2ad60a68b4d147d652a050d28ceeb3e01d32f8039cafd84d0e4ac56c811c9feb

Sharing

Copy URL Twitter E-mail

General

Target

2ad60a68b4d147d652a050d28ceeb3e01d32f8039cafd84d0e4ac56c811c9feb
Size

209KB
MD5

615b1b45063cf9342437b709935f56cb
SHA1

67c3326ac94aef1f2f219160bc5ac6d2d83cfa1e
SHA256

2ad60a68b4d147d652a050d28ceeb3e01d32f8039cafd84d0e4ac56c811c9feb
SHA512

5999d4c2bfcf7b80e3b61b629b361cc2deef85c4d7eb46eb69a4bc94c52f683d68bb043e57e23c35abc9d1747847be074af38588bc0e75a49de0b6fb7f4d08dc
SSDEEP

3072:uhvTGkdBxSv8ndQ5Bbguky9yvS5AjFWVYAx11Xrcm7vV3fEdAI38nRuaXziK3xO6:QGkdB0ywkS94zAx/QkV3cunjxku

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/LiuPortable.exe	upx

Files

2ad60a68b4d147d652a050d28ceeb3e01d32f8039cafd84d0e4ac56c811c9feb
.zip
LiuPortable.exe
.exe windows x86

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b4:d4:d6:e6:34:01:c4:90:41:ac:90
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

28/04/2020, 04:08

Not After

29/05/2023, 04:08

Subject

CN=Boshiamy C&C Co.\, Ltd.,O=Boshiamy C&C Co.\, Ltd.,L=Taipei,ST=Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:ce:05:c4:f8:e0:53:c8:a7:2a:89:c8:0e:89:aa:a8:b6:a5:62:08
Signer

Actual PE Digest

ee:ce:05:c4:f8:e0:53:c8:a7:2a:89:c8:0e:89:aa:a8:b6:a5:62:08

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Boshiamy C&C Co.\, Ltd.,O=Boshiamy C&C Co.\, Ltd.,L=Taipei,ST=Taipei,C=TW

10/07/2022, 17:34
Valid: true

Chain 1

CN=Boshiamy C&C Co.\, Ltd.,O=Boshiamy C&C Co.\, Ltd.,L=Taipei,ST=Taipei,C=TW

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

03:b4:d4:d6:e6:34:01:c4:90:41:ac:90Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ee:ce:05:c4:f8:e0:53:c8:a7:2a:89:c8:0e:89:aa:a8:b6:a5:62:08Signer

Signature Validations

Verification

10/07/2022, 17:34 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 196KB - Virtual size: 196KB

.rsrc Size: 11KB - Virtual size: 12KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

03:b4:d4:d6:e6:34:01:c4:90:41:ac:90
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ee:ce:05:c4:f8:e0:53:c8:a7:2a:89:c8:0e:89:aa:a8:b6:a5:62:08
Signer

10/07/2022, 17:34
Valid: true

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 11KB - Virtual size: 12KB