1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.zip
Size

51KB
MD5

dafeef17eaf04723dbebf881b5abcfc2
SHA1

4e4e805744c09ccb236d920aa587c3b289116a40
SHA256

7d6a69da11b5f0d83a56ccd1cde75aeb5d1781a5efd12fd3771e25f51ea18eb1
SHA512

dbbffce67630c14cf57bf01be61ab71a4453b1c47fed8a9eae7735da02ca1e03f38236b1ee5f8c7464537f88085c6e3ef3a880f41b563b75eaac6b5f800ba66a
SSDEEP

1536:xQIgj/5J1XQFqxGXI0wdgVMMKLp86fdDEq6Z9kBpuQRs:xlq/LNFxNn2VMMKq/q6Z9kBcQRs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/224a072540f341799e046930d43a4c1ed22c67baecc66dfa16b448aa525b869b	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/224a072540f341799e046930d43a4c1ed22c67baecc66dfa16b448aa525b869b

Files

1.zip
.zip

Password: infected
224a072540f341799e046930d43a4c1ed22c67baecc66dfa16b448aa525b869b
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE