a2c0f05dd1d81d70507655462b8e7b81d59ac0bdb2ca9ad8735f8d235d5d379d

Sharing

Copy URL Twitter E-mail

General

Target

a2c0f05dd1d81d70507655462b8e7b81d59ac0bdb2ca9ad8735f8d235d5d379d
Size

46KB
MD5

c6df877148c9d5f190e9755e81594de0
SHA1

e04a413e293a26555251f19e8b846b534d37590c
SHA256

a2c0f05dd1d81d70507655462b8e7b81d59ac0bdb2ca9ad8735f8d235d5d379d
SHA512

4bd2609d14c11f2061cef13d1a39b0aa8503df94f614b7736cd04624b1334b53cc21a64d124dbd43631c8dc15c37df06eed249f23b3994ac771c5adb87c158d8
SSDEEP

768:NCkcO9Jyfzv4hR0gT64dcstsXR81ZWrcmKDhPGonJFX29VtXoTCjAoa1FxJGm1WD:ckcQwf74hR01sJ6rdypG/RoTCXiJGJLX

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/iRotate.exe	aspack_v212_v242

Files

a2c0f05dd1d81d70507655462b8e7b81d59ac0bdb2ca9ad8735f8d235d5d379d
.rar
amd_portrait_swap.reg
amd_portrait_unswap.reg
iRotate.exe
.exe windows x86

Code Sign

01:00:00:00:00:01:15:37:6f:88:69
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 12:13

Not After

25/09/2008, 13:13

Subject

CN=EnTech Taiwan,O=EnTech Taiwan,C=TW,1.2.840.113549.1.9.1=#0c18737570706f727440656e7465636874616977616e2e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

02:00:00:00:00:00:d6:78:b7:94:05
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2014, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:d5:7f:a0:d5:08:67:b4:f7:d6:7b:17:25:bf:ca:8d:6a:34:33:bf
Signer

Actual PE Digest

ff:d5:7f:a0:d5:08:67:b4:f7:d6:7b:17:25:bf:ca:8d:6a:34:33:bf

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=EnTech Taiwan,O=EnTech Taiwan,C=TW,1.2.840.113549.1.9.1=#0c18737570706f727440656e7465636874616977616e2e636f6d

22/09/2022, 19:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.entech
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

01:00:00:00:00:01:15:37:6f:88:69Certificate

Key Usages

02:00:00:00:00:00:d6:78:b7:94:05Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

ff:d5:7f:a0:d5:08:67:b4:f7:d6:7b:17:25:bf:ca:8d:6a:34:33:bfSigner

Signature Validations

Verification

22/09/2022, 19:02 Valid: false

Headers

File Characteristics

Sections

CODE Size: 33KB - Virtual size: 84KB

DATA Size: 512B - Virtual size: 4KB

BSS Size: - Virtual size: 8KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 20KB

.entech Size: 10KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

01:00:00:00:00:01:15:37:6f:88:69
Certificate

02:00:00:00:00:00:d6:78:b7:94:05
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

ff:d5:7f:a0:d5:08:67:b4:f7:d6:7b:17:25:bf:ca:8d:6a:34:33:bf
Signer

22/09/2022, 19:02
Valid: false

CODE
Size: 33KB - Virtual size: 84KB

DATA
Size: 512B - Virtual size: 4KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 20KB

.entech
Size: 10KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB