4d6946b2b3cf2c03f47ce656978f48fc[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d6946b2b3cf2c03f47ce656978f48fc.zip
Size

11KB
MD5

ba07b5c0ad6512c8eddbd10ddb679ea3
SHA1

43bbbee0d9cbde55d005387685b81d8260d1df1e
SHA256

7b239ffcb9edfccbf7bb13280a331800c8884084a84002a1d3aa9ea02dba891e
SHA512

df8ba38e3da6f4abbe2acbecc2d51b565a349fdbef55f256acab408c9ae133e71be6432458293857aa8b10faa7af1132ce0a39c7cca8448d35ca4cf5814ba530
SSDEEP

192:LgcJUEL5ththWaKoSw3iJmJiKqcuFranERz1xbM42jndpmA3C3hMSQL/8IHEs5+0:LgcJUEhl13PiKqcuFranEXxmdpp3DYcH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/08e0cd632a67d46398a5549c13a161136afee02087e083a267a67c2029ea6c67	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/08e0cd632a67d46398a5549c13a161136afee02087e083a267a67c2029ea6c67
unpack002/out.upx

Files

4d6946b2b3cf2c03f47ce656978f48fc.zip
.zip

Password: infected
08e0cd632a67d46398a5549c13a161136afee02087e083a267a67c2029ea6c67
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ