eb48d65cd4d30ce8afae1be72c234eff298d3c6cfd20d6bc66f1d16612072cbf

Sharing

Copy URL Twitter E-mail

General

Target

eb48d65cd4d30ce8afae1be72c234eff298d3c6cfd20d6bc66f1d16612072cbf
Size

532KB
MD5

80c2838bc5c5ebe29e4f87bc02d0bc01
SHA1

1182ed800987cad18ec1cda2cd9a833e1abd9687
SHA256

eb48d65cd4d30ce8afae1be72c234eff298d3c6cfd20d6bc66f1d16612072cbf
SHA512

70dd7006479c591e478a1165dd1c1a690ea0bcdaa692cccbff5d9d8552c998ff9d842ee4b2ed1f0d35324e5747d910e7b06906ed83b6332b0dd3537eab09edc1
SSDEEP

12288:86Wq4aaE6KwyF5L0Y2D1PqLaD0+dj3kuLkv3cH8:6thEVaPqLZ+dj0uLEMc

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

eb48d65cd4d30ce8afae1be72c234eff298d3c6cfd20d6bc66f1d16612072cbf
.exe windows x86

Code Sign

f3:7a:e2:02:7e:b7:5d:e3
Certificate

Issuer

CN=GrandLyon (DSIT),OU=DSIT,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

Not Before

12/06/2008, 11:09

Not After

10/06/2018, 11:09

Subject

CN=GrandLyon (DSIT),OU=DSIT,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

2a:2a
Certificate

Issuer

CN=GrandLyon (DSIT),OU=DSIT,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

Not Before

17/04/2014, 16:01

Not After

17/06/2015, 16:01

Subject

CN=extdkhe,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

0a:0f:ff:a6:5c:b5:2f:0a:00:48:47:6d:83:35:d6:ee:10:0e:cb:9e
Signer

Actual PE Digest

0a:0f:ff:a6:5c:b5:2f:0a:00:48:47:6d:83:35:d6:ee:10:0e:cb:9e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=extdkhe,O=GrandLyon,L=Lyon,ST=Rhone,C=FR

17/11/2022, 13:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

f3:7a:e2:02:7e:b7:5d:e3Certificate

2a:2aCertificate

0a:0f:ff:a6:5c:b5:2f:0a:00:48:47:6d:83:35:d6:ee:10:0e:cb:9eSigner

Signature Validations

Verification

17/11/2022, 13:18 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 660KB

UPX1 Size: 264KB - Virtual size: 268KB

.rsrc Size: 219KB - Virtual size: 220KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 227KB - Virtual size: 226KB

f3:7a:e2:02:7e:b7:5d:e3
Certificate

2a:2a
Certificate

0a:0f:ff:a6:5c:b5:2f:0a:00:48:47:6d:83:35:d6:ee:10:0e:cb:9e
Signer

17/11/2022, 13:18
Valid: false

UPX0
Size: - Virtual size: 660KB

UPX1
Size: 264KB - Virtual size: 268KB

.rsrc
Size: 219KB - Virtual size: 220KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 227KB - Virtual size: 226KB