4695b046e4092048604c50e61e4abd4dd44543e93a9e627a49e26018c536e269[.]zip

General

Target

4695b046e4092048604c50e61e4abd4dd44543e93a9e627a49e26018c536e269.zip
Size

2.5MB
MD5

a8c88d020d2ea5a8a2094e6599b2419b
SHA1

ac40e5b536c3d97f1fb004dd33b305b93ee46f4e
SHA256

7a7ff759f31f8d8bb9e0be08d9aeb8a19edd1b10426bfb7baea56eb63b2d8f23
SHA512

d2b5df071dab7dd4cc821dc6200d73fb7c3fc4b7fecb56b8a6b88a10ccb23acc3b117194da0c9932ab055ccebf47ef0f377b713041cf4ef55cb421c19c2a8c56
SSDEEP

49152:In+Nodpo3YBgOlm54cDEXV70+oArtnfPxlIKPP2kJclrpm4ZakSDGg5UE101:C+Gpo3smJ8Vw+oArtnHxu4PhQmLkel1E

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/4695b046e4092048604c50e61e4abd4dd44543e93a9e627a49e26018c536e269	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4695b046e4092048604c50e61e4abd4dd44543e93a9e627a49e26018c536e269

4695b046e4092048604c50e61e4abd4dd44543e93a9e627a49e26018c536e269.zip
.zip

Password: infected
4695b046e4092048604c50e61e4abd4dd44543e93a9e627a49e26018c536e269
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE