bfcfb7efeac8c01f7cc4ad99df790932[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfcfb7efeac8c01f7cc4ad99df790932.zip
Size

87KB
MD5

320f46814836ef63d572ae361041fbea
SHA1

7c836a76c1fcf3e22742173c9e908954d63b3e99
SHA256

c43231ff883b45e0b5491c91feb00b01583930258dcad4c3c4e8f93a9f1fa4e4
SHA512

22358b2907126a73f74821346d0422afc5853dd791bdc3a8f158a959fad769d447652e57095166db7ed2fac1e87e48a4d9fd3a920b708accb9eda37b33615011
SSDEEP

1536:6bxA45fhEik3xdLAoslmmVEMB/obgq1EntlbYeK5AQuLj7Zc4mIWyCMGiV/2eM7T:6bt5ooosTHde1Entlbwuv7EsGcMXdAa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/70302728776e8ce531a513dbe48f1f240b93de16a4b059aae51301ea4ad20491	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/70302728776e8ce531a513dbe48f1f240b93de16a4b059aae51301ea4ad20491
unpack002/out.upx

Files

bfcfb7efeac8c01f7cc4ad99df790932.zip
.zip

Password: infected
70302728776e8ce531a513dbe48f1f240b93de16a4b059aae51301ea4ad20491
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 496B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE