f4024572363f4a897a49e97a3868a8f24b8373529c9798b461a6c8a0dcc9e02d[.]exe[.]zip

General

Target

f4024572363f4a897a49e97a3868a8f24b8373529c9798b461a6c8a0dcc9e02d.exe.zip
Size

154KB
MD5

4b9a90b5da32daa4f98d3f4ed3f62468
SHA1

6d2630e4ce2c764dca9ceafde707193a4279e6cf
SHA256

9ae3fc37c6c6b86defbd895f4cdeba25f3b884bedc73a175aa32988be0e2acb5
SHA512

a2e2a970a92e8086fbaa65053ab04c4ea9f835268a8600d75849b4c6289a357f5ef1a36778bbe7ca697d8ec692154a3d415bd3958679d7eb9a09227252eae462
SSDEEP

3072:iD0MoInz6w6pcHZU/dvJXzcPvmBSGwQ96jf/8kYiuXvfZXkbAXFhkY+E0D9C:iD0Mnz6u5WG9jnY7/p0smYpp

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/f4024572363f4a897a49e97a3868a8f24b8373529c9798b461a6c8a0dcc9e02d.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f4024572363f4a897a49e97a3868a8f24b8373529c9798b461a6c8a0dcc9e02d.exe

f4024572363f4a897a49e97a3868a8f24b8373529c9798b461a6c8a0dcc9e02d.exe.zip
.zip

Password: infected
f4024572363f4a897a49e97a3868a8f24b8373529c9798b461a6c8a0dcc9e02d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE