b000108aa047652e2f32194173f11ae8[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b000108aa047652e2f32194173f11ae8.zip
Size

784KB
MD5

3ad5a6d284e04d40999f5e62fbc702be
SHA1

614cc0b59b648feb68052f7e7893d797870f59ad
SHA256

062fb0e8fe1cc2546d1ff05bd34b50a170b6423ad83a0a3fe1138c45e8e6e1b1
SHA512

604a277e23a9dd540de2ba0181bec18610e0b7c5f9a86374d5e3ac6ac741d43ce8a7271c42e47b4cc37c7eafdb845ad16b2f889abc9e9c6a42131ea6b01db062
SSDEEP

24576:l9aMCk17Fp/GvM5lVNT+VsTaS5LYgOToD9DaoXS:9ovWlV4iTa+LYgnS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/87e40663d3c0ff7bb07f7cd395a4dcd1d2f42e2f86123f71a032ad302b8ccd9b	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/87e40663d3c0ff7bb07f7cd395a4dcd1d2f42e2f86123f71a032ad302b8ccd9b

Files

b000108aa047652e2f32194173f11ae8.zip
.zip

Password: infected
87e40663d3c0ff7bb07f7cd395a4dcd1d2f42e2f86123f71a032ad302b8ccd9b
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 783KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE