519a765a3341b03a035d158605eef4620e1094f0e3d1e7be1d1ac4750f2a0552[.]zip

General

Target

519a765a3341b03a035d158605eef4620e1094f0e3d1e7be1d1ac4750f2a0552.zip
Size

319KB
MD5

c4a976bd5110ee02e7559356c6bf41b5
SHA1

43edf197a9db05ea41046d92d0806386e5bc9ef4
SHA256

64b1ca21be08341c70ccde1be48b2e71b505cf106308c9195e175f065c55569e
SHA512

312303ab7af7960def357c3bf19892c1d8d478da0894ca8abd5928eba272f78a52802f3c6abda88f0c3f23f9cd56d189e4d3e6ca0cad7563fb3fa1d9f7808ed6
SSDEEP

6144:qXyR+xjR8KIrMr3bVGzEBOy3p7rANFGwUSL0I7+mRcBdcvSktP:PRC6KuN2Oy3p7reFXv7vRIGqkJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/519a765a3341b03a035d158605eef4620e1094f0e3d1e7be1d1ac4750f2a0552	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/519a765a3341b03a035d158605eef4620e1094f0e3d1e7be1d1ac4750f2a0552
unpack002/out.upx

Files

519a765a3341b03a035d158605eef4620e1094f0e3d1e7be1d1ac4750f2a0552.zip
.zip

Password: infected
519a765a3341b03a035d158605eef4620e1094f0e3d1e7be1d1ac4750f2a0552
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 326KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 612KB

UPX1 Size: 326KB - Virtual size: 328KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 668KB - Virtual size: 668KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 77KB - Virtual size: 87KB

.fptable Size: 512B - Virtual size: 128B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 23KB - Virtual size: 23KB

UPX0
Size: - Virtual size: 612KB

UPX1
Size: 326KB - Virtual size: 328KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 668KB - Virtual size: 668KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 77KB - Virtual size: 87KB

.fptable
Size: 512B - Virtual size: 128B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 23KB - Virtual size: 23KB