384117b18a1237e7b06ba1a8680480a6cf38449528a211fb62033d42cacafe86

Sharing

Copy URL Twitter E-mail

General

Target

384117b18a1237e7b06ba1a8680480a6cf38449528a211fb62033d42cacafe86
Size

500KB
MD5

22a3d7b7c6b958b5fe6230d17b69c61f
SHA1

0a3422e6283e5d9f2217c358966aa56081accd1c
SHA256

384117b18a1237e7b06ba1a8680480a6cf38449528a211fb62033d42cacafe86
SHA512

a6413445e467737bc78fa7a396aacdb0e28c393257adc553394868c3a73a31dae4a1c568b0bbaaa48e46723b16282629291309468e7f6661e4a9f1f2844dc3df
SSDEEP

6144:euIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qL5C5Vn+jwXYeU4jdCc9cFR:V6Wq4aaE6KwyF5L0Y2D1PqL5C7aGMcGP

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

384117b18a1237e7b06ba1a8680480a6cf38449528a211fb62033d42cacafe86
.exe windows x86

Code Sign

f3:7a:e2:02:7e:b7:5d:e3
Certificate

Issuer

CN=GrandLyon (DSIT),OU=DSIT,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

Not Before

12/06/2008, 11:09

Not After

10/06/2018, 11:09

Subject

CN=GrandLyon (DSIT),OU=DSIT,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

2a:2a
Certificate

Issuer

CN=GrandLyon (DSIT),OU=DSIT,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

Not Before

17/04/2014, 16:01

Not After

17/06/2015, 16:01

Subject

CN=extdkhe,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

65:b4:40:55:2a:90:bf:7f:42:fe:e8:bc:e6:f5:5c:19:79:47:9e:8a
Signer

Actual PE Digest

65:b4:40:55:2a:90:bf:7f:42:fe:e8:bc:e6:f5:5c:19:79:47:9e:8a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=extdkhe,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

17/11/2022, 13:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 628KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

f3:7a:e2:02:7e:b7:5d:e3Certificate

2a:2aCertificate

65:b4:40:55:2a:90:bf:7f:42:fe:e8:bc:e6:f5:5c:19:79:47:9e:8aSigner

Signature Validations

Verification

17/11/2022, 13:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 628KB

UPX1 Size: 264KB - Virtual size: 268KB

.rsrc Size: 187KB - Virtual size: 188KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 195KB - Virtual size: 194KB

f3:7a:e2:02:7e:b7:5d:e3
Certificate

2a:2a
Certificate

65:b4:40:55:2a:90:bf:7f:42:fe:e8:bc:e6:f5:5c:19:79:47:9e:8a
Signer

17/11/2022, 13:14
Valid: false

UPX0
Size: - Virtual size: 628KB

UPX1
Size: 264KB - Virtual size: 268KB

.rsrc
Size: 187KB - Virtual size: 188KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 195KB - Virtual size: 194KB