41c64389813ded5f3fc47734bf34520c5fd62bd919ff0e51975ca45a33b91608

General

Target

41c64389813ded5f3fc47734bf34520c5fd62bd919ff0e51975ca45a33b91608
Size

37KB
MD5

447e0d931d6b72411c71f908fc884708
SHA1

72226426c5c050a8688bde1041c23a1a7d179eee
SHA256

41c64389813ded5f3fc47734bf34520c5fd62bd919ff0e51975ca45a33b91608
SHA512

44417d9f93c7bdab6117e2d0bc3d9e5fc316cecf50cc7d69da36e6e5cf4b11b8b88cfe468c72dc4c73b17e2f7de56f4635f1d4a27943defd6c697980a80cb1bb
SSDEEP

768:0yUFx5xbLEAZkwx1ZAKRhVRhBvtpdlXqSlsrOBBTUey8fMMSN9krnh4PEy:KxwwkwLWmRjvPdlXqNrOBFVy80MSN9kE

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/b95ee828e1b1982dcd8630d8a6ab48363af08bf48ee59064155bf6b66bae865a	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b95ee828e1b1982dcd8630d8a6ab48363af08bf48ee59064155bf6b66bae865a

41c64389813ded5f3fc47734bf34520c5fd62bd919ff0e51975ca45a33b91608
.zip

Password: infected
b95ee828e1b1982dcd8630d8a6ab48363af08bf48ee59064155bf6b66bae865a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE