0837f354646300440c2f8f52df8228e5b90a9c36561cff196c49d9b36754a72b[.]exe[.]zip

General

Target

0837f354646300440c2f8f52df8228e5b90a9c36561cff196c49d9b36754a72b.exe.zip
Size

474KB
MD5

f7a8bb75ac15d4cd949273c277da6bcf
SHA1

7e8e0971df7d7e110d5df1d0f5a5560dd12f346a
SHA256

23384aa794e70038d611c2c56e3afaede54a32359a4ff1e03255c5284a993511
SHA512

6311e91faff1477ed6dd17e71d99e52741f9fd0905d56c51805eb8e637ee170f3b79872ea1f8d8119b00dafc349a50ad9c28b76f45307f9f416d05b4e4e772d1
SSDEEP

12288:T4ThGBBspYG5yD4RLes9nQ+i0cqOZHcQay4s5zPNL:mGkpX5ysRLs+J+14CPl

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/0837f354646300440c2f8f52df8228e5b90a9c36561cff196c49d9b36754a72b.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0837f354646300440c2f8f52df8228e5b90a9c36561cff196c49d9b36754a72b.exe

0837f354646300440c2f8f52df8228e5b90a9c36561cff196c49d9b36754a72b.exe.zip
.zip

Password: infected
0837f354646300440c2f8f52df8228e5b90a9c36561cff196c49d9b36754a72b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 479KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE