313e4f62aec9576be9c12ce22ca0b9f19e49f10e46d3e7b1c781f3eab8cc0f36

Sharing

Copy URL Twitter E-mail

General

Target

313e4f62aec9576be9c12ce22ca0b9f19e49f10e46d3e7b1c781f3eab8cc0f36
Size

831KB
MD5

6659fed7c351d583b56c28143dc39e76
SHA1

e2881a80a97559232dcbb3b339a08e10fa8f9d41
SHA256

313e4f62aec9576be9c12ce22ca0b9f19e49f10e46d3e7b1c781f3eab8cc0f36
SHA512

1aec2e0217d5c806dffab77059fbdb81dd6f1e8fc2f682836ad15f482c1ecd23f62fb6522420a28a45c4702193cc861dbc511a091875eb99bf8cdc3997959979
SSDEEP

24576:6thEVaPqLVVNhHhKwtPtvYPevyB/kCqhzvb:SEVUcVVYwsevyFkhD

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

313e4f62aec9576be9c12ce22ca0b9f19e49f10e46d3e7b1c781f3eab8cc0f36
.exe windows x86

Code Sign

27:96
Certificate

Issuer

CN=CCA India 2011,O=India PKI,C=IN

Not Before

06/04/2011, 11:20

Not After

11/03/2016, 06:30

Subject

CN=(n)Code Solutions CA 2011-1,OU=Certifying Authority,O=Gujarat Narmada Valley Fertilizers Company Ltd.,POSTALCODE=380054,STREET=Bodakdev\, S G Road\, Ahmedabad,ST=Gujarat,C=IN,2.5.4.51=#13133330312c20474e464320496e666f746f776572

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:ba:1c:33
Certificate

Issuer

CN=(n)Code Solutions CA 2011-1,OU=Certifying Authority,O=Gujarat Narmada Valley Fertilizers Company Ltd.,POSTALCODE=380054,STREET=Bodakdev\, S G Road\, Ahmedabad,ST=Gujarat,C=IN,2.5.4.51=#13133330312c20474e464320496e666f746f776572

Not Before

25/09/2013, 04:51

Not After

24/09/2015, 18:30

Subject

SERIALNUMBER=b49939cb561cd886dadaabd55641a408ec39d47a84bb3bf6cab0a5834350b4a8,CN=SANJAY SAGARMAL AGGARWAL,OU=CID - 2754624,O=Personal,POSTALCODE=600010,ST=Tamil Nadu,C=IN

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a2:78:a9:a0:be:68:0b:33:f4:02:34:ca:fa:34:de:fc:db:bd:0d:09
Signer

Actual PE Digest

a2:78:a9:a0:be:68:0b:33:f4:02:34:ca:fa:34:de:fc:db:bd:0d:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=b49939cb561cd886dadaabd55641a408ec39d47a84bb3bf6cab0a5834350b4a8,CN=SANJAY SAGARMAL AGGARWAL,OU=CID - 2754624,O=Personal,POSTALCODE=600010,ST=Tamil Nadu,C=IN

24/11/2022, 14:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

27:96Certificate

Key Usages

4d:ba:1c:33Certificate

Key Usages

a2:78:a9:a0:be:68:0b:33:f4:02:34:ca:fa:34:de:fc:db:bd:0d:09Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 460KB

UPX1 Size: 264KB - Virtual size: 268KB

.rsrc Size: 19KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 27KB - Virtual size: 26KB

27:96
Certificate

4d:ba:1c:33
Certificate

a2:78:a9:a0:be:68:0b:33:f4:02:34:ca:fa:34:de:fc:db:bd:0d:09
Signer

24/11/2022, 14:55
Valid: false

UPX0
Size: - Virtual size: 460KB

UPX1
Size: 264KB - Virtual size: 268KB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 27KB - Virtual size: 26KB