2913c27302fc77df5c3959bb7c500376b50215db01956e801a304ca2096b9eee[.]zip

General

Target

2913c27302fc77df5c3959bb7c500376b50215db01956e801a304ca2096b9eee.zip
Size

2.5MB
MD5

c78483884736c491f59872306c2f402a
SHA1

48a18197476f0a0611d2a0acf7cdb78f077daaa5
SHA256

d1443841a19fa2e75a5f02410ad51472495ce146e1ac7863888929d131eaa39b
SHA512

8251460c28b242b18b14badbbbebb95559be39a5319c13f396876bf80ad26ee8835b4f75f5c688ba0a127132fec9519d789b2b2264bf62257abef14d3965c11a
SSDEEP

49152:AQlE0lKHCdQUH1h2IkrHSu4cLgFC2yhQni5Z9gNSxsJ4PXlNvykoIO:22qoxuFyT8Ck5sCTyZT

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/2913c27302fc77df5c3959bb7c500376b50215db01956e801a304ca2096b9eee	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2913c27302fc77df5c3959bb7c500376b50215db01956e801a304ca2096b9eee

2913c27302fc77df5c3959bb7c500376b50215db01956e801a304ca2096b9eee.zip
.zip

Password: infected
2913c27302fc77df5c3959bb7c500376b50215db01956e801a304ca2096b9eee
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE