14b585d0bbb2d1bdbd80893b500fe6df[.]zip | Triage

Sharing

General

Target

14b585d0bbb2d1bdbd80893b500fe6df.zip
Size

14.0MB
MD5

501081063ae465c03db8f317b1fc3c4f
SHA1

017ab62466b348f079710dd67c5d92383b2a1f8e
SHA256

c3ac703731deb2bc27219cc706fec5c41e7cd4de0b182d60e42da139073b3be0
SHA512

04a74cf35653d8784afba6bd1b3fdff31448ca71ab0e97bc3736a04c0b6972eefad722213c7baf3b2635423f04b2c7eecd67c7ebb5ffa091aacf8fc481a8ba45
SSDEEP

393216:N3RyJZQqYEXvPv8ddnKMfL94Epi+nnodflOWK:NGyqYEsRfL9AxfhK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/830c86fe8207902f94e8a61b82a27864fcc520f615a485a454e31714ad9bcb8f	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/830c86fe8207902f94e8a61b82a27864fcc520f615a485a454e31714ad9bcb8f

Files

14b585d0bbb2d1bdbd80893b500fe6df.zip
.zip

Password: infected
830c86fe8207902f94e8a61b82a27864fcc520f615a485a454e31714ad9bcb8f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 38KB - Virtual size: 196KB

BSS
Size: 12KB - Virtual size: 192KB