12e0a907609202b939ca0022812fcf1b[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12e0a907609202b939ca0022812fcf1b.zip
Size

184KB
MD5

fd837504a939f64e37459685dcd91951
SHA1

32c744d80f3503c67a1bee0bc74e7e08d17be806
SHA256

8f37b764988add5f6b71461b783c511d2537fd7f8e7098183a89d519912cb79e
SHA512

2b1b4dd90f63ffa9abd33eb0bf40ad51f39dee7d1e663bfdc8bca84584d9c14220d30dd9d85e546d33ddce7dbebda6658d3c4aaa2b9f1bc586d0c0ea5d588a30
SSDEEP

3072:+WBXAt4Jbk8Zflqfu3xhBM65Cg3I3tMwBvRfQSovwTMb/R56/0x7F3K0rOTRUE:3BwtOk8REW3fmKsR7f0v+krXB3zUz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/68eaf64ee3583a5fef054d63fae7f72fdb82f1e0accce4dc7a854ff97379df34	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/68eaf64ee3583a5fef054d63fae7f72fdb82f1e0accce4dc7a854ff97379df34

Files

12e0a907609202b939ca0022812fcf1b.zip
.zip

Password: infected
68eaf64ee3583a5fef054d63fae7f72fdb82f1e0accce4dc7a854ff97379df34
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE