SUSP_GZIP_Packed_Base64_Encoded_Executable

Rule Info

Name
SUSP_GZIP_Packed_Base64_Encoded_Executable
Author
Florian Roth
Description
Detects obfuscated executable
Score
50
Reference
https://github.com/b4rtik/RedPeanut/tree/master/Resources
Date
2019-11-11
Modified
2024-01-25
Minimum Yara
1.7
Rule Hash
20b9a0ff43584d6470a332613603d923
Tags
['OBFUS', 'T1027_002', 'T1132_001', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_gzip_packed_base64_encoded_executable/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
36
Suspicious (< 10 engines)
3
Clean (0 engines)
111

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-01-11 21:29:08
0
60
a4a2cb3e05e5659856de0461ef19b31d3d56aa3fbf61d03905c982bb3dde6869
2023-01-11 12:07:56
0
50
1e59e6292d36f827bb1b9a8bf1cee0114c77b94951496049105ac1a6871ca203
2023-01-10 11:48:18
0
59
a6caa6ea26eefa86df2c5bbf9ec34e67a4dd0be20f16eecb307f5b7c7bc74e9d
2023-01-09 12:13:34
0
60
b8ae93813d67ac49fd0a29ebfda64cca0f76d78a1cb66cd48f7efa6a9f83d055
2023-01-08 12:12:45
0
60
93b586ac4dd7c04be6480061977395786bfb8ac9421bccbc1126b236ee33da24
2023-01-07 12:10:55
0
60
17cf3241f7f71bc7748ad0baaf98fadd03bf8ad3bd51e942ae17bc705275ab6e
2023-01-03 02:03:36
21
60
83b8ec49a28b4d44127d70bbcd09f42e9ee778166d59f42f764d80e1a7947057
2023-01-01 12:10:16
0
61
03a2c684d906e035a20d6bc77ffa4a0749f41cb8fb9533ca956b062600dac43d
2022-12-24 11:50:52
0
61
8f73a691212691430846f06c5152540bc44ee2807d3448dce9febfffa246aff6
2022-12-08 21:54:56
0
61
354e01021b43a94af9ed936a4bc4a22b6cfee2b590b8891a6ca1e421d47a9216
2022-11-29 06:19:30
0
57
9a5e6b6d8e8b548b4a898f3608dab36be7e35e241d84553412e0b59d572a0a7d
2022-11-01 01:04:28
5
60
646034477a3cee64d46db46188e0999b809d621cefc0e12fb512fdec03c35c6e
2022-10-13 13:32:23
0
61
1603fc18f2882d72c5be6a50d6dbd57c9dcdaf9f8e684eace42eacb9621eb873
2022-10-12 13:05:25
0
60
870019702b83d573061f5ffce2314e92d22eb93c8a84523d41c95d5910e5a2eb
2022-10-12 10:43:45
0
61
93b3e6c9c01d6de98153390542dfb725c56404fef70ab54b0ca1a99f02d08679
2022-10-12 10:11:05
0
61
c92d8f5a83d19059323420449343404529ceb44b007af490d13e7093dac1e2b6
2022-10-12 09:40:57
0
61
429421eec89e007e89540641d125f266395c9b7e2082830abd0e2f6bd0f2070e
2022-10-12 06:54:31
0
60
aa1d8966d41369bc707ada7a6226bcd342cb0eb10f26d9ab7c1358fa823b0afc
2022-10-12 05:07:42
0
61
38482a712787a8ea7d7bf3958a97453c93fb52cd4f5153578d7534fa21fb9e21
2022-10-11 23:45:29
0
61
10aaf8f28bf3d231d048fb6eaedae613d8bf8c0b436d7d329488d7f2e6fc4252
2022-10-11 22:54:11
0
61
8667b6b12230ed84f61a6dd11f06aedd4ce26e04280deaf5ab75364fa8e0acf4
2022-10-11 22:17:33
0
61
a8cb98fe2f03e4f1d9098e1f6325bdec1deb5bccee236ba8c5b81d55bc3bb219
2022-10-11 22:11:57
0
61
8ff10f6b568f89337089185ac74a778e7474cf4b2525cc2ca93338b5c7d72141
2022-10-11 16:24:25
0
60
4030412c17120e086a17630434748a2f721178bcc57aad99c75e96a4408c6d65
2022-10-11 09:27:00
0
61
5ba217da446aa35943fe1b070d1e517623ab8abaf1bcee560435559cde527a04
2022-10-11 09:13:50
0
61
7f022df66da4e7722443cdb11796be71f23767b0479f2a174b2be5a487483e7b
2022-10-11 06:39:02
0
61
90687da3094455dccb08f46218436f9a242273b161f4aed9e692762beaf0f5f1
2022-10-11 06:18:47
0
59
ed5aa44c179bd6a4823ce11de5cf55c15c23c141cca1fb2c0a1c3847f3fc4d7f
2022-10-10 20:18:38
0
61
70b9cc14da4f5b9a8eecf925b9084bfb84f933d3faac45e3297e1f04a06315b4
2022-10-10 19:59:38
0
60
681b4f4f43138205361996a1bf869ec9a65460557cb0e9d41cc3f8d732d5d301
2022-10-10 18:51:42
0
61
c27a29aaac6c7da281df7f51bab72578c6a5d203fc2393b9f2da1be25d4c7e77
2022-10-10 14:21:40
0
61
5fc091404769ca31ba3ab65d7e750b5e6fee451ca4958d34b6b8d7a940651de2
2022-10-10 10:25:21
0
61
1e3475bf88bc91cd6cc069dbe64f0c0bb377397de8ca26efa18478abd1dabc4c
2022-10-10 08:09:32
0
61
89f215ca49ddda67cd89d383fc5c22e4c1d0d2faedf5327eedc8da74141e7b02
2022-09-14 21:10:22
0
59
46f0db4a2ec3f73fe1479b64ccf3c43a62ed7851a481fe5b96975547d192cb9e
2022-08-19 14:30:02
20
60
9d8ece9f8eebdec85940853e20d7ae9c93de1827dd87d4ee3459e71049cab08d
2022-05-13 17:29:55
3
57
43316bb34d159fde891a986c2121993f4732d1eb1676bcfa1a1e8680d45647b8
2022-05-07 22:39:42
0
58
c6a51ff8cd6fba1f63273a6545ea1a4cef269f8a321d9696170c61128e4f96d2
2022-05-05 14:12:38
0
58
9a27acf0ed71bce4d97e2d09f42e252fd1566cf1003b767e8829626a2b99658e
2022-05-05 07:00:36
0
56
f760ac264db0366061080529ea53e06fa61ff0e01044801e93159ec495e42d3c
2022-05-04 23:30:48
0
57
8a09bb1d017460f4c801978def2c52a4a11fe0e4d143453517109293ea1ad80a
2022-05-04 23:04:42
0
58
a060ae17bb4a682999d3ba1b56273355de911377e9b8a4c2323326cbe0baf1eb
2022-03-08 16:29:02
0
56
00877c41ac9a757a03506e75f473fb60301873866134bd141112803eee4b64a5
2022-02-25 13:27:07
24
63
1f9fc1ed52c86009b4a4f083717bb8fd5b0b81fbfcfa40a2ec381c8bbe5e9ff9
2022-02-15 05:17:16
0
57
f78325f872d4add2f4ac0af6fd9fdc02ec79a5782dad2b9c6e51f9dd74df56dd
2022-02-15 02:39:43
0
56
8eb685ee3a7f90526b61541b83d06f0f4ef2649669c8dea507a15d89587994b4
2022-02-14 02:09:46
0
58
03d3ad000bba94a4279316ddd42a04749a8e81c3fd93f0195c118812f581ecd3
2022-02-07 19:07:27
0
58
cab02d8d5eaab5b45044ed4fef229304218d19b0f9159155131dd855c1a48bd2
2022-02-05 08:37:53
43
62
cbe882d13202cc57213fa0b0504f2901c303c2b5e12979eef823f4682dd61419
2022-02-04 22:06:51
1
54
a4db4a5882cd3fafd6dc4940e9b3376fa13cfcf3a48344be7d12645a3d0dbeda
2022-02-03 23:40:29
0
56
b18d6675cee999e26ac8e905963e87df2ad64e09c4579f4f9d747f13b69a6991
2022-01-31 14:16:03
17
56
9ea3f36070eeaa51c5590c1dccb99c5e5e414632b474038533ca9ca421e2ec92
2022-01-21 16:32:55
0
56
be657e45afb47585e0fb0ea19a41d1de3db4eb0a62a6331d4102f95edc9ae7f4
2022-01-12 11:57:56
53
68
2f24cf931b1cb59b930a8ee99f386b25ac6dc242bd82e03c7d50f0cf375aa50b
2022-01-12 00:03:28
15
56
919418580e416fc767492258117fa6676ae88c195772581e312f78da773773bd
2022-01-07 14:53:33
50
69
58cc5167dca6effd515027ed2a4de8ee19371607204e6c68b69688e39d3a124d
2022-01-05 16:04:04
0
57
dbb0af175104d453c5f0433d5e1ee7d586525721a08e5b87de5b6849eaf7a756
2022-01-05 16:04:04
0
56
4adb7bda3f52636c47143f6162dd83dae7b8000fbde3147a5342bc68fcf7a7cd
2022-01-05 16:04:04
0
56
b2c1a4a06e73402c6a770caccf5376d88e6e01d961db6d82615139dd8348bb56
2022-01-05 16:03:59
0
56
b723ab29fb0458aa9764bbd781a5101cda157db289b9f447c1d0ddc9923f303a
2022-01-05 16:03:59
0
57
5126f609ab5b294716fd2ab2e854ad572e6f46b2b62f8e6e44c761eba08ef3af
2021-12-12 07:41:59
0
56
49b103fb364d487b26259aa9a6b03d6a833f8fcd8298be9098e5dcd3156d9fc5
2021-12-02 15:25:08
0
53
b476b16a1d82e662fe61aca6556d7d831cdef09b268c47614e04fb339ac7073b
2021-12-01 20:40:45
0
56
e33d28c017717eff0fded5ed1adabd07bbc99db329206fb6f09d5bee441498d7
2021-12-01 20:40:44
0
56
0a21a6b21f2698a6bc6aa97efab21d135ebb7970b22cf18c2ba3e96599f29a30
2021-12-01 02:16:41
11
56
823762a2e0f402aa25620eee715a3c96bd9dc61f52252128b49ac777d1806648
2021-11-26 18:16:06
56
68
d284904efb2e50150e4cc039550bbba751503f9e1c72adfe1cb8d1545d51822e
2021-11-18 20:46:29
0
52
628aa72e866f63a00acb141f6024f90815ac7807140dbe1ff62ff3ee0863ee28
2021-11-17 21:11:39
0
56
c213b452fac5d6796a1de9668944e36e51cbd89fb866ecb7cfc19ab4194d2a1a
2021-11-02 18:53:47
0
56
3b34af827957455fbae6fa2b174dda754509ec03f874bb2f0612454dc67ac09d
2021-10-29 12:12:51
0
57
cdf1ff8c30219e2430bb4d1c5d3625aaf9b124f28d2b216ae6df4a762bf99d2a
2021-10-29 10:48:59
0
57
0ee856c9f41715b57f9e18d37bdc8ff56ff53dee0c0445cf9d625f6a72fd10a5
2021-10-28 19:12:04
0
57
46a2a37b79c8e74ca4ce1aea11c5d9b1c5cd561b8fc6d2969b6076525f06df34
2021-10-28 17:57:27
0
57
d212d8544b6dac66dd671395582a0da666abcc93be103907963199736f569a60
2021-10-21 19:19:58
0
57
1d99b5f84cdef19bc59980a8380766a700fe4ee219b0d1afb636ef03e93999c1
2021-10-21 12:31:42
0
57
0ac37e17813e50c8d5c2205b15ac3be51f62a74cb4e2f40c58cbaeac063762f9
2021-10-17 21:52:44
0
56
b1f57ebd538a6b7a07d78aa8744ececded3244b257a087570035db76df23db02
2021-10-17 20:48:06
17
57
9aec29176a8186bff1e8c2d2dfaa9df3e0fe7b9c507b902617953fd02fd31544
2021-10-14 19:12:02
0
57
26e8ba67ea1896c1d0a371431cf315c8c2585e67dd6f94b7b249343e5abbe86f
2021-09-11 19:41:31
16
57
32cb0a9ad51dfbd381d6fa854b10889c26ed6bbd2b10d073f2e5fff34badebb5
2021-09-08 16:56:07
52
69
88eb39dc4d94b4cbd0f334c15c844d68faa4480152ef64570644d0fd75b7ebff
2021-07-02 11:09:18
0
56
afa9de9849b872792b55f3a1201598f1d687cfc9d2b47a7aa896794a38e2b75b
2021-07-02 11:05:59
0
58
efc9aa59d93a2129ffcc630c06ae3af8b256bb259e6900ddd4a9b383dfb7fe9a
2021-07-02 11:04:56
0
58
6c5ed97600b28bec4f1fc6112772e9922b37b6880f8ae767b05b41a03c224e3e
2021-06-19 12:34:59
14
58
1a6ea9e012c9a9d1967866f7c387f3c9a2c1a203360412103adf127d51f1adb0
2021-06-15 21:14:52
18
57
dfec0cca5fed02aa4bebcc7ee92cd101a89662a0bca25f704aaaf7835e194a09
2021-05-29 14:24:50
19
59
e109e10037513273d4e1be056d994120af89267e649656dc06b499be89127789
2021-05-07 14:17:19
16
57
90a837167cb26a37474ad7be66a16095e701c445a9c85a4db927aa28d65b574e
2021-05-04 19:30:47
13
56
5feabaefbeae679410bc39b33196586cc28ac8b70e2fc76f8e645a398f570361
2021-01-19 03:06:31
21
58
d30cf00a05e1a2f7ba931fb77ac423f656d99fc9c05e79c8856137b405f67f98
2021-01-08 19:45:03
15
60
bd60b3418edad6e7c175a0bc6d1410f36723001507699031a45c542d1b242e02
2020-12-02 16:08:12
15
60
f080a15b335f378c9bbcd0b6c2abe4c296b28951d6d3c9fffc17e8235c8e7a48
2020-11-11 17:52:21
0
61
0c2ba077d27850d3adc5da03d0ec772e077a4eb24f2eb418a947b1d2f20a8ddf
2020-11-11 16:52:04
12
60
d6f332fda11babc949b609113eed862d35690ec8ad37612a26fffe4050605263
2020-11-10 18:31:44
0
60
fa537c7647df467d6eb267e95436ab4e1ae3231ec8521a20196a812317352d02
2020-11-09 12:40:57
10
60
32ad4df395f0c8fd0e7adb27e943a2fdb27b36412e0dcd2051129c422f21a702
2020-11-06 18:46:38
0
60
19d8284591637e334a4e2f009345226a0566ed0506d0e421e4e9a459454cc82d
2020-11-06 18:34:54
14
60
5140a7be905a0e10bf4e56a3530ef28d37c207ccf5acaad639de1f66e0b7e923
2020-11-01 19:27:26
12
58
c61b5075e0e0e4d9cf09ddc08d4eb35c49fbf1ef055c836dfb99b5c3f54a4d05
2020-10-31 20:33:45
0
61
2f112ddcf214789d23a74d0d2da1231db41574011b5a05903d7b947fa5626200
2020-10-31 18:20:43
0
61
2f11fa86dd5b4cbe96703cf2c52e50a83ea53798d54b851f8468d01cedd008c8
2020-10-31 15:29:28
0
58
5684c7e97677e2eaa0ebb1aaf597b533f78d130c25fa10f447d49e7b21d33fd3
2020-10-30 18:38:47
0
61
3a6bef46c3908bc7c844343ebc7500ce405611b2585ebc43463749d793fa26a9
2020-10-30 18:19:56
0
61
3a6277a60b10e0a25dbcc56f62aa56f0a391cf4eb11250cec0e10d5635d32c8c
2020-10-30 15:39:11
15
61
636023043343c607a79002397b07f7e011bc1964430d15b331062cca245921e8
2020-10-30 13:57:03
11
61
c1548e532b7f26b14e8bc8192bb21f14ddbaad25fc38f684f4bac9f62ece9036
2020-10-30 11:07:48
0
61
28f887556f1f1ecf6d57f7058c3aa89c306ee44064eb83a5df07b9a36212aa5d
2020-10-30 02:22:28
0
60
7bfbc0bee355d397be1d86a37940a99ada1d818442be422ff4137cb8c2fb7740
2020-10-29 13:21:18
13
61
298226629bf1e7ff94ad1bc453088a2a1e9180939bcd3c9f579b308a52649e07
2020-10-28 13:50:20
0
59
7a069eee2ece45f25013baac4599e903d2c351c0494b9bd2fb2e9005b6eb5ed2
2020-10-26 22:27:07
14
59
ee10ae7e43c33a02fcbc34207566733260d921c46ece73fa70ce6c9bb5ee0ef6
2020-10-26 20:13:01
12
51
9639cb84c76032be5a05136a5ae5767fcc52439ccb72f61fcc5c8e9a85a734ee
2020-10-26 14:30:19
0
59
10785d6e92672d91f86ceff0d8b91fee32a2fa7c5e6a43c56d41056f7511df39
2020-10-24 11:32:07
0
58
20d23239267eac8dd6f234480955ca1e5f744eeb08ef0f30ae290bca34a28292
2020-10-24 10:56:20
0
50
20d9e01e31cfb36bcfce1d5d1de56722f89fb2d36828748b398b3be091188d16
2020-10-23 20:18:35
0
51
399762aa20ad930ecc7ee70ae385376a7c8a562189e56c1e131816df76f2edcb
2020-10-22 18:43:17
0
56
2fca6d9103f08dd163b9abd6e603240832546b6f58093760ecc72d65c3f605c4
2020-10-22 09:57:21
18
51
a5f5e6f8b8e96063f18c7a687567e40980d4d95055e2064656f34d37cc198493
2020-10-22 08:49:00
0
50
36412bddd8c18da6722e16dea7d6d25c61e276ba38d5d8b4033a4bcc8bf08169
2020-10-22 08:15:01
0
49
3642b32f1c6779a68a53838dd6c38fe59e955ca3cf504fe609982c6d4fcd3a21
2020-10-19 22:16:23
13
59
e96f18f5d28e4017315e6a43ccf460004ee53b1acc305a21cd8c52d80ec7c81c
2020-10-19 19:18:00
0
60
9f8800a2ba98880e2c1ca21669e24d441b9b7b000e2230f8cecefd68dda6cc21
2020-10-19 17:25:55
0
59
160fba8e1ee13af2c610028304ec7e11636df5539bdbdbc1ca598491c20fa55a
2020-10-19 17:00:43
0
52
8cfe7a1dcc7845edbb63b76f5340592631291a7c7aa366817666c7f74df898b6
2020-10-19 14:36:30
0
60
3efdf0ea45c963faf23ff92cbb86c396568746432a404c8a77dab0c092975bad
2020-10-19 09:28:02
0
59
9a8ae9b02f8b9b47e94cef0befe4696d17918c166d7bc0094defd1b2e837e5e4
2020-10-18 23:03:34
0
59
17bca55fc04ae41e82a4407e938ab19daabee410b412da2dbe2fb9e3fe662695
2020-10-18 22:36:22
0
59
a67c840d9ea6e91f420f34d8fac629fe670029fa602349b95b8bd65d713ee5d5
2020-10-18 01:27:32
0
59
1a91e45afe7bd04339524989c66ca3f7b9025dc1bd1ff4f2e333f7015447d392
2020-10-17 21:55:28
0
59
b7b0f03a8b421d7868aa89dbb4ddc3f4dedb9031190fb66eca644c893004a253
2020-10-17 19:13:13
0
59
b7bbb854f0dcfdda253c855329ef2a6834ffc48b81761e472a551365ff46dae3
2020-10-17 16:49:36
13
60
190543aa06ebe3e138446863b7675f2bd20d2c3c11592d0214d6c6ac9b0d0f6f
2020-10-17 00:44:13
0
60
2e1ce518c05207a777a17f8e8094b2a752d01db6c6f27f32095e46e2c6bedcc8
2020-10-17 00:21:35
0
60
a66334b02c7cc34b9a1eaef6da1fae8be67e1e57c41928c72e677e15e5d74f7d
2020-10-16 11:40:32
14
59
4a23d70ffa80a8aa3f3ae8f343a1009d0a754442cb2e44ee2f211dbe17fbb8e2
2020-10-14 02:34:24
0
59
aede401da5a1506ffef733f0bb09316fdd95f2b3328f576329d6ab3c1cedd4dd
2020-10-13 20:56:48
0
59
a7466a0d6dfa1058a78bdf052e01d2f10452cc300b7631eb082cfd57ed170909
2020-10-13 20:36:09
0
58
1dfe6944bcfde44d29c8c5dcc715b12c4b363a1a313ac030de70f8b4c5381938
2020-10-13 10:10:52
0
47
569271d2b9a04262e4f06cbc3b71b410685e349022ca91f1243cf09601caecc3
2020-10-13 10:07:00
0
59
ff44db2e5ebc6938b37acaf909605b8da35e508a0348e5dad1a80ae5b1b8413d
2020-10-13 10:06:05
0
57
9cd9242b74792e71ef794c15d992e4a37c149f1ecf86c7933f5108721cb8584b
2020-10-13 10:05:37
0
59
7087c216c04d30a9d810c730fd865384697d5d624d3990adc0f58522813bcca1
2020-10-13 10:00:44
0
59
c88b6c96dfc51184a9be9e5d7bd609b9c7db0c0cb2f2b3a570e56d05b10658eb
2020-10-12 22:09:47
15
56
86f1f6fd9576d28a775682d82bc6f68dedf5dbcaef22111510b3a7eadf140280
2020-10-12 14:06:47
0
59
1bed705f41db3b902a6276c3949bbe4f103090c7bfadf38d76ab9befc54424ea
2020-10-10 17:35:06
0
59
17eaaa223cd777e383240fc9ccc5a04e9c4d28eba2d61c6c1c8403e4e25e0eec
2020-10-10 17:32:11
0
58
973e8ddf52b8afee9c44c614424be2ee64f412f22584bdc0bb0db3902c1bb43c
2020-10-10 12:47:21
12
59
fda5249ac334dd67886945eb00083f6c23a053d616b5bb0c3837226979cb2b8d
2020-10-09 22:02:45
0
59
11d829478fd70bdd1b2cc6c0fbcc2bff2170c7a872d65dd3441af1472dc0af95
2020-10-09 15:43:06
0
57
2a1cb4ef3ab7a7c6bdaf2de655cb024008cb2525b5b3539f4050b9628b78158a

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022