ebaf69b9587f2af1da5b38f6fa3659a6[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebaf69b9587f2af1da5b38f6fa3659a6.zip
Size

161KB
MD5

7fe390e02823fb255109aeb5e60c9928
SHA1

3eb5bc12a69ea0c9a4d5d57d0a61e0eaae6c8c87
SHA256

1433ed8e47408a3e04cbb17cd712372a66230b3178dd3fcf48a4c31f14c373b1
SHA512

15fa342221371f4955a3620f889ba66109df1ebbe2ff23d0b775cbe431de3fbf0486bf4591e836d0b1bfde34c350e43c82f4e04b3073f7ef4d5734ccbb1e8a35
SSDEEP

3072:wqMgvQvCTk9q4G0opl89ps4F8dxmODda0YBucawMBzC0zrJPMuRfvs:wrMQvCTkrG0rSjxmO5LYIVwkTO3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/94cb405308da16961e18116dd00c1a11068d2e81b46236411610ccac16d91916	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/94cb405308da16961e18116dd00c1a11068d2e81b46236411610ccac16d91916

Files

ebaf69b9587f2af1da5b38f6fa3659a6.zip
.zip

Password: infected
94cb405308da16961e18116dd00c1a11068d2e81b46236411610ccac16d91916
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE