AddUser[.]jpg[.]exe | Triage

Sharing

General

Target

AddUser.jpg.exe
Size

28KB
MD5

6de60f5af53f049966436ab1fd4598c4
SHA1

bd3dc985b0b6765ce434f727fcd06e72a7f3faa8
SHA256

0df842a4cb16d7dacbf61b9d3c47af56dcbed36164648b41dd194cc99a09a406
SHA512

5f38d56197a91ee8565bd22e55c7894e724c3dab24f3e6a5ec1d94d7e7c8c4343db79e024011065b84cb9920b302ce4d2053100687618cfb3bb564673a0733b8
SSDEEP

768:Ht032Y7VSNPWQ1TqN5fX1bwKwehGv4z/z9MfR8v:NCy+uqNF9wq4Y6C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/mnt/files/afranz/.filerun.trash/8.802/Virus_Folder/AddUser.jpg.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mnt/files/afranz/.filerun.trash/8.802/Virus_Folder/AddUser.jpg.exe

Files

AddUser.jpg.exe
.zip

Password: Infected$12345
manifest.json
mnt/files/afranz/.filerun.trash/8.802/Virus_Folder/AddUser.jpg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE