1215466841a7ddd4b6a6690e5386a0a1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1215466841a7ddd4b6a6690e5386a0a1.zip
Size

29KB
MD5

6b144df588d91067c1c700723a5b8c48
SHA1

0ee3787fd87ff8d91585285cb58b1bdc2e9d75f3
SHA256

e8ccb45fad85b84ca1395e5f3f321ed786e1aac9e405f8f5bdc2d50a0154dc53
SHA512

1952763bf2b4c9d7055cd59929520d84e3c4ec7b203a228c5a82098d1d9d2bf5ca07868c4f55ca5377ba32d25e638fb237c6e5b62b91be366ca8eb3b0d112a25
SSDEEP

768:vw+OmZnRVHs6N1Orix2WQ5053SlloE6WZKlj/lD2gordbr6LL:vJO6VHsUZx2K0C6KlZsrdb+X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/9ab21b3b90a745ed3353a4d36c9a672433a2766d83aebcfbc91344ae184f2123	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9ab21b3b90a745ed3353a4d36c9a672433a2766d83aebcfbc91344ae184f2123
unpack002/out.upx

Files

1215466841a7ddd4b6a6690e5386a0a1.zip
.zip

Password: infected
9ab21b3b90a745ed3353a4d36c9a672433a2766d83aebcfbc91344ae184f2123
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ