bd06b62f89d9dc25a3415c2ece7e00873b3b1bca1ad5f87a0f4028a419e576cb[.]zip

General

Target

bd06b62f89d9dc25a3415c2ece7e00873b3b1bca1ad5f87a0f4028a419e576cb.zip
Size

38KB
MD5

858cc38aa8c854e1b9cc16b9e2ae573c
SHA1

3d40ebf0511db3d9a7214fcd97bf05c0164e3cb4
SHA256

aaf582ac96d2a87390460ff4aea450874514d3e8b13ef2f925c8858df9c15a97
SHA512

29bb22e0de531341847704ed3036c968f6e8df6d810620698c4ba6d95fa87435516763aba935b2fe260c412eb34645ab7ec7c642890d9bc61892b386b2132278
SSDEEP

768:5bcZeJ0DWHuOx1iPhbdob7WBgWLeURHv0ga7mytaiZDmR0Lg:5QZe3uDbdM7Wb1Bv7aCiZq0Lg

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bd06b62f89d9dc25a3415c2ece7e00873b3b1bca1ad5f87a0f4028a419e576cb.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bd06b62f89d9dc25a3415c2ece7e00873b3b1bca1ad5f87a0f4028a419e576cb.exe

Files

bd06b62f89d9dc25a3415c2ece7e00873b3b1bca1ad5f87a0f4028a419e576cb.zip
.zip

Password: infected
bd06b62f89d9dc25a3415c2ece7e00873b3b1bca1ad5f87a0f4028a419e576cb.exe
.exe windows:5 windows x86 arch:x86

83b45e356be38dee9f40ac165206f07f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
LoadLibraryA
GetModuleHandleW
HeapFree
GetVersionExA
GetStartupInfoW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

83b45e356be38dee9f40ac165206f07f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

UPX0 Size: 40KB - Virtual size: 40KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: 40KB - Virtual size: 40KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 76KB - Virtual size: 76KB