bb457864642f8b5911d6daf52767156e3a25768fd783c0097e1aa253ea149cda[.]exe[.]zip

General

Target

bb457864642f8b5911d6daf52767156e3a25768fd783c0097e1aa253ea149cda.exe.zip
Size

3.8MB
MD5

425e11846ae1c1169a0f9ea37366ea13
SHA1

9d04e5181e0988893d49f9fb0dabf2ce08fa1621
SHA256

44944064d6cb716e479393b8080c784462a50d89211d844748122bc38ef3dc70
SHA512

8b5d74e09078529b2c7dda305fb4631b1ff295685ca0843d3739416201ed4065c38a32f7ef1f6aeaa4752ff35533cafb3af4fc1e6b1daaa6c93e576cb457036e
SSDEEP

98304:UufcwNFxD6BHDW01793qHC4FCiWP3UCfKZxerTwIeNcNxENQCtc:Uufn7MNDW01p3qi4FVWPvprZxIc

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/bb457864642f8b5911d6daf52767156e3a25768fd783c0097e1aa253ea149cda.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bb457864642f8b5911d6daf52767156e3a25768fd783c0097e1aa253ea149cda.exe

bb457864642f8b5911d6daf52767156e3a25768fd783c0097e1aa253ea149cda.exe.zip
.zip

Password: infected
bb457864642f8b5911d6daf52767156e3a25768fd783c0097e1aa253ea149cda.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 10.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 590KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE