Alpemix[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Alpemix.exe
Size

1.7MB
MD5

114152954ff9d66753e83d853cb7e72f
SHA1

d871e1928ad54f743697e0f407f58c2c2e39f85c
SHA256

04d1109862b020602af6809b68d97774bbc532449be195e6dcad75ca0cbf2371
SHA512

862867a709e91e68f0d22380f1f3481ac95c6dd095a35ba0551a1847266051f82e6325c30edda4281abced3b98daf83979ac133e664b92b915bdff32b23c255b
SSDEEP

24576:Vo37tx72Bn04M10o7LfppD+hkPpnJlBaJWy5xdYjeXF9ne/2hCsSfo/sqVYe:V8Ho2157TShkPvLaJRdYKXyNJfFqB

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

Alpemix.exe
.exe windows x86

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/02/2019, 12:28

Not After

27/02/2022, 12:28

Subject

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/02/2019, 12:28

Not After

27/02/2022, 12:28

Subject

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:af:b7:08:64:db:0a:7c:8f:b2:27:91:5f:23:a6:5a:ad:70:b7:11:ed:20:53:c4:1b:74:21:19:0b:0f:81:d3
Signer

Actual PE Digest

66:af:b7:08:64:db:0a:7c:8f:b2:27:91:5f:23:a6:5a:ad:70:b7:11:ed:20:53:c4:1b:74:21:19:0b:0f:81:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

27/01/2022, 13:52
Valid: true

Chain 1

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

c4:28:7f:b8:39:0c:23:d2:d1:c7:8b:e6:c4:7d:62:7a:5f:4b:c5:ab
Signer

Actual PE Digest

c4:28:7f:b8:39:0c:23:d2:d1:c7:8b:e6:c4:7d:62:7a:5f:4b:c5:ab

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

27/01/2022, 13:51
Valid: true

Chain 1

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 84B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

21:52:34:41:93:5e:9a:3a:78:b1:fa:3eCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

21:52:34:41:93:5e:9a:3a:78:b1:fa:3eCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

66:af:b7:08:64:db:0a:7c:8f:b2:27:91:5f:23:a6:5a:ad:70:b7:11:ed:20:53:c4:1b:74:21:19:0b:0f:81:d3Signer

Signature Validations

Verification

27/01/2022, 13:52 Valid: true

Chain 1

c4:28:7f:b8:39:0c:23:d2:d1:c7:8b:e6:c4:7d:62:7a:5f:4b:c5:abSigner

Signature Validations

Verification

27/01/2022, 13:51 Valid: true

Chain 1

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.6MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 49KB - Virtual size: 52KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.itext Size: 12KB - Virtual size: 12KB

.data Size: 87KB - Virtual size: 86KB

.bss Size: - Virtual size: 29KB

.idata Size: 17KB - Virtual size: 17KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 160B

.tls Size: - Virtual size: 84B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 408KB - Virtual size: 408KB

.rsrc Size: 628KB - Virtual size: 628KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

66:af:b7:08:64:db:0a:7c:8f:b2:27:91:5f:23:a6:5a:ad:70:b7:11:ed:20:53:c4:1b:74:21:19:0b:0f:81:d3
Signer

27/01/2022, 13:52
Valid: true

c4:28:7f:b8:39:0c:23:d2:d1:c7:8b:e6:c4:7d:62:7a:5f:4b:c5:ab
Signer

27/01/2022, 13:51
Valid: true

UPX0
Size: - Virtual size: 4.6MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 49KB - Virtual size: 52KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.itext
Size: 12KB - Virtual size: 12KB

.data
Size: 87KB - Virtual size: 86KB

.bss
Size: - Virtual size: 29KB

.idata
Size: 17KB - Virtual size: 17KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 160B

.tls
Size: - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 408KB - Virtual size: 408KB

.rsrc
Size: 628KB - Virtual size: 628KB