windows-movie-maker-new[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

windows-movie-maker-new.exe
Size

16.8MB
MD5

aedcd31567ecca4ecd9203b4b8f5cddf
SHA1

25be66731f5e4bfd70bfd5ecc78a0987d4ba982a
SHA256

b465d3e85e93848fe553478ada4e4a0c280e8084d50db806100cb12a7cd31afe
SHA512

3ed355707af8f67dc9305ec3d684cb32af3ae67c2461a9486162ea73408a766b16f2b7d24ff15a1b4db77ee2cbdd5a75278075aa43fe6b248c537aa917f1956b
SSDEEP

393216:G4FnwB08JtfdfWj8q0UsIUZ0y4RnN9ef83v0eLY1Bj7E8X4hm1FL:G4FnO5JjWYHUC275Xef8MiKj7ELhmz

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

windows-movie-maker-new.exe
.exe windows x64

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ef:2e:e2:b6:81:9a:e9:6a:2f:f0:19:c8:8d:ae:37
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/09/2019, 00:00

Not After

16/11/2022, 12:00

Subject

SERIALNUMBER=91440300MA5EED81X7,CN=TopWin Software Limited,O=TopWin Software Limited,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:f0:c6:da:2e:f8:b2:bb:fc:b7:80:ce:1b:92:92:6e:73:ea:4d:34
Signer

Actual PE Digest

0c:f0:c6:da:2e:f8:b2:bb:fc:b7:80:ce:1b:92:92:6e:73:ea:4d:34

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440300MA5EED81X7,CN=TopWin Software Limited,O=TopWin Software Limited,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

16/03/2022, 10:27
Valid: true

Chain 1

SERIALNUMBER=91440300MA5EED81X7,CN=TopWin Software Limited,O=TopWin Software Limited,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 14.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16.8MB - Virtual size: 16.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 16.8MB - Virtual size: 16.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0d:ef:2e:e2:b6:81:9a:e9:6a:2f:f0:19:c8:8d:ae:37Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0c:f0:c6:da:2e:f8:b2:bb:fc:b7:80:ce:1b:92:92:6e:73:ea:4d:34Signer

Signature Validations

Verification

16/03/2022, 10:27 Valid: true

Chain 1

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 14.6MB

UPX1 Size: 16.8MB - Virtual size: 16.8MB

.rsrc Size: 28KB - Virtual size: 32KB

Headers

File Characteristics

Sections

.text Size: 16.8MB - Virtual size: 16.8MB

.data Size: 116KB - Virtual size: 112KB

.rdata Size: 13.1MB - Virtual size: 13.1MB

.qtmetad Size: 4KB - Virtual size: 3KB

.pdata Size: 591KB - Virtual size: 590KB

.xdata Size: 737KB - Virtual size: 737KB

.bss Size: - Virtual size: 108KB

.idata Size: 28KB - Virtual size: 27KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 27KB - Virtual size: 27KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0d:ef:2e:e2:b6:81:9a:e9:6a:2f:f0:19:c8:8d:ae:37
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0c:f0:c6:da:2e:f8:b2:bb:fc:b7:80:ce:1b:92:92:6e:73:ea:4d:34
Signer

16/03/2022, 10:27
Valid: true

UPX0
Size: - Virtual size: 14.6MB

UPX1
Size: 16.8MB - Virtual size: 16.8MB

.rsrc
Size: 28KB - Virtual size: 32KB

.text
Size: 16.8MB - Virtual size: 16.8MB

.data
Size: 116KB - Virtual size: 112KB

.rdata
Size: 13.1MB - Virtual size: 13.1MB

.qtmetad
Size: 4KB - Virtual size: 3KB

.pdata
Size: 591KB - Virtual size: 590KB

.xdata
Size: 737KB - Virtual size: 737KB

.bss
Size: - Virtual size: 108KB

.idata
Size: 28KB - Virtual size: 27KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 27KB - Virtual size: 27KB