Pysilon-Logged-joeseph[.]zip | Triage

Sharing

General

Target

Pysilon-Logged-joeseph.zip
Size

1.7MB
MD5

72db5eccc56bebd92cacd4196dcb2fc7
SHA1

1b23fc2d2b13ff5da5aa659bfe8e565cf4d372e8
SHA256

d5376c5bf3e86781980d88f80aa7095a81da77044dec95140bf3b59351f30d7c
SHA512

8a14a2d4cc5ba32b93cad0c60ee307f55472ce62ceaddc0b0b76f135d4a9067dc6681f368a5d6a1884e45066fa691333a23c6bab823f62c3dcca51af6128302b
SSDEEP

49152:AWLEm6x/CkjJdOAFFqqhU6OrZ0IpfzUExvldYp:hIh/ljpFFqqo00zBAp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Luna-Logged-joeseph-SELFEXTRACT.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Luna-Logged-joeseph-SELFEXTRACT.exe

Files

Pysilon-Logged-joeseph.zip
.zip

Password: pysilon
Luna-Logged-joeseph-SELFEXTRACT.exe
.exe windows:6 windows x64 arch:x64

Password: pysilon

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1008KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ