1dcfb109e6da7a06db37a4e33b57c303[.]zip

General

Target

1dcfb109e6da7a06db37a4e33b57c303.zip
Size

26KB
MD5

381406e8fdbd90c54bf3ec6fb06a9886
SHA1

5fe50440383a4063321892b8df0fed57bc7acc03
SHA256

304b2039e23b7340445ba3a769f769a3460a2e596f242d47e5571097a6563d25
SHA512

292b10035fe51aecac8913cf856aa854f5f17485b270d663f13e408b1821f55e369c9bd43b336387f9d0292962c4a879f299000ef488ca19636f3b742eb80206
SSDEEP

768:ML/DZlB63YgcWUexCAeDLcC3ZCjdzKCUX:2/h6neexXeDYACpUX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/49351daf520ea1dee315e7ae4c91e3a273999eeb963513cdf3abbc4fac38b8ac	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/49351daf520ea1dee315e7ae4c91e3a273999eeb963513cdf3abbc4fac38b8ac

Files

1dcfb109e6da7a06db37a4e33b57c303.zip
.zip

Password: infected
49351daf520ea1dee315e7ae4c91e3a273999eeb963513cdf3abbc4fac38b8ac
.exe windows:4 windows x86 arch:x86

Password: infected

b4aeed41b71b65c6ab84b570d14a0216

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateDirectoryA
ExitProcess
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
CloseHandle
SetFilePointer
LoadLibraryA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
RtlUnwind
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
HeapSize
SetEndOfFile

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

wininet

InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b4aeed41b71b65c6ab84b570d14a0216

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

Sections

UPX0 Size: 28KB - Virtual size: 28KB

UPX1 Size: 20KB - Virtual size: 20KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 28KB - Virtual size: 28KB

UPX1
Size: 20KB - Virtual size: 20KB

UPX2
Size: 72KB - Virtual size: 72KB