MDE_File_Sample_18e40b1e376f2041f82beb5e79eeaec57209836f[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_18e40b1e376f2041f82beb5e79eeaec57209836f.zip
Size

2.1MB
MD5

6ebd223d28e30f1edbfe7a29fb9df81b
SHA1

cf2bb3275a95f20a2b42a93d16283e7e6b82174f
SHA256

6ac98f03f757b3c2c75e0aa7b0bd504ec3a73a27f119b33a6d00e353b94bc357
SHA512

2d38c701ff8de2d2fb3e8fc89a66401f134f16ecffecddd75f68bcb23889e00328f24294c3dd9105f99fda612968559b41733a976ad870c7f0154351b8456cf2
SSDEEP

49152:fT2STUK3dpsidFFm0sOyZIgdpxzm3lUCcgPab1W710SN29Nwk8m2JK/:jTUK3TsidFFm0sOmCcgP21i10Ck32J2

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/hp-pro-m11-m13-usb-ews-92413.zip	upx

Files

MDE_File_Sample_18e40b1e376f2041f82beb5e79eeaec57209836f.zip
.zip

Password: infected
hp-pro-m11-m13-usb-ews-92413.zip
.exe windows x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:f9:ba:50:b5:dd:4c:ac:e8:58:ec:ec
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

10/10/2022, 13:18

Not After

11/10/2023, 13:18

Subject

SERIALNUMBER=1086168004669,CN=ROSTPAY LLC,O=ROSTPAY LLC,STREET=Dolomanovsky lane\, 70D apt.1 (10th floor),L=Rostov-on-Don,ST=Rostov Oblast,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440726f73747061792e7275,1.3.6.1.4.1.311.60.2.1.2=#130d526f73746f76206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:80:4f:fa:04:de:60:22:a7:fc:d9:2c:d5:e3:28:ad:d7:54:fe:5e:e4:f4:57:e3:69:b0:1f:ca:25:f0:9e:e1
Signer

Actual PE Digest

17:80:4f:fa:04:de:60:22:a7:fc:d9:2c:d5:e3:28:ad:d7:54:fe:5e:e4:f4:57:e3:69:b0:1f:ca:25:f0:9e:e1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=1086168004669,CN=ROSTPAY LLC,O=ROSTPAY LLC,STREET=Dolomanovsky lane\, 70D apt.1 (10th floor),L=Rostov-on-Don,ST=Rostov Oblast,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440726f73747061792e7275,1.3.6.1.4.1.311.60.2.1.2=#130d526f73746f76206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

15/12/2022, 12:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 433KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

11:f9:ba:50:b5:dd:4c:ac:e8:58:ec:ecCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

17:80:4f:fa:04:de:60:22:a7:fc:d9:2c:d5:e3:28:ad:d7:54:fe:5e:e4:f4:57:e3:69:b0:1f:ca:25:f0:9e:e1Signer

Signature Validations

Verification

15/12/2022, 12:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.1MB

UPX1 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 433KB - Virtual size: 436KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

11:f9:ba:50:b5:dd:4c:ac:e8:58:ec:ec
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

17:80:4f:fa:04:de:60:22:a7:fc:d9:2c:d5:e3:28:ad:d7:54:fe:5e:e4:f4:57:e3:69:b0:1f:ca:25:f0:9e:e1
Signer

15/12/2022, 12:15
Valid: false

UPX0
Size: - Virtual size: 10.1MB

UPX1
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 433KB - Virtual size: 436KB