7de1620f5ff872208f2b1f541f1e1014443e97d8510ed1fd757cc37162211782

Sharing

Copy URL Twitter E-mail

General

Target

7de1620f5ff872208f2b1f541f1e1014443e97d8510ed1fd757cc37162211782
Size

80KB
MD5

410ab0b9d5e81714c709236a20b60af0
SHA1

f7b1d9e8452bd6deab097b3a39f81aa478d69b87
SHA256

7de1620f5ff872208f2b1f541f1e1014443e97d8510ed1fd757cc37162211782
SHA512

069dfc7c39a0e7510cd7b2d5f631870b547ff3a1f8b9a7de5c37b00785981e655ad9b99ce401c5076197430ddb8fa1b8370d35f11d1382b693d73431a6db2b8a
SSDEEP

1536:e3ZGdYREvQpnLpJ+nwWMPFR7cq9jCmqcSLUI3400eV+gacCSsQDSSP67:G7e03t9+YwUIP0FgaYRuSK

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

7de1620f5ff872208f2b1f541f1e1014443e97d8510ed1fd757cc37162211782
.exe windows x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:1a:0b:08:cc:22:c8:6b:c3:1c:6b:bc:01:0d:3e:91
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

13/10/2013, 00:00

Not After

23/10/2014, 23:59

Subject

CN=KEYDOWNLOAD LTD,O=KEYDOWNLOAD LTD,L=Tel Aviv- Jaffa,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:ef:44:1f:9e:6c:fa:69:76:5c:b9:3d:d0:24:54:71:ff:84:15:72
Signer

Actual PE Digest

19:ef:44:1f:9e:6c:fa:69:76:5c:b9:3d:d0:24:54:71:ff:84:15:72

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KEYDOWNLOAD LTD,O=KEYDOWNLOAD LTD,L=Tel Aviv- Jaffa,ST=Israel,C=IL

09/01/2014, 13:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?AddLongPathPrefixI@@YA_NPA_WI@Z
?CheckDotNetVersionI@@YA_NMM@Z
?CreateLowIntegritySecurityAttributesI@@YA_NPAPAU_SECURITY_ATTRIBUTES@@H@Z
?CreateMapFileWithSDI@@YAPAXPAXKKKPB_W@Z
?CreateMapWithLowIntegrityI@@YAPAXPAXKKKPB_W@Z
?CreateProcessWithLowIntegrityI@@YAXPB_W0@Z
?DownloadFileAsynchI@@YAXPB_W0PAX1@Z
?DownloadFileSynchI@@YA_NPB_W0@Z
?EnumThreadsInMyProcI@@YAIPAKI@Z
?FreeLowIntegritySecurityAttributesI@@YAXPAU_SECURITY_ATTRIBUTES@@@Z
?GetAllDotNetVersionsI@@YAIQAUUT_FLOAT@@I@Z
?GetDotNetVersionI@@YA_NAAUUT_FLOAT@@0@Z
?GetFileNameFromUrlI@@YA_NPB_W0PA_WK@Z
?GetMainThIdByPId32I@@YAKK@Z
?GetMainThIdByPIdI@@YAKK@Z
?GetMainThreadHandleI@@YAPAXKK@Z
?GetPIDByNameExI@@YAKPB_WQAK@Z
?GetPIDByNameI@@YAKPB_W@Z
?GetProcessByPIDI@@YAKKPA_WK@Z
?GetWindowByThreadIdI@@YAPAUHWND__@@K@Z
?HandleFromPtrI@@YAKPAX@Z
?InitSecurityAttributesI@@YAHPAU_SECURITY_ATTRIBUTES@@H@Z
?IsFileExistsI@@YA_NPB_W@Z
?IsFolderExistsI@@YA_NPB_W@Z
?OpenAllThreadsInMyProcI@@YAIPAUTHREAD_DATA@@I@Z
?OperatorMinusSysTime@@YA?AU_SYSTEMTIME@@ABU1@0@Z
?ParseUpdateJSonToParamsI@@YAIPBDPAU_UPDATER_PARAMS@@AAI@Z
?ProcessHttpGetI@@YA_NPB_WAAVUT_STRINGA@@@Z
?ProcessHttpPostI@@YA_NPB_WAAVUT_STRINGA@@@Z
?ProcessHttpPostWithParamsI@@YA_NPB_WPAPB_WAAVUT_STRINGA@@@Z
?RunAsAdminExI@@YAPAXPB_W0H@Z
?RunAsAdminI@@YA_NPB_W0H@Z
?SetCurrentWorkDirectoryI@@YAXXZ
?SuspResumeThreadsInMyProcI@@YAXHK@Z
?SuspendResumeThreadI@@YAXKH@Z
?UT_CreateProcessAsUserFromServiceI@@YAKPB_W0_NHPAK@Z
?UT_CreateProcessAsUserFromServiceUsingProcessTokenI@@YAKKPB_W0HPAK@Z
?UT_CreateProcessAsUserFromServiceUsingProcessTokenI@@YAKPB_W00HPAK@Z
?UT_CreateProcessAsUserFromServiceUsingWinlogonTokenI@@YAKPB_W0HPAK@Z
?UT_DuplicateProcessTokenI@@YA_NKPAPAX@Z
?UT_DuplicateProcessTokenI@@YA_NPB_WPAPAX@Z
?UT_GetUsernameFromProcessTokenI@@YAIPAXPA_WI@Z
?UT_LoadUserProfileI@@YA_NPB_WPAPAUHKEY__@@@Z
?UT_UnloadUserProfileI@@YAXPB_WPAUHKEY__@@@Z
?kd_strcatI@KDStringsApi@@YAPA_WPA_WIPB_W@Z
?kd_strcpyI@KDStringsApi@@YAPA_WPA_WPB_WI@Z
?kd_strlenI@KDStringsApi@@YAIPB_W@Z
?kd_strncpyI@KDStringsApi@@YAPA_WPA_WPB_WI@Z

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

30:1a:0b:08:cc:22:c8:6b:c3:1c:6b:bc:01:0d:3e:91Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:ef:44:1f:9e:6c:fa:69:76:5c:b9:3d:d0:24:54:71:ff:84:15:72Signer

Signature Validations

Verification

09/01/2014, 13:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 140KB

UPX1 Size: 69KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 752B

.reloc Size: 35KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

30:1a:0b:08:cc:22:c8:6b:c3:1c:6b:bc:01:0d:3e:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:ef:44:1f:9e:6c:fa:69:76:5c:b9:3d:d0:24:54:71:ff:84:15:72
Signer

09/01/2014, 13:15
Valid: false

UPX0
Size: - Virtual size: 140KB

UPX1
Size: 69KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 752B

.reloc
Size: 35KB - Virtual size: 34KB