fd11667a5e5807e833c9759a3ba1757e9e3b3281c25b20b7caf9300dea043b95[.]exe[.]zip

General

Target

fd11667a5e5807e833c9759a3ba1757e9e3b3281c25b20b7caf9300dea043b95.exe.zip
Size

1.6MB
MD5

f3670094fee0e21f0ecdea90707a5927
SHA1

94c14de2e6210ed503adba7a0881a3122257d307
SHA256

7771de9625499f78c2b70a223417848be58913e1e05a2b2909efa4055dbee94b
SHA512

e59c8343982eb1b14fe789208fed756bf593a76147bf9ddbab1dd911ce27a15f00b6483b3e8e0a662b3ec35ad7a51d138b96011fef04bd19da1de95b43c59d9b
SSDEEP

49152:1SEunhGocFAEHFGc5ukltil9j77O9kOSb/:AEunPaAEvXne9j77O95Sb/

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/fd11667a5e5807e833c9759a3ba1757e9e3b3281c25b20b7caf9300dea043b95.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fd11667a5e5807e833c9759a3ba1757e9e3b3281c25b20b7caf9300dea043b95.exe

fd11667a5e5807e833c9759a3ba1757e9e3b3281c25b20b7caf9300dea043b95.exe.zip
.zip

Password: infected
fd11667a5e5807e833c9759a3ba1757e9e3b3281c25b20b7caf9300dea043b95.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 486KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE