056e8d271f6dc52b0072afd0481b70550d2249070ec95e1fa6c42aad50ef3a33[.]exe[.]zip

General

Target

056e8d271f6dc52b0072afd0481b70550d2249070ec95e1fa6c42aad50ef3a33.exe.zip
Size

38.2MB
MD5

eca40f8d0ffd9adfad12e8899ecf6609
SHA1

d588f4a06c2ae77784b436149eca0711ce0743e8
SHA256

89bc712d4c40d0d684066c9a76756f170f3293a141b0e8080e536cab501c5c34
SHA512

ad8a8d9e056f853945554d2214fe66160cb4532b2f5c5e8163cf7440762530e8938852c0936a25c14ced52188246eca564f543e28b27cde9c52becfe57c96ecf
SSDEEP

786432:IEaGX+4QJQndD4HLg7H+qlAtlJklHBU+1BmfE48N9bdVrAUFBnhHKj:GEsrqHUrklB9BmGXJHKj

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/056e8d271f6dc52b0072afd0481b70550d2249070ec95e1fa6c42aad50ef3a33.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/056e8d271f6dc52b0072afd0481b70550d2249070ec95e1fa6c42aad50ef3a33.exe

056e8d271f6dc52b0072afd0481b70550d2249070ec95e1fa6c42aad50ef3a33.exe.zip
.zip

Password: infected
056e8d271f6dc52b0072afd0481b70550d2249070ec95e1fa6c42aad50ef3a33.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE