d13fc041e78d1305ca4706668dcb178a[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d13fc041e78d1305ca4706668dcb178a.zip
Size

32KB
MD5

26595b2219629b88753499f2713e9d08
SHA1

2edc0e7158950c7f2abbb8a24b864d892ec9059a
SHA256

c2d1f9796a7c10712c3718940007229626c6e3bde90c9857e3a7dcd4f9ff192d
SHA512

fee43fd5a9be888f1217ef95ff8c0671b8385f93b0da52c3b5b1dbd3ad89a7a8fbe84e2b86d73a525cadb21d28cb53b33517fbc2b8bb7c6d04d70cd72831db5b
SSDEEP

768:84OmBP2/UtrxWUDS2swqXA8qCPcLwDuU1v7mbD:GmBPHtrxWUbq0CULwDNJ7CD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/77a612ddcb623fbb92240d19e582ab24ff912142a490d4f5ff465b07f6b89615	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/77a612ddcb623fbb92240d19e582ab24ff912142a490d4f5ff465b07f6b89615

Files

d13fc041e78d1305ca4706668dcb178a.zip
.zip

Password: infected
77a612ddcb623fbb92240d19e582ab24ff912142a490d4f5ff465b07f6b89615
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE