83257aad33f063cbf4018bbe41b441e4[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83257aad33f063cbf4018bbe41b441e4.zip
Size

75KB
MD5

a3f3cf1f0725e010f36e5fd6a737fda9
SHA1

5e30451a0cca7e2d86537196b92e869b9bc8c7bc
SHA256

258453afcf19b03d1b8eacd8efa9c7d60adc8f1f10dbaf2ba7dd75e0fc405980
SHA512

30512a3ad2e5986542ebc49a3b90adc07c0087a910e7bcf00cd20bec08d74555ac2739966510e92bfe99adaed230dc74d730306ed62a3c0e7e6731a5036bb3a9
SSDEEP

1536:8JxX0H9lH5+2uVEXK1q7/Y7UJx7U5fNo5VXOSR5Al5g/N7J1CGmtoUZZjYHFR2pu:4xX47Z+2HXK11ilU5f+5VewAHg/N7JEE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/1bcec65210135da8197b3e7ca308515e18189c6028f181974a15680b739bac99	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1bcec65210135da8197b3e7ca308515e18189c6028f181974a15680b739bac99
unpack002/out.upx

Files

83257aad33f063cbf4018bbe41b441e4.zip
.zip

Password: infected
1bcec65210135da8197b3e7ca308515e18189c6028f181974a15680b739bac99
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE