f9f8ecad455915cd9cec90da218ee845[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9f8ecad455915cd9cec90da218ee845.zip
Size

13KB
MD5

a4be8027ba300d55a504da939ca18a55
SHA1

08ef60f04648263aca34e903fd25d3067195f871
SHA256

9fb6ee3ae99b5b6280945d39e242b29a2ce6ae4f18738c5d51d1f240f0f00755
SHA512

6a4cb0100f7148d90aed6c20cca65f818f11a2013ea2dbb466f3a403930dec6bbaecee4ef954bd28ce4066e7b336bd1b3fefbe4420695ae257fd8ea9bb66aa31
SSDEEP

384:KbiarNTQ81Cw5ZjHuXEsF/nLPZCXu9YoEBHdo:siarN7CwfjOXfF/nLmDk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/81f5395820d31e5eea2e58657f16ddf8e4382986e72d048fb29a55595c900517	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/81f5395820d31e5eea2e58657f16ddf8e4382986e72d048fb29a55595c900517
unpack002/out.upx

Files

f9f8ecad455915cd9cec90da218ee845.zip
.zip

Password: infected
81f5395820d31e5eea2e58657f16ddf8e4382986e72d048fb29a55595c900517
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE