3da33dbf60dd8effab6ef6a27429d835[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3da33dbf60dd8effab6ef6a27429d835.zip
Size

164KB
MD5

993804cd5d9e889298a86eaff1f1c0a6
SHA1

14691ed0039b256b65c04bf5132ec0c490e618f6
SHA256

802127bcc6320895ea8cf0764bcad1ca4fd09d9b4f8d27d46469bf3a60bf8358
SHA512

c34acd7a60210ce8f0a053e6c5dba44a9995858f47b4c243e66f128a2f14c156fb3de6c6158d0963294699b966d8d110172fa9b45cadd253acea945ba1d19e21
SSDEEP

3072:Tqq0jcOqgmeZxkn1PPAxulKsQ/IIC3NG2qbkffccCgk24rj3nnkeQzaWEkoqULMv:Tqq0jcOqgmexknR6s3IWNG7Yf0Pgkbr4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/c6bc65af691fc51f76dbfa492533298a44b340de1e0baf929152812d18b2e6f6	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c6bc65af691fc51f76dbfa492533298a44b340de1e0baf929152812d18b2e6f6

Files

3da33dbf60dd8effab6ef6a27429d835.zip
.zip

Password: infected
c6bc65af691fc51f76dbfa492533298a44b340de1e0baf929152812d18b2e6f6
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE