54845e737d45e5af9066a2cf2d51a588[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54845e737d45e5af9066a2cf2d51a588.zip
Size

13KB
MD5

5494a47e2a8e15d1fcc8a333397ad6f5
SHA1

6f8e78b23e255a34f9825d74c8a4bda5476f502a
SHA256

86eb80ac68d051766a070940c6a85da7ca6c21b841391dec842f0dc4161329ec
SHA512

532187152dd4ad3bc09380baf58e40cb5fee050fe5d095e12b39714cdcd02489edc569f8d7d3f0a0537fac3020b48fa8f4ff12c6f8f821dc553f753c24cffdfd
SSDEEP

192:FzJGCXLM4cQKZ4oPnDvEkw9pOmn321MR9jCdmGw1hZViK9oDWzfwGS+b2Dlg5AYA:xHI7nPnY7cYhCdm/pKDWbTbqHdn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/b80992ed3c96af46ebcc71d327e4dc5643ddfc1f5e4e4e4e0956caa8a72d217d	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b80992ed3c96af46ebcc71d327e4dc5643ddfc1f5e4e4e4e0956caa8a72d217d
unpack002/out.upx

Files

54845e737d45e5af9066a2cf2d51a588.zip
.zip

Password: infected
b80992ed3c96af46ebcc71d327e4dc5643ddfc1f5e4e4e4e0956caa8a72d217d
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE