880f63d974f8
SHA1

cbe3539e9205d7f64a23b81be08e36188ed3bc28
SHA256

45fb40ad2b0e19128d58eb22508ed5e29bc3f06feaadc628266287b3e5c23b63
SHA512

adcf6343c95870423d0bc34ff2e7a8c2b4238cea77af6bacbbec1580075700e3077412014f368e376a8a56254e9ec5559225b7dbc6120817b8512a9f30709bc1
SSDEEP

393216:V38Dagu8KRnxtaUprZFtd+cMUf/vt1bvY:VAagHKHHFtd+crfPw

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/6e5f3ad380e4f9e3e391f7a4ca7987c56e5f3744b7829859b5c5732a53bff69a.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6e5f3ad380e4f9e3e391f7a4ca7987c56e5f3744b7829859b5c5732a53bff69a.exe

6e5f3ad380e4f9e3e391f7a4ca7987c56e5f3744b7829859b5c5732a53bff69a.exe.zip
.zip

Password: infected
6e5f3ad380e4f9e3e391f7a4ca7987c56e5f3744b7829859b5c5732a53bff69a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE