ca599b71c7b20e11ace49a0b9b22e0372fbaf318604d414d4239dc5c8661bd96[.]exe[.]zip

General

Target

ca599b71c7b20e11ace49a0b9b22e0372fbaf318604d414d4239dc5c8661bd96.exe.zip
Size

9.8MB
MD5

c5ba70aeef23bce3c22c822fe0589ad1
SHA1

98f7bcda5a96cce3d4d76493812a54bf7fb1c53c
SHA256

19c643fdd89ae3fb1d8c5188001f6ae9067b61c2f02d5e984db3bc5153807059
SHA512

3babfb2442a52c172c8f37fb74511c96a4c1a30e2c4f8b580f332c05e57a5431fc6eec238cc165260fd70bc0b7c2e488b60bfd3ca0cfd3d2b0480d9e3a20b0a0
SSDEEP

196608:YQIH5nbpHPPas5bKou9FShN2Kvfk0XRvEPTtROMDw46VAeA0OP7RSGWtIcmW7++X:sVbNP3QtShIKvNGHOMEnAZsGWtIcmW7T

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ca599b71c7b20e11ace49a0b9b22e0372fbaf318604d414d4239dc5c8661bd96.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca599b71c7b20e11ace49a0b9b22e0372fbaf318604d414d4239dc5c8661bd96.exe

ca599b71c7b20e11ace49a0b9b22e0372fbaf318604d414d4239dc5c8661bd96.exe.zip
.zip

Password: infected
ca599b71c7b20e11ace49a0b9b22e0372fbaf318604d414d4239dc5c8661bd96.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 35.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE