af299c07b8eb773a6df31a95060ed3a01c6ba3783b8dae846491c41c282321a7[.]zip

General

Target

af299c07b8eb773a6df31a95060ed3a01c6ba3783b8dae846491c41c282321a7.zip
Size

2.5MB
MD5

81897e284b2345e814a3ca7f803b4dc8
SHA1

eb3edb88824dfdbaac1006649aaed8389ffd434c
SHA256

d85bd9d3ef9dc3ae58242426f5979377b504dab66de255252b507d09c951f1fe
SHA512

3e91b6d53c3945867889b78c18ce64c59efb3b1a7154cf9186ce40a94afa11b853d4226844c3f99242d19dd507aa12487aaadbfa33a4c7372b5f716766fc0afc
SSDEEP

49152:s5g6iTl5lxBAAeA3eoKPS2Z3Jn1N7vCRlBcaPt9iHuhLN/Z9vYiyE:sgtTl5aXvoKPfR1VeSuhLNx9giyE

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/af299c07b8eb773a6df31a95060ed3a01c6ba3783b8dae846491c41c282321a7	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/af299c07b8eb773a6df31a95060ed3a01c6ba3783b8dae846491c41c282321a7

af299c07b8eb773a6df31a95060ed3a01c6ba3783b8dae846491c41c282321a7.zip
.zip

Password: infected
af299c07b8eb773a6df31a95060ed3a01c6ba3783b8dae846491c41c282321a7
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE