926a01696875d72ecaab7ff449d7ede5[.]zip

General

Target

926a01696875d72ecaab7ff449d7ede5.zip
Size

159KB
MD5

61204608bd13398bd769208e6e07675a
SHA1

ef94b7bacd11664b137798e63a1374cf863c4b6e
SHA256

36cae8a8dee66f72ec06e9d8934605c51818fd06c766b4a79924a4e910cb0e8a
SHA512

17313b330cb8725aad9f4865e3b0f800ab643e2f71e195a0fed81cbb68603307be0b4dafa728cedf0a5dc686b03dbf6dbfd36391229af7e1d8ceface272326b6
SSDEEP

3072:cDjaon8CQn/naqWll552oNZWczOdw8EQwz1O4DZWzRfwORhyVs97j3:s7naHWlJZWchQwz1i8sN7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5

Files

926a01696875d72ecaab7ff449d7ede5.zip
.zip

Password: infected
6fd4d90b3e9eda56e3f77f416311afc23737292d3fd249af70797e4e624a6fb5
.exe windows:4 windows x86 arch:x86

Password: infected

9973fdd4b86d866b3faa39fa66cf7e0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteFile
ReadFile
GetWindowsDirectoryA
GetLastError
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateMutexA
CreateFileA
CopyFileA
CloseHandle
GetCurrentThreadId
GetLastError
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
GetCommandLineA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

user32

CharNextA

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9973fdd4b86d866b3faa39fa66cf7e0a

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

UPX0 Size: 40KB - Virtual size: 40KB

UPX1 Size: 12KB - Virtual size: 12KB

.rsrc Size: 72KB - Virtual size: 72KB

UPX0
Size: 40KB - Virtual size: 40KB

UPX1
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 72KB - Virtual size: 72KB