Behavioral task
behavioral1
Sample
7012b577becc2cd39a82f7978951f24f892593dbf14396e1884033af66da81ad.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7012b577becc2cd39a82f7978951f24f892593dbf14396e1884033af66da81ad.exe
Resource
win10v2004-20220812-en
General
-
Target
7012b577becc2cd39a82f7978951f24f892593dbf14396e1884033af66da81ad
-
Size
523KB
-
MD5
55583fb1043d2a9142d795b0880d132c
-
SHA1
462fb85f24cedee1fe7135f208292e40d8377231
-
SHA256
7012b577becc2cd39a82f7978951f24f892593dbf14396e1884033af66da81ad
-
SHA512
8b07435def22dd4dee768de6a248f71a2ea1c225aee3efab3a109b6eb6f48fe407f5145b0aee0f568608467efea8f5959ed10529158476250452eca887fb2d65
-
SSDEEP
12288:RL7u6OTYDcfEMWtVNYqDhm9KPouI5fWPJ1s/ZFHF:RL7YYYfEbtVNL87Wh+/ZFHF
Malware Config
Signatures
-
resource yara_rule sample upx
Files
-
7012b577becc2cd39a82f7978951f24f892593dbf14396e1884033af66da81ad.exe windows x86
Code Sign
70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29-01-1996 00:00Not After01-08-2028 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US2b:be:5d:08:06:53:b7:32:c9:1d:9d:37:7b:c5:c4:38Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before10-08-2009 00:00Not After10-08-2010 23:59SubjectCN=IMNetworks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IMNetworks,L=Haeundae-gu,ST=Pusan,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21-05-2009 00:00Not After20-05-2019 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
f9:92:8e:88:9f:8b:c4:1b:ac:82:5f:b3:31:c2:ac:1e:71:2a:5c:4eSigner
Actual PE Digestf9:92:8e:88:9f:8b:c4:1b:ac:82:5f:b3:31:c2:ac:1e:71:2a:5c:4eDigest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=IMNetworks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IMNetworks,L=Haeundae-gu,ST=Pusan,C=KR29-09-2022 18:53 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 6.9MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 505KB - Virtual size: 508KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 628KB - Virtual size: 625KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6.6MB - Virtual size: 6.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ