658e58c252cc58c91686ee418a0c428a9bed41c7821d15edd8d4a0e91f394020

General

Target

658e58c252cc58c91686ee418a0c428a9bed41c7821d15edd8d4a0e91f394020
Size

2.0MB
MD5

82ccb473134049ce15495d7bdd6d2ca7
SHA1

b132cc1fa05c100c3cb24ab959dfd725531d2ba1
SHA256

658e58c252cc58c91686ee418a0c428a9bed41c7821d15edd8d4a0e91f394020
SHA512

8f4156b531546590e51e65ecee2c25de628b7f8870a7b76d29a55da6cdb0d4579476800ed117116762f377753d26eb1384746055755ca138109e6dd21410c984
SSDEEP

49152:sskcQnw7FA8a1Bs/jSToHqmfSCAx/zbkQZxGs/wwmCDx:Fgnw7aZwjMWqmfSCyzntwux

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/e2a8d6ca8bcb6864b11602c4050cc671cc830dfcceb8e863a1a84be95443c173	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e2a8d6ca8bcb6864b11602c4050cc671cc830dfcceb8e863a1a84be95443c173

658e58c252cc58c91686ee418a0c428a9bed41c7821d15edd8d4a0e91f394020
.zip

Password: infected
e2a8d6ca8bcb6864b11602c4050cc671cc830dfcceb8e863a1a84be95443c173
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE