99d42bfe7315db13ea21fc9635fc34c64dfc0f5ed8a2883eba252ec1448924cf[.]exe[.]zip

General

Target

99d42bfe7315db13ea21fc9635fc34c64dfc0f5ed8a2883eba252ec1448924cf.exe.zip
Size

1.5MB
MD5

ef70329e5cc35438472fb8a61cf0fa50
SHA1

dacfe4e09142e77678c9ea453103d7453c4a628d
SHA256

fb5676e5cc462889cc9a49c193902442e20e0c2398d223e3cd714fb0916345fc
SHA512

49f4fd78bb03ce8a716c04f185bdfddbc3ace9bc8711ce9e34a35f57d65a4ad5a38d43c940c505a1c616414f360f3d155e21b6c64c4936fd498d8e830f31bdcf
SSDEEP

49152:KQmK8y6hkcSsFY/FevBEQjudHNdGuz9hQV:KQmLyfsFYdsEQoHByV

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/99d42bfe7315db13ea21fc9635fc34c64dfc0f5ed8a2883eba252ec1448924cf.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/99d42bfe7315db13ea21fc9635fc34c64dfc0f5ed8a2883eba252ec1448924cf.exe

99d42bfe7315db13ea21fc9635fc34c64dfc0f5ed8a2883eba252ec1448924cf.exe.zip
.zip

Password: infected
99d42bfe7315db13ea21fc9635fc34c64dfc0f5ed8a2883eba252ec1448924cf.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.opcandy
Size: 293KB - Virtual size: 296KB

IMAGE_SCN_MEM_DISCARDABLE