aa163c1b2bcfffc820ca82ecffa315cc63ad05648ccc81b7135f36be1d052f7a[.]exe[.]zip

General

Target

aa163c1b2bcfffc820ca82ecffa315cc63ad05648ccc81b7135f36be1d052f7a.exe.zip
Size

3.5MB
MD5

ca438de90c22e72f340eefa6aacd7ee0
SHA1

74ed576e2071b10d38874e3d340b6d60185c0480
SHA256

72130b064c5374165db07604f2d29103e7251e6f5e957f4e73c13eb766bfbb75
SHA512

234d98035e5e2b6d90007b18c3fa9fbe7db2c9f027c79509915c24b01f2784369aa852c6c0dd938254b3cbb2de4b13d7f7d31aeb72aedb56762519b4509e0ff4
SSDEEP

98304:K/+phgeZaNuJaJ2PZAGmHvKZ8TklF2bDEci+:g+6clAGmHvg2kCDEc9

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/aa163c1b2bcfffc820ca82ecffa315cc63ad05648ccc81b7135f36be1d052f7a.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aa163c1b2bcfffc820ca82ecffa315cc63ad05648ccc81b7135f36be1d052f7a.exe

aa163c1b2bcfffc820ca82ecffa315cc63ad05648ccc81b7135f36be1d052f7a.exe.zip
.zip

Password: infected
aa163c1b2bcfffc820ca82ecffa315cc63ad05648ccc81b7135f36be1d052f7a.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE