darkcomet | 75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11

General

Target

75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11
Size

306KB
MD5

c4c06713168992797d747b4c6b505b6e
SHA1

7b19d443e75747fe948979a182927441cd0238ab
SHA256

75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11
SHA512

214afc720059dfba0fb3ce6faa5f259260d7101d8e420bbe67d35406a783ebff572f5a53d1350572bc22b9c9c003b7597ce73208b385e9b73cdd5846013ec18d
SSDEEP

6144:XYzKNVgAUnZyF6W7RoLpye2YTA02p3iEY+smQ9VBwPCBgr/OicbfnfnsN:IzKL7d7RmpypWX2pTsDV2cgr/ODfn0N

Score

10^/10

upx darkcomet

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe

75d5eaf98016384a99faa00060dfa82269ac19e54d60a1c08eebc254fc41ed11
.zip

Password: infected
8d9fe5e4e626557b2af4d169518fd65b588638ebeaa41a7752a236a27f8b7cd6.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE