fa1c640f81f9a4e6c40a78c66a701ff1eb6bc2c8e0c7c60ded3feaa71570d6ae

Sharing

Copy URL Twitter E-mail

General

Target

fa1c640f81f9a4e6c40a78c66a701ff1eb6bc2c8e0c7c60ded3feaa71570d6ae
Size

312KB
MD5

7874ee06a04139c7b6d040446987f3d3
SHA1

0250a5507ee4693c2815894b186c0756ac80f527
SHA256

fa1c640f81f9a4e6c40a78c66a701ff1eb6bc2c8e0c7c60ded3feaa71570d6ae
SHA512

c5801038c2bd77622d22346033694ec7d91903c43f24fea0765d7ef7e1b937a2c35bbf526c3a45f077b769382865a3d3b6d585dc9796895050bf03601e6c9424
SSDEEP

6144:MeLttNL0HcBmf0+Pirye94FoqACH6xrpdC/dPtEqoSOMgMbqpouUOQNVStN7GKM0:fLttNIsQPirb+FoqExHCloSOBk6bf++t

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fa1c640f81f9a4e6c40a78c66a701ff1eb6bc2c8e0c7c60ded3feaa71570d6ae
.exe windows x86

Code Sign

5b:62:d1:f1:eb:fc:18:64:b8:12:ae:b1:f3:4c:cd:02
Certificate

Issuer

CN=NullpoActivatorCA

Not Before

21/12/2010, 05:13

Not After

31/12/2039, 23:59

Subject

CN=NullpoActivatorCA

4d:9d:68:59:42:73:92:9d:43:64:61:1a:7f:31:08:7b
Certificate

Issuer

CN=NullpoActivatorCA

Not Before

21/12/2010, 05:15

Not After

31/12/2039, 23:59

Subject

CN=NullpoActivator,O=NullpoActivator,C=JP,1.2.840.113549.1.9.1=#0c176e756c6c706f616374697661746f72403263682e6e6574

aa:64:51:92:18:b0:b9:a5:13:98:96:e6:1d:b4:e7:4d:27:e4:b5:51
Signer

Actual PE Digest

aa:64:51:92:18:b0:b9:a5:13:98:96:e6:1d:b4:e7:4d:27:e4:b5:51

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NullpoActivator,O=NullpoActivator,C=JP,1.2.840.113549.1.9.1=#0c176e756c6c706f616374697661746f72403263682e6e6574

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

5b:62:d1:f1:eb:fc:18:64:b8:12:ae:b1:f3:4c:cd:02Certificate

4d:9d:68:59:42:73:92:9d:43:64:61:1a:7f:31:08:7bCertificate

aa:64:51:92:18:b0:b9:a5:13:98:96:e6:1d:b4:e7:4d:27:e4:b5:51Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 248KB

UPX1 Size: 200KB - Virtual size: 200KB

.rsrc Size: 110KB - Virtual size: 112KB

5b:62:d1:f1:eb:fc:18:64:b8:12:ae:b1:f3:4c:cd:02
Certificate

4d:9d:68:59:42:73:92:9d:43:64:61:1a:7f:31:08:7b
Certificate

aa:64:51:92:18:b0:b9:a5:13:98:96:e6:1d:b4:e7:4d:27:e4:b5:51
Signer

01/12/2022, 14:34
Valid: false

UPX0
Size: - Virtual size: 248KB

UPX1
Size: 200KB - Virtual size: 200KB

.rsrc
Size: 110KB - Virtual size: 112KB