9cbf795e5f8b0989b875fef3f4c5133ea8adee21efd2f571bbe3c905f0c7cd58

Sharing

Copy URL Twitter E-mail

General

Target

9cbf795e5f8b0989b875fef3f4c5133ea8adee21efd2f571bbe3c905f0c7cd58
Size

413KB
MD5

b3f04b882d637405246ca96fa092ce37
SHA1

b578637f1cd8fa2a870e7cb9a5fc8448595d7f9f
SHA256

9cbf795e5f8b0989b875fef3f4c5133ea8adee21efd2f571bbe3c905f0c7cd58
SHA512

4dc0e8908a113bf989c4818914a428073100d776b943e395ef3767a6dea4caf8ba77678ef2d930ae30bca1ad7caa2082d35146299ac4cdfb9ddfd0aac66ee9c6
SSDEEP

6144:pz0byeUKXHmPMEhMmdKkbHS8qmYVSFN+6jAgKORYBpgRBW7zQyn6aUpXBNfXgEET:gHyl9hqlVSFN+Vg/yBKRk6hnvaT

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

9cbf795e5f8b0989b875fef3f4c5133ea8adee21efd2f571bbe3c905f0c7cd58
.exe windows x86

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:8b:7f:c4:83:fb:51
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

13/11/2011, 15:41

Not After

15/11/2013, 12:44

Subject

CN=浙江坚果网络有限公司,O=浙江坚果网络有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1461646d696e40636172646573616c65732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

38:e1:06:e0:37:ee:9d:5e:5c:c7:56:1e:25:da:f1:3f:ac:44:9d:7e
Signer

Actual PE Digest

38:e1:06:e0:37:ee:9d:5e:5c:c7:56:1e:25:da:f1:3f:ac:44:9d:7e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=浙江坚果网络有限公司,O=浙江坚果网络有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1461646d696e40636172646573616c65732e636f6d

28/11/2022, 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 938KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

19:9d:f8:8eCertificate

Key Usages

14:8b:7f:c4:83:fb:51Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

38:e1:06:e0:37:ee:9d:5e:5c:c7:56:1e:25:da:f1:3f:ac:44:9d:7eSigner

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 784KB

UPX1 Size: 378KB - Virtual size: 380KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Sections

CODE Size: 938KB - Virtual size: 938KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 57KB - Virtual size: 56KB

.rsrc Size: 100KB - Virtual size: 100KB

19:9d:f8:8e
Certificate

14:8b:7f:c4:83:fb:51
Certificate

3d
Certificate

01
Certificate

38:e1:06:e0:37:ee:9d:5e:5c:c7:56:1e:25:da:f1:3f:ac:44:9d:7e
Signer

28/11/2022, 11:52
Valid: false

UPX0
Size: - Virtual size: 784KB

UPX1
Size: 378KB - Virtual size: 380KB

.rsrc
Size: 27KB - Virtual size: 28KB

CODE
Size: 938KB - Virtual size: 938KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 57KB - Virtual size: 56KB

.rsrc
Size: 100KB - Virtual size: 100KB