folder-lock-en[.]exe

Sharing

Copy URL Twitter E-mail

Reason

scan timeout

General

Target

folder-lock-en.exe
Size

9.7MB
MD5

c819d6ac732d8bc27dd10196c122db03
SHA1

5fc90eb6dd9e2ec027e47e43784cbb2f73a2eb3d
SHA256

cb38c049a3b5d323a83d401cebf37d4968577a3a4c878dfe8ef7aa3c5887948b
SHA512

ebedababe3eb36deaf150865289c391cd167eca40c87a313c1d616999da4945e1e9c7d1388ab8134d40ecdab1e3ffc744988221bd51a0d443dcfbd6b78d5d07b
SSDEEP

196608:ecTMrFCNgS6zsTE7WTbKFIIRNbz3ZB65zEmd/X9lR1bkGroZAtc05BV5r8ZMvFwp:evFVSCsw7LPZB+wq/tT1bkGrhtc+5vd3

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

folder-lock-en.exe
.exe windows x86

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:5d:04:77:6c:e6:1b:9f:cd:43:79:0b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

14/01/2020, 09:33

Not After

03/09/2022, 14:22

Subject

SERIALNUMBER=1182276,CN=NewSoftwares LLC,OU=Development,O=NewSoftwares LLC,STREET=270 TRACE COLONY PARK\, STE B,L=Ridgeland,ST=Mississippi,C=US,1.2.840.113549.1.9.1=#0c1a707265736964656e74406e6577736f667477617265732e6e6574,1.3.6.1.4.1.311.60.2.1.2=#130b4d69737369737369707069,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:97:d9:47:74:bb:89:1f:35:2a:08:0f:23:98:e4:d5:cc:41:1e:48
Signer

Actual PE Digest

8f:97:d9:47:74:bb:89:1f:35:2a:08:0f:23:98:e4:d5:cc:41:1e:48

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=1182276,CN=NewSoftwares LLC,OU=Development,O=NewSoftwares LLC,STREET=270 TRACE COLONY PARK\, STE B,L=Ridgeland,ST=Mississippi,C=US,1.2.840.113549.1.9.1=#0c1a707265736964656e74406e6577736f667477617265732e6e6574,1.3.6.1.4.1.311.60.2.1.2=#130b4d69737369737369707069,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

29/04/2022, 11:58
Valid: true

Chain 1

SERIALNUMBER=1182276,CN=NewSoftwares LLC,OU=Development,O=NewSoftwares LLC,STREET=270 TRACE COLONY PARK\, STE B,L=Ridgeland,ST=Mississippi,C=US,1.2.840.113549.1.9.1=#0c1a707265736964656e74406e6577736f667477617265732e6e6574,1.3.6.1.4.1.311.60.2.1.2=#130b4d69737369737369707069,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=1182276,CN=NewSoftwares LLC,OU=Development,O=NewSoftwares LLC,STREET=270 TRACE COLONY PARK\, STE B,L=Ridgeland,ST=Mississippi,C=US,1.2.840.113549.1.9.1=#0c1a707265736964656e74406e6577736f667477617265732e6e6574,1.3.6.1.4.1.311.60.2.1.2=#130b4d69737369737369707069,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 6.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 579KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

44:5d:04:77:6c:e6:1b:9f:cd:43:79:0bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

8f:97:d9:47:74:bb:89:1f:35:2a:08:0f:23:98:e4:d5:cc:41:1e:48Signer

Signature Validations

Verification

29/04/2022, 11:58 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.5MB

UPX1 Size: 9.1MB - Virtual size: 9.1MB

.rsrc Size: 579KB - Virtual size: 580KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 11KB - Virtual size: 35KB

.rsrc Size: 15.2MB - Virtual size: 15.2MB

.reloc Size: 78KB - Virtual size: 77KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

44:5d:04:77:6c:e6:1b:9f:cd:43:79:0b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

8f:97:d9:47:74:bb:89:1f:35:2a:08:0f:23:98:e4:d5:cc:41:1e:48
Signer

29/04/2022, 11:58
Valid: true

UPX0
Size: - Virtual size: 6.5MB

UPX1
Size: 9.1MB - Virtual size: 9.1MB

.rsrc
Size: 579KB - Virtual size: 580KB

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 11KB - Virtual size: 35KB

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

.reloc
Size: 78KB - Virtual size: 77KB