cdda2f52ea1a62a4d9c65e868107bc88[.]zip | Triage

Sharing

General

Target

cdda2f52ea1a62a4d9c65e868107bc88.zip
Size

20KB
MD5

3b98659927dfb376d1c968dcc8fb9347
SHA1

357b7c5d53dd4137db5196e6da81637abf1ad964
SHA256

c1503f686a99bae4930680986df3d33195742245359d97465b77be0b3658b6d0
SHA512

a8f90a7730efbcdb4fd5e068d0890b271c4a38cb68d71b8d0d24298e4cd736922a328be95790d9fa5501a89a4ef9297a8c4661df8b466b2d6e201ba129e0308c
SSDEEP

384:8Z+nN7ipJxjJbWfu0sABx0msOeFyhtVyY1siVQ1QOVuLKBQyKog0J0ZJ7Z:84Kj9MDr07OeFyhHyOsiAugNKoTa7Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/41ba9de40ffc866a0a1a5c48c42ff2c56c36d51ffc713c6d564ecf67aad7be05	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/41ba9de40ffc866a0a1a5c48c42ff2c56c36d51ffc713c6d564ecf67aad7be05

Files

cdda2f52ea1a62a4d9c65e868107bc88.zip
.zip

Password: infected
41ba9de40ffc866a0a1a5c48c42ff2c56c36d51ffc713c6d564ecf67aad7be05
.exe windows:4 windows x86 arch:x86

Password: infected

d2daa99f37efbf903e5bd7e0c738ec12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
lstrcpyA
LoadLibraryA
GetProcAddress
GetLastError
GetCommandLineA
CreateFileA

gdi32

CreateSolidBrush
CreatePen
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

user32

TranslateMessage
ShowWindow
SendMessageA
LoadBitmapA
RegisterClassExA
PostQuitMessage
MessageBoxA
LoadIconA
LoadCursorA
GetMessageA
EndPaint
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
UpdateWindow
BeginPaint

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE