Behavioral task
behavioral1
Sample
25d2b6c20c98d9ae145afdaf1f09cbf7a71b08b29467cc563cdb0dff400b47ec.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
25d2b6c20c98d9ae145afdaf1f09cbf7a71b08b29467cc563cdb0dff400b47ec.exe
Resource
win10v2004-20220901-en
General
-
Target
25d2b6c20c98d9ae145afdaf1f09cbf7a71b08b29467cc563cdb0dff400b47ec
-
Size
6.2MB
-
MD5
7c0c8e8b8fb4e19e6d7250c1e165cb9b
-
SHA1
9410a29c05d9a40c7deb2f7b1859520814196cea
-
SHA256
25d2b6c20c98d9ae145afdaf1f09cbf7a71b08b29467cc563cdb0dff400b47ec
-
SHA512
eaf7743a6a291234fa7236c47c3580dfa8e5c761bfc390c2b31dc1510cecde7ff5e127ef9ae2ac81a74d4d2b70eaa695c786b04018602b55a85a10ac1443dfd2
-
SSDEEP
98304:rd+Ci5hdGaS14bRhrT5P43DLxWjulGV0mczczM/TX7yuYpGueVdZ9EvrIy:r859mO5PWDLMj9V01ozMrX7yutueVPix
Malware Config
Signatures
-
resource yara_rule sample upx
Files
-
25d2b6c20c98d9ae145afdaf1f09cbf7a71b08b29467cc563cdb0dff400b47ec.exe windows x86
Code Sign
1e:4e:c0:ba:bc:2c:5f:ba:40:19:e8:88:23:f9:fb:acCertificate
IssuerCN=果核剥壳www.ghxi.com,C=China,1.2.840.113549.1.9.1=#0c1367756f6865626f6b6540676d61696c2e636f6dNot Before09/04/2022, 03:30Not After30/12/2099, 16:00SubjectCN=果核剥壳www.ghxi.com,C=China,1.2.840.113549.1.9.1=#0c1367756f6865626f6b6540676d61696c2e636f6d0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before30/08/2022, 00:00Not After29/08/2023, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
1e:4e:c0:ba:bc:2c:5f:ba:40:19:e8:88:23:f9:fb:acCertificate
IssuerCN=果核剥壳www.ghxi.com,C=China,1.2.840.113549.1.9.1=#0c1367756f6865626f6b6540676d61696c2e636f6dNot Before09/04/2022, 03:30Not After30/12/2099, 16:00SubjectCN=果核剥壳www.ghxi.com,C=China,1.2.840.113549.1.9.1=#0c1367756f6865626f6b6540676d61696c2e636f6d0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
57:6d:6f:32:59:96:02:49:22:80:8e:09:fb:b4:cd:84:70:79:4d:80:aa:d9:db:a5:8a:90:b0:b5:19:6a:79:2eSigner
Actual PE Digest57:6d:6f:32:59:96:02:49:22:80:8e:09:fb:b4:cd:84:70:79:4d:80:aa:d9:db:a5:8a:90:b0:b5:19:6a:79:2eDigest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=果核剥壳www.ghxi.com,C=China,1.2.840.113549.1.9.1=#0c1367756f6865626f6b6540676d61696c2e636f6d16/09/2022, 01:13 Valid: false
37:51:89:b4:14:f0:3b:da:f7:01:63:02:5e:79:6e:2f:e6:a7:0f:72Signer
Actual PE Digest37:51:89:b4:14:f0:3b:da:f7:01:63:02:5e:79:6e:2f:e6:a7:0f:72Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=果核剥壳www.ghxi.com,C=China,1.2.840.113549.1.9.1=#0c1367756f6865626f6b6540676d61696c2e636f6d16/09/2022, 01:13 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 164KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 63KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ