e9a61d540c1b8c5f2de950b4a6837b7474a05d83060845a1d6c279ddad6382c7

Sharing

Copy URL Twitter E-mail

General

Target

e9a61d540c1b8c5f2de950b4a6837b7474a05d83060845a1d6c279ddad6382c7
Size

313KB
MD5

04c792eff84013adf9a5ee453a4278c2
SHA1

79d2d1e3fad880a48da7808c85456fce692cc60b
SHA256

e9a61d540c1b8c5f2de950b4a6837b7474a05d83060845a1d6c279ddad6382c7
SHA512

e1d25f19cf9589e4161cefaa719d44afbf97ba11b9660322f808396ad55e7e20ddfacbf6ec45846cf0cc4f2b961a5ea1ed8928eea1c19724e21ff29d736e2d5f
SSDEEP

6144:teLttLw1D97HFT7fPz7lI9ip/qoe1RmoSmMgMbqpouUOQNVStN7GKMsn:QLttoxHFnP/ldCAoSmBk6bf++7Gvsn

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

e9a61d540c1b8c5f2de950b4a6837b7474a05d83060845a1d6c279ddad6382c7
.exe windows x86

Code Sign

5b:62:d1:f1:eb:fc:18:64:b8:12:ae:b1:f3:4c:cd:02
Certificate

Issuer

CN=NullpoActivatorCA

Not Before

21/12/2010, 05:13

Not After

31/12/2039, 23:59

Subject

CN=NullpoActivatorCA

4d:9d:68:59:42:73:92:9d:43:64:61:1a:7f:31:08:7b
Certificate

Issuer

CN=NullpoActivatorCA

Not Before

21/12/2010, 05:15

Not After

31/12/2039, 23:59

Subject

CN=NullpoActivator,O=NullpoActivator,C=JP,1.2.840.113549.1.9.1=#0c176e756c6c706f616374697661746f72403263682e6e6574

d2:0a:0b:f1:9d:41:d4:41:b7:72:08:ff:fd:fd:9f:fb:79:fc:b3:39
Signer

Actual PE Digest

d2:0a:0b:f1:9d:41:d4:41:b7:72:08:ff:fd:fd:9f:fb:79:fc:b3:39

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NullpoActivator,O=NullpoActivator,C=JP,1.2.840.113549.1.9.1=#0c176e756c6c706f616374697661746f72403263682e6e6574

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

5b:62:d1:f1:eb:fc:18:64:b8:12:ae:b1:f3:4c:cd:02Certificate

4d:9d:68:59:42:73:92:9d:43:64:61:1a:7f:31:08:7bCertificate

d2:0a:0b:f1:9d:41:d4:41:b7:72:08:ff:fd:fd:9f:fb:79:fc:b3:39Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 248KB

UPX1 Size: 200KB - Virtual size: 204KB

.rsrc Size: 110KB - Virtual size: 112KB

5b:62:d1:f1:eb:fc:18:64:b8:12:ae:b1:f3:4c:cd:02
Certificate

4d:9d:68:59:42:73:92:9d:43:64:61:1a:7f:31:08:7b
Certificate

d2:0a:0b:f1:9d:41:d4:41:b7:72:08:ff:fd:fd:9f:fb:79:fc:b3:39
Signer

01/12/2022, 14:34
Valid: false

UPX0
Size: - Virtual size: 248KB

UPX1
Size: 200KB - Virtual size: 204KB

.rsrc
Size: 110KB - Virtual size: 112KB