b4be7eab8c7bc03c0e510d7f8d82368b[.]zip | Triage

Sharing

General

Target

b4be7eab8c7bc03c0e510d7f8d82368b.zip
Size

13KB
MD5

2f67c6267080419a7f722b8e74e42d85
SHA1

9a39857419d74fb37781273ed30ac5706560e51c
SHA256

5babc3208bb4c6556aa9d36360a896030d8b4f50f96eb7039c79c3777526574d
SHA512

ad99c8196995b2c2fdaa904bdd35efd2f0ec43095935f2a1627a7e4c68b86023001f10f12d4341d04326a0fead51b438f3dd81a7211ff079cea132b97456d959
SSDEEP

384:5gil4IIQnySUbbGWYOtmOUlEL0qEnybagLWNEOE:xIQyPRJ+ELtpaTNE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/d3f974a7daed206c99da549bd556d822cb3a678b221ed85093584bcf06d9ecb0	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3f974a7daed206c99da549bd556d822cb3a678b221ed85093584bcf06d9ecb0
unpack002/out.upx

Files

b4be7eab8c7bc03c0e510d7f8d82368b.zip
.zip

Password: infected
d3f974a7daed206c99da549bd556d822cb3a678b221ed85093584bcf06d9ecb0
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE