c880fe0d73ac5212fd14030136f6b9b55fa49c83cc4d06f36c9af4d155a43aa0

General

Target

c880fe0d73ac5212fd14030136f6b9b55fa49c83cc4d06f36c9af4d155a43aa0
Size

3.4MB
MD5

6f860e051be47803d67a8b07bff538c5
SHA1

b40349f966d6a2f89f7efdce930e2fc73fd32586
SHA256

c880fe0d73ac5212fd14030136f6b9b55fa49c83cc4d06f36c9af4d155a43aa0
SHA512

5da58934adcb263d50f1244992906ec526f3c0256c29e36c994bc6d0fc94ed837fb2d57ca970a8d2e5603f3f1dc5e900738fc1e6d6da397024a40a6b2a56b471
SSDEEP

98304:RMm0FzkornsC1EY+UVUrJ2tDKYdqoPl7ck:RMfF0C1ErvstuKJL

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ff6e1774ad2b0d3f83f61b2611abc48ecfce088fd0230742cf81a4254c5516cc	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ff6e1774ad2b0d3f83f61b2611abc48ecfce088fd0230742cf81a4254c5516cc

c880fe0d73ac5212fd14030136f6b9b55fa49c83cc4d06f36c9af4d155a43aa0
.zip

Password: infected
ff6e1774ad2b0d3f83f61b2611abc48ecfce088fd0230742cf81a4254c5516cc
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE