f8c828f938d4ed21c3c0d69a1c9211e4[.]zip | Triage

Sharing

General

Target

f8c828f938d4ed21c3c0d69a1c9211e4.zip
Size

28KB
MD5

592cf5826f5146d55c28c324263b5985
SHA1

b0a6f825b4967ad8ab2128c663e121b834f8e041
SHA256

5b570a3df3a2f0a54427482b5280b343d74d9ab555e17ee4017ae065997929c8
SHA512

c1192c6003aa1f65c174f37e494a6fbb67c822d50026da4feff80b03ee61b29f6e84f78e99e5be4882248790eeb4184b4b7bce8ac8bc608922f22f9ca62b4b91
SSDEEP

768:7P1AmO47ZnuqJY/wYsLwahYAGkG7KQcmny:7NFOuewYOYl+rmy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/6690204ed0041210274e149fd7aa719b242cbc25a046bf5274c26bfb0c7feb47	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6690204ed0041210274e149fd7aa719b242cbc25a046bf5274c26bfb0c7feb47
unpack002/out.upx

Files

f8c828f938d4ed21c3c0d69a1c9211e4.zip
.zip

Password: infected
6690204ed0041210274e149fd7aa719b242cbc25a046bf5274c26bfb0c7feb47
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ