f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a[.]exe[.]zip

General

Target

f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe.zip
Size

13.2MB
MD5

0b5f0fbbb0605f2fa24c1ea66dba4471
SHA1

0e58015522ecfdc696d15493b90c1bd75fa95903
SHA256

9a5d402620aa8a81edafab0f429c8bfc54eb6434647826e77abd65856e623bcc
SHA512

f87b956f517c0b28c39fa88778a8f0956470e359393c38e6c89734dd1b50dd90e091d5423945bd1fd6fbcc55261394b899accbbd41e3ab93c3d7daeb9635220e
SSDEEP

393216:/sOEGV95WKLsKrwc+45izVb2KrPLaEYai37Zj0w:293GABb2wPLsaiFj0w

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe

f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe.zip
.zip

Password: infected
f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 43.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 473KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE