$R12ZQY7[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

$R12ZQY7.exe
Size

2.8MB
MD5

aa483f8756a786abc0e48a9b598da8d8
SHA1

87c0d01e9395f646ebf6a9bd8d86979be111361b
SHA256

93febcab2d09f76f839d01a2e0856a81fcf76e62150484e5f8fa68db280178bc
SHA512

28027c2141d5eb9a8bb601f3e24ca3ca99876c58b3545808e03a5aa9283f206afa4f4c621a9d4e486e089360edcebcdac17d09bfcf50973b5c2543b0d00264d2
SSDEEP

49152:i5mI86Xz/zx0l88j+6cX2mx/KqnEYnJ65cEmbweCJzW2KeSIn8f:AmQ/zx01TQ/nEEA5h+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1754296508-2293926693-1529254123-54694/$R12ZQY7.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1754296508-2293926693-1529254123-54694/$R12ZQY7.exe

Files

$R12ZQY7.exe
.zip

Password: Sentinel1!
Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1754296508-2293926693-1529254123-54694/$R12ZQY7.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json