1f97ec22546565f940a207a72c8e8b61c6b781b74ff5ef65bd5f930123ec2295[.]exe[.]zip

General

Target

1f97ec22546565f940a207a72c8e8b61c6b781b74ff5ef65bd5f930123ec2295.exe.zip
Size

3.5MB
MD5

230a588afff2d9aae4afad7d5c984d62
SHA1

7dec9a2bf84a6e92db6567510e251b8d68483bb7
SHA256

39c33b7e57ee1c3ff6a57240285b0ef586d70dc2f63a82a65dc42797bba04441
SHA512

f3f3901513cab8e57d72f9a3ed2af9903488cc82d839fae564df9c52d3878d2b648d89be725ffb776cf12c9a3d075e4d63560d8b8eaaba80826a6b4b2d3a7145
SSDEEP

98304:SxdWH/4upxnCGFLyyXcLQRErkpBoCcCZwjRTag:6WtrCAnXjRTBo/1VWg

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/1f97ec22546565f940a207a72c8e8b61c6b781b74ff5ef65bd5f930123ec2295.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1f97ec22546565f940a207a72c8e8b61c6b781b74ff5ef65bd5f930123ec2295.exe

1f97ec22546565f940a207a72c8e8b61c6b781b74ff5ef65bd5f930123ec2295.exe.zip
.zip

Password: infected
1f97ec22546565f940a207a72c8e8b61c6b781b74ff5ef65bd5f930123ec2295.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE