3f555ec5d2044e080779bb3a5baf7ff9[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f555ec5d2044e080779bb3a5baf7ff9.zip
Size

1.7MB
MD5

df91dbbf2eb704059e5c3102cfa72b70
SHA1

3bf2238d84246ab7618f97e7dda61c9e76ec18c5
SHA256

3e7cad4912d0665c35c532a41e16af2d665bfac4a71e709a1851010dd01aa189
SHA512

63a3563e9932efd9b95fb2a8b2f036451e201b5004a84a939de2702a28e1abd5280c9f8aa11a05663b342d421d04b63fd5d72e04c6e97b11c13054a96577528b
SSDEEP

49152:Wo48M3VLjxe09zDnPIFIweEp2AaLs+xX9A:8dFRHIFDeYys+xtA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/edf15c60926b700bfaa1b71e6537277ea5d9c46fe4dd43d70b7ebd773dc293f6	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/edf15c60926b700bfaa1b71e6537277ea5d9c46fe4dd43d70b7ebd773dc293f6

Files

3f555ec5d2044e080779bb3a5baf7ff9.zip
.zip

Password: infected
edf15c60926b700bfaa1b71e6537277ea5d9c46fe4dd43d70b7ebd773dc293f6
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 7.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE