9436e2f566a6bcfeb9494fccb98e2233cf0d801dec877fe4a0d415eb28f84571

Sharing

Copy URL

Twitter E-mail

General

Target

9436e2f566a6bcfeb9494fccb98e2233cf0d801dec877fe4a0d415eb28f84571
Size

2.0MB
MD5

a064be0c673aafd60d44cb49510f34b0
SHA1

badcf8184fe9e2ee8b9f7100f847c2fe566f3723
SHA256

9436e2f566a6bcfeb9494fccb98e2233cf0d801dec877fe4a0d415eb28f84571
SHA512

86ecba530f30052bf7a552f09003bb76118c639bf915943cc52084e0842c07e3141b8074325c304809577b0ea7ee223dc989d332b2e6c3c2a6b9364b84cb9363
SSDEEP

49152:l20vOIil7GG5uZNrxetUipqnYASSvC01EM/hWerqgOrcamGV:l20vOIi74ZNrxiUi1ASSvCEE2hZ+TrrX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AWTGNSSY.exe	upx

Files

9436e2f566a6bcfeb9494fccb98e2233cf0d801dec877fe4a0d415eb28f84571
.cab
AWTGNSSY.exe
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:41:7b:a2:cd:ab:80:10:ec:fc:5a:d9:dd:4b:af:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-10-2006 00:00

Not After

17-10-2008 23:59

Subject

CN=LAVALYS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Licensing Department,O=LAVALYS,L=Laval,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:42:a7:b1:7f:2b:1b:8e:97:e6:be:91:8f:46:23:d7:67:c6:de:d3
Signer

Actual PE Digest

37:42:a7:b1:7f:2b:1b:8e:97:e6:be:91:8f:46:23:d7:67:c6:de:d3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LAVALYS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Licensing Department,O=LAVALYS,L=Laval,ST=Quebec,C=CA

28-11-2022 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 7.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IVEKWU~1.EXE
.exe windows x86

522326ab5e85ccee9a1a42d7026fa750

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
ExpandEnvironmentStringsA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
GetVersion
CloseHandle
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetCurrentDirectoryA
GetTempFileNameA
GetVolumeInformationA
FormatMessageA
GetProcAddress
ExitProcess
LoadLibraryExA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleW
LoadLibraryA
FreeLibrary
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA

gdi32

GetDeviceCaps

user32

SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CharPrevA
CharUpperA
CharNextA
ExitWindowsEx
EndDialog
GetDesktopWindow
LoadStringA
SetDlgItemTextA
MessageBeep
GetWindowRect
GetSystemMetrics

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
__setusermatherr
_ismbblead
_XcptFilter
_amsg_exit
_initterm
_acmdln
_exit
_cexit
__getmainargs
memcpy
memset
_vsnprintf
exit

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1b:41:7b:a2:cd:ab:80:10:ec:fc:5a:d9:dd:4b:af:33Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

37:42:a7:b1:7f:2b:1b:8e:97:e6:be:91:8f:46:23:d7:67:c6:de:d3Signer

Signature Validations

Verification

28-11-2022 11:52 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 7.9MB

UPX1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 312KB - Virtual size: 316KB

522326ab5e85ccee9a1a42d7026fa750

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

version

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 8KB

.rsrc Size: 167KB - Virtual size: 168KB

.reloc Size: 3KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1b:41:7b:a2:cd:ab:80:10:ec:fc:5a:d9:dd:4b:af:33
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

37:42:a7:b1:7f:2b:1b:8e:97:e6:be:91:8f:46:23:d7:67:c6:de:d3
Signer

28-11-2022 11:52
Valid: false

UPX0
Size: - Virtual size: 7.9MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 312KB - Virtual size: 316KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 8KB

.rsrc
Size: 167KB - Virtual size: 168KB

.reloc
Size: 3KB - Virtual size: 3KB