da3217f8cf177345c9a7c2dd694f37d5d64bc8b3aa2f78561a738bc4d8877adb

General

Target

da3217f8cf177345c9a7c2dd694f37d5d64bc8b3aa2f78561a738bc4d8877adb
Size

84KB
MD5

bed148c03d89e8611a6b4cf03e508f80
SHA1

259767a1733cba3b05588408ceab5d36753a7d39
SHA256

da3217f8cf177345c9a7c2dd694f37d5d64bc8b3aa2f78561a738bc4d8877adb
SHA512

7fd49f1182fc9e2828cc20e64fe8d923720567a78a43bf592da28cf2ea13b4d57116cb51c8507d4c233286d5e07144ddf1fcd792dd559db7401b14a9e702d4af
SSDEEP

1536:CqtCCmU/4kuJfLUO7Yri35tAGg1vIc3PsYBq0huFUxOeKH:CqECZfA774DNt3UKrhuT

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/31c68009f7ecf347876b80ea5f1cf54c713a5cbe60386d8e08bf47803dfd763f	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/31c68009f7ecf347876b80ea5f1cf54c713a5cbe60386d8e08bf47803dfd763f

da3217f8cf177345c9a7c2dd694f37d5d64bc8b3aa2f78561a738bc4d8877adb
.zip

Password: infected
31c68009f7ecf347876b80ea5f1cf54c713a5cbe60386d8e08bf47803dfd763f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE