bde98a9367a616f3a1cefdef16dcc55759b2794fc086d9600d331cdcc45b2e16

Sharing

Copy URL

Twitter E-mail

General

Target

bde98a9367a616f3a1cefdef16dcc55759b2794fc086d9600d331cdcc45b2e16
Size

235KB
MD5

24ff049a1afa5017dc6e354a3b6a0305
SHA1

f2dd55812c4528f751559fa9af054c0c969d552f
SHA256

bde98a9367a616f3a1cefdef16dcc55759b2794fc086d9600d331cdcc45b2e16
SHA512

c469bd4e702895b6513cfdff36d03a493f49df34cf1a08adce0ce361ffd84887bf4f6ac4b72d66740a72d98829a49e4a5c0ff9b2f27443ff2671f3ae1798fef1
SSDEEP

6144:tGPVkaFe7Kck0Q35411+JLfwHoqhE2Z8xDjNyuJN1:tGPETk0Qp+4L5nxDjNyuJN1

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

bde98a9367a616f3a1cefdef16dcc55759b2794fc086d9600d331cdcc45b2e16
.exe windows x86

Code Sign

32:25:fb:5a:95:d0:75:82:45:45:99:be:4e:85:fb:b1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

17-10-2009 16:00

Not After

18-10-2012 16:00

Subject

CN=Games Software Helper Tools

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

30-09-1999 16:00

Not After

16-07-2036 16:00

Subject

CN=VeriSign Class 3 Code Signing 2009 CA

af:9c:fa:0c:ca:b7:43:d9:34:32:94:ed:d2:84:83:e1:21:cd:b8:b6
Signer

Actual PE Digest

af:9c:fa:0c:ca:b7:43:d9:34:32:94:ed:d2:84:83:e1:21:cd:b8:b6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Games Software Helper Tools

28-11-2022 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 112KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

32:25:fb:5a:95:d0:75:82:45:45:99:be:4e:85:fb:b1Certificate

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0Certificate

af:9c:fa:0c:ca:b7:43:d9:34:32:94:ed:d2:84:83:e1:21:cd:b8:b6Signer

Signature Validations

Verification

28-11-2022 11:52 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 236KB

UPX1 Size: 112KB - Virtual size: 116KB

.rsrc Size: 120KB - Virtual size: 124KB

Headers

File Characteristics

Sections

.text Size: 204KB - Virtual size: 201KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 124KB - Virtual size: 120KB

32:25:fb:5a:95:d0:75:82:45:45:99:be:4e:85:fb:b1
Certificate

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0
Certificate

af:9c:fa:0c:ca:b7:43:d9:34:32:94:ed:d2:84:83:e1:21:cd:b8:b6
Signer

28-11-2022 11:52
Valid: false

UPX0
Size: - Virtual size: 236KB

UPX1
Size: 112KB - Virtual size: 116KB

.rsrc
Size: 120KB - Virtual size: 124KB

.text
Size: 204KB - Virtual size: 201KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 124KB - Virtual size: 120KB