fa6df683a1dcd8598a8dc0cf4979abc9b2fa6ca1757afb4f7f85f0cf37732093

Sharing

Copy URL Twitter E-mail

General

Target

fa6df683a1dcd8598a8dc0cf4979abc9b2fa6ca1757afb4f7f85f0cf37732093
Size

411KB
MD5

ead29b1db402e7f0df63c7c9dd3071c4
SHA1

bed33aa1b2c898b6552eaae0eb6b97c416e8bac4
SHA256

fa6df683a1dcd8598a8dc0cf4979abc9b2fa6ca1757afb4f7f85f0cf37732093
SHA512

ba84c76e881ace75cf5370af065f2586d8140fc14177076bc326809bd4b9b4f8fddb6573cc6e2ece0831ccade90a0581080720f6eedadd74a6d891c9ba26e9a2
SSDEEP

6144:1zg9hGPXBXDp4aufkZx5/Txkis+4sukqH8x7RhtNGLM2cKhkGW9zD3oqEoxJGaal:DZXVufk1GEFqHgaw2ZkZ9n3o8xJc6+

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fa6df683a1dcd8598a8dc0cf4979abc9b2fa6ca1757afb4f7f85f0cf37732093
.exe windows x86

Code Sign

1c:07:34:9c:d8:0d:11:9a:a9:9f:d8:e1:72:28:8c:d4
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

17/11/2014, 01:23

Not After

17/11/2016, 01:23

Subject

CN=浙江坚果网络有限公司,O=浙江坚果网络有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:aa:f2:30:30:e7:87:79:12:6e:20:59:6e:90:f5:f6:b2:28:e1:c6
Signer

Actual PE Digest

52:aa:f2:30:30:e7:87:79:12:6e:20:59:6e:90:f5:f6:b2:28:e1:c6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=浙江坚果网络有限公司,O=浙江坚果网络有限公司,L=杭州市,ST=浙江省,C=CN

24/11/2022, 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 940KB - Virtual size: 939KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1c:07:34:9c:d8:0d:11:9a:a9:9f:d8:e1:72:28:8c:d4Certificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

52:aa:f2:30:30:e7:87:79:12:6e:20:59:6e:90:f5:f6:b2:28:e1:c6Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 784KB

UPX1 Size: 378KB - Virtual size: 380KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Sections

CODE Size: 940KB - Virtual size: 939KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 57KB - Virtual size: 57KB

.rsrc Size: 100KB - Virtual size: 100KB

1c:07:34:9c:d8:0d:11:9a:a9:9f:d8:e1:72:28:8c:d4
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

52:aa:f2:30:30:e7:87:79:12:6e:20:59:6e:90:f5:f6:b2:28:e1:c6
Signer

24/11/2022, 14:55
Valid: false

UPX0
Size: - Virtual size: 784KB

UPX1
Size: 378KB - Virtual size: 380KB

.rsrc
Size: 27KB - Virtual size: 28KB

CODE
Size: 940KB - Virtual size: 939KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 100KB - Virtual size: 100KB