156d9f29ceff861bc8e153fdcf80eae3052e9a8e4bf61040e165480e73de39a2[.]exe[.]zip

General

Target

156d9f29ceff861bc8e153fdcf80eae3052e9a8e4bf61040e165480e73de39a2.exe.zip
Size

59.1MB
MD5

c43dd2ab41d30954205e80c61eae807d
SHA1

3cc9c5cf23d20a24068ffb655f847c5a8a846940
SHA256

260e6907303a59f7453652d37e49487b107ff7585219d32dea03274a1f15f827
SHA512

089d66d386b4bef8aeea7130aa722b481fb711cee2a81ade2d39e6d361914c2a83b2ed3111df63b6cce3fd4236179f32786520094f68a570db97b6313c860f3b
SSDEEP

1572864:4q8258ddQgCGChmxyFhRU0e+7XtcKu6SAMvJQy:+64ZxyTRUV+7XtcB6VEQy

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/156d9f29ceff861bc8e153fdcf80eae3052e9a8e4bf61040e165480e73de39a2.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/156d9f29ceff861bc8e153fdcf80eae3052e9a8e4bf61040e165480e73de39a2.exe

156d9f29ceff861bc8e153fdcf80eae3052e9a8e4bf61040e165480e73de39a2.exe.zip
.zip

Password: infected
156d9f29ceff861bc8e153fdcf80eae3052e9a8e4bf61040e165480e73de39a2.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 187.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61.2MB - Virtual size: 61.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864KB - Virtual size: 868KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE