b123d0401e44a07fe8bab5f724746be888be93f81fb7304f075d35f2a20fd1f2

General

Target

b123d0401e44a07fe8bab5f724746be888be93f81fb7304f075d35f2a20fd1f2
Size

36KB
MD5

b49f2894aac0a2e57929d4be4c2d9b36
SHA1

9a30820b315ffa230c4af4e10cfef50afeb455b0
SHA256

b123d0401e44a07fe8bab5f724746be888be93f81fb7304f075d35f2a20fd1f2
SHA512

db547e737cc902e90fde6d142db8a6d6c6d2a5ceb123f36136306ce0586b31ad910ae3cc9b39f8901beab30b7f0171446f91462d4e4e4b65af09f1bc368e4eb2
SSDEEP

768:3LKE3sjCHdRSH8PCtq82P73TMSm1mHOXCCdZukRObSnaqteFDmU:bbaCHdRScPCty4SehXJ3YbvzxmU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/2547f2839e8bed94cb840e417e7d47670f1665ee6448b2ed98a63f5c47e85744	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2547f2839e8bed94cb840e417e7d47670f1665ee6448b2ed98a63f5c47e85744

b123d0401e44a07fe8bab5f724746be888be93f81fb7304f075d35f2a20fd1f2
.zip

Password: infected
2547f2839e8bed94cb840e417e7d47670f1665ee6448b2ed98a63f5c47e85744
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE