Antitest[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Antitest.exe
Size

1.9MB
MD5

3a8df906e3ca36fc2ce1c67ef949244d
SHA1

e2698cbd7c818c7fa7fc27123f182a4b5a3075ca
SHA256

8a84281bc0760685ea338b080bdcbdc99b200d92d18d352fe4506601d81e5a5a
SHA512

7487b5ca4dbbf3c2d4302aaad576edaaf7eea96d67e4c84a3a3b59bee9630b8887207241e443f51a3e4030e62777bce2ef1ee5f8a18af95af73a3a9b18f66de5
SSDEEP

24576:z8+SysC0ll8HH7jybgwSBubgeU8lnwxE3k3eg4SxOqdWAMHXhSFJDzUGzT4s86N0:z7shlE7j4gwSsU8lnwZtxeHxS8GXjNMd

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

Antitest.exe
.exe windows x86

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:9f:b3:ca:1b:a2:dd:cc:6d:05:40:66
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/11/2021, 10:01

Not After

13/12/2022, 15:46

Subject

SERIALNUMBER=120012823,CN=DATPOL Janusz Siemienowicz,O=DATPOL Janusz Siemienowicz,STREET=ul. Króla Kazimierza Wielkiego 29,L=Olkusz,ST=Małopolskie,C=PL,1.3.6.1.4.1.311.60.2.1.3=#1302504c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:37:a9:00:54:8d:ce:25:7f:ae:56:9f:fb:98:ff:10:a5:3e:ef:ef:34:45:fe:72:9e:bd:f9:f4:de:e4:dd:6a
Signer

Actual PE Digest

f4:37:a9:00:54:8d:ce:25:7f:ae:56:9f:fb:98:ff:10:a5:3e:ef:ef:34:45:fe:72:9e:bd:f9:f4:de:e4:dd:6a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=120012823,CN=DATPOL Janusz Siemienowicz,O=DATPOL Janusz Siemienowicz,STREET=ul. Króla Kazimierza Wielkiego 29,L=Olkusz,ST=Małopolskie,C=PL,1.3.6.1.4.1.311.60.2.1.3=#1302504c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

26/09/2022, 08:57
Valid: true

Chain 1

SERIALNUMBER=120012823,CN=DATPOL Janusz Siemienowicz,O=DATPOL Janusz Siemienowicz,STREET=ul. Króla Kazimierza Wielkiego 29,L=Olkusz,ST=Małopolskie,C=PL,1.3.6.1.4.1.311.60.2.1.3=#1302504c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=120012823,CN=DATPOL Janusz Siemienowicz,O=DATPOL Janusz Siemienowicz,STREET=ul. Króla Kazimierza Wielkiego 29,L=Olkusz,ST=Małopolskie,C=PL,1.3.6.1.4.1.311.60.2.1.3=#1302504c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 109KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 84B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

09:9f:b3:ca:1b:a2:dd:cc:6d:05:40:66Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

f4:37:a9:00:54:8d:ce:25:7f:ae:56:9f:fb:98:ff:10:a5:3e:ef:ef:34:45:fe:72:9e:bd:f9:f4:de:e4:dd:6aSigner

Signature Validations

Verification

26/09/2022, 08:57 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.7MB

UPX1 Size: 1.7MB - Virtual size: 1.8MB

.rsrc Size: 127KB - Virtual size: 128KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.itext Size: 18KB - Virtual size: 18KB

.data Size: 111KB - Virtual size: 111KB

.bss Size: - Virtual size: 109KB

.idata Size: 15KB - Virtual size: 15KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 155B

.tls Size: - Virtual size: 84B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 310KB - Virtual size: 310KB

.rsrc Size: 740KB - Virtual size: 740KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

09:9f:b3:ca:1b:a2:dd:cc:6d:05:40:66
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

f4:37:a9:00:54:8d:ce:25:7f:ae:56:9f:fb:98:ff:10:a5:3e:ef:ef:34:45:fe:72:9e:bd:f9:f4:de:e4:dd:6a
Signer

26/09/2022, 08:57
Valid: true

UPX0
Size: - Virtual size: 3.7MB

UPX1
Size: 1.7MB - Virtual size: 1.8MB

.rsrc
Size: 127KB - Virtual size: 128KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.itext
Size: 18KB - Virtual size: 18KB

.data
Size: 111KB - Virtual size: 111KB

.bss
Size: - Virtual size: 109KB

.idata
Size: 15KB - Virtual size: 15KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 155B

.tls
Size: - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 310KB - Virtual size: 310KB

.rsrc
Size: 740KB - Virtual size: 740KB