1f937881c5d664185e8c3a577ef984483d6b9f347ce16827202ca4c400af3ce6[.]exe[.]zip

General

Target

1f937881c5d664185e8c3a577ef984483d6b9f347ce16827202ca4c400af3ce6.exe.zip
Size

14.8MB
MD5

81512fdb608d42c0da71c82cbf489a84
SHA1

6e38dc75aa3377f6eae60fae98e36c210dbccd34
SHA256

dcaf3881137a14b93dc3b9babeb3378c67dd92e6e062b22c5b848ade55a52f6b
SHA512

1d99ab342e085782407459e0069341695c848a7dd5a0d5a8ac46622a6f302befb879a6554f384cdf6dc378de286bb123dcbc8e113b0f9dc735e5cee9fe05d716
SSDEEP

393216:ISwsf8bIGxILE44NddMiH5q39Jl97ub3j4TqpphKu3pdM:IBsivIYbMGwjZuYTMhKuA

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/1f937881c5d664185e8c3a577ef984483d6b9f347ce16827202ca4c400af3ce6.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1f937881c5d664185e8c3a577ef984483d6b9f347ce16827202ca4c400af3ce6.exe

1f937881c5d664185e8c3a577ef984483d6b9f347ce16827202ca4c400af3ce6.exe.zip
.zip

Password: infected
1f937881c5d664185e8c3a577ef984483d6b9f347ce16827202ca4c400af3ce6.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 571KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE