379e6c5ebde139b6ccf96a6ece6b8a24b74368dcb787e898ff4c593e76093e02[.]zip

General

Target

379e6c5ebde139b6ccf96a6ece6b8a24b74368dcb787e898ff4c593e76093e02.zip
Size

906KB
MD5

8311ecb1c18c00aa63fa2f890933b858
SHA1

3f249b673ea77a1ac4530f6e0e404ad7814edb70
SHA256

379e6c5ebde139b6ccf96a6ece6b8a24b74368dcb787e898ff4c593e76093e02
SHA512

433b575ed0afa04e31209d91424bb2435dc99fc6c38100d40e86fcc4985c0a29b517c4748961f294f894c9d7c4df638974eaa232b106c1150a6042d6a77742ec
SSDEEP

24576:wv8zCuG8DJSfrnsHLIIDiAcBM0CCwSncSs+0:g8OoDJSf6bfcCdXqc3

Score

5^/10

upx

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack003/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/fatura.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/fatura.exe
unpack003/out.upx

Files

379e6c5ebde139b6ccf96a6ece6b8a24b74368dcb787e898ff4c593e76093e02.zip
.zip
fatura.rar
.rar
fatura.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 343KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 343KB - Virtual size: 344KB

.rsrc Size: 584KB - Virtual size: 588KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 567KB - Virtual size: 567KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 592KB - Virtual size: 591KB

.reloc Size: 28KB - Virtual size: 28KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 343KB - Virtual size: 344KB

.rsrc
Size: 584KB - Virtual size: 588KB

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 592KB - Virtual size: 591KB

.reloc
Size: 28KB - Virtual size: 28KB