836befb366859c673902a385822381f6eb3c3407f56a6d54cdf8e902fc684944[.]exe[.]zip

General

Target

836befb366859c673902a385822381f6eb3c3407f56a6d54cdf8e902fc684944.exe.zip
Size

3.4MB
MD5

2a73113b19ebc870bac411a141c8b5a1
SHA1

778623304d02bc077db6a087900c709cc031b519
SHA256

742f1b2f2bca776713209a1a235933134edb7a3246dd5d8147ff48067037e25f
SHA512

f572ac4122cfc50250b58f7ef58fccc535a99976cfb87ca325ffbc9169808954b9f307fcab0807edd3eae6c71b5b543b30de997825d63944e19fccff5dd489e3
SSDEEP

49152:a/gU7axkn5Eupzv1D0xe2hW9fNgOqRlCtnpETptGww2lOY226WUEU4roENESxzei:a/1Ea2ouW9MrCteSww2QY9gorVx68evW

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/836befb366859c673902a385822381f6eb3c3407f56a6d54cdf8e902fc684944.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/836befb366859c673902a385822381f6eb3c3407f56a6d54cdf8e902fc684944.exe

836befb366859c673902a385822381f6eb3c3407f56a6d54cdf8e902fc684944.exe.zip
.zip

Password: infected
836befb366859c673902a385822381f6eb3c3407f56a6d54cdf8e902fc684944.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 11.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE