d0990da384c7ea8d9c5941c11b5a3a80efa55ffce75b5572d79f07b147cbb8d5

Sharing

Copy URL Twitter E-mail

General

Target

d0990da384c7ea8d9c5941c11b5a3a80efa55ffce75b5572d79f07b147cbb8d5
Size

20KB
MD5

13004e3b6a329a24e8fdd093952a2cf5
SHA1

7c63d0cb094162623880d2cbe360f05cbba8bb9d
SHA256

d0990da384c7ea8d9c5941c11b5a3a80efa55ffce75b5572d79f07b147cbb8d5
SHA512

20e1154834a256aa8cc609ea254e8055f88c7206233715fd535cde53c2d546049ef864333a77eb4375c7d7cab68faa37ae4df74b23e9ad7d8cf281cf49c86f3b
SSDEEP

384:8esZEuSKaN8mB7XtF1YOz/cB0NmKyh/5lmZNH9:wE978m5F3/cIQY

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

d0990da384c7ea8d9c5941c11b5a3a80efa55ffce75b5572d79f07b147cbb8d5
.exe windows x86

Code Sign

11:af:28:14:42:7f:82:ba:46:04:40:ca:66:6c:74:95
Certificate

Issuer

CN=Qizhi Software (beijing) Co. Ltd

Not Before

31/12/2007, 16:00

Not After

31/12/9998, 16:00

Subject

CN=Qizhi Software (beijing) Co. Ltd

88:5a:ac:81:2a:a5:f8:e8:3c:c7:f7:b0:ad:20:cd:33:56:74:55:3c
Signer

Actual PE Digest

88:5a:ac:81:2a:a5:f8:e8:3c:c7:f7:b0:ad:20:cd:33:56:74:55:3c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qizhi Software (beijing) Co. Ltd

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

11:af:28:14:42:7f:82:ba:46:04:40:ca:66:6c:74:95Certificate

88:5a:ac:81:2a:a5:f8:e8:3c:c7:f7:b0:ad:20:cd:33:56:74:55:3cSigner

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 2KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 930B

.data Size: 4KB - Virtual size: 420B

.rsrc Size: 16KB - Virtual size: 16KB

11:af:28:14:42:7f:82:ba:46:04:40:ca:66:6c:74:95
Certificate

88:5a:ac:81:2a:a5:f8:e8:3c:c7:f7:b0:ad:20:cd:33:56:74:55:3c
Signer

01/01/0001, 00:00
Valid: false

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 930B

.data
Size: 4KB - Virtual size: 420B

.rsrc
Size: 16KB - Virtual size: 16KB