ef3367b4b7069424f276562026160fcd[.]zip | Triage

Sharing

General

Target

ef3367b4b7069424f276562026160fcd.zip
Size

3.8MB
MD5

f0e48d02fa045c98407ca2b90ab3f3ba
SHA1

fb9b51b0c676ac715857d3a63010c594c69a9020
SHA256

d58fe2f5809ddbca1f66f5a0df3f2eb521120efcb956f8b9d848bc21687cac07
SHA512

7146e17f837e7d994b9bb9882313ade6a3da4f7d6a72157dfa1234637bc8c19860236039ba74cbf050929db334f0347e070f3b6c1cb2699cfbffea680fb0d291
SSDEEP

98304:Ut8E4fPhPKWiswtPHxzr4ICDmHJgveJXSkoGtv+:bE4JisiJODmSveJXVoGtW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/03dc5d716f004d1d2dcbf8c7ef65ea4b7f956c4c6dabe12476c43f77870da9cf	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/03dc5d716f004d1d2dcbf8c7ef65ea4b7f956c4c6dabe12476c43f77870da9cf

Files

ef3367b4b7069424f276562026160fcd.zip
.zip

Password: infected
03dc5d716f004d1d2dcbf8c7ef65ea4b7f956c4c6dabe12476c43f77870da9cf
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 783KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE