220784eec45f892865b25e5457253853426fe0b3179bbef7bcf34d38cdb4a8eb[.]zip

General

Target

220784eec45f892865b25e5457253853426fe0b3179bbef7bcf34d38cdb4a8eb.zip
Size

2.5MB
MD5

5f0d11d088734144d7efc38ef31a5bad
SHA1

4778dc247cd2e09e49533b1481a51a7f30ba242d
SHA256

63aeb2e6379033c4f24073006b9de00254a85c683d32b43e831cdcbd6ee2709d
SHA512

f3d5b662ff9abf5a6d89ec350ef222927bd6a5afde64dff9659c111778d68c7f39c9af4fbf940417adad98c4c451e8ccc877eb306d3b5a106b3692a629cc09e3
SSDEEP

49152:LLMvHDmpI7M+f1yVY9ClcH6FzFy6V0S9K06f5iiyQDngXt:LsHDm0hfsVamEA/efzg9

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/220784eec45f892865b25e5457253853426fe0b3179bbef7bcf34d38cdb4a8eb	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/220784eec45f892865b25e5457253853426fe0b3179bbef7bcf34d38cdb4a8eb

220784eec45f892865b25e5457253853426fe0b3179bbef7bcf34d38cdb4a8eb.zip
.zip

Password: infected
220784eec45f892865b25e5457253853426fe0b3179bbef7bcf34d38cdb4a8eb
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE