Sample[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Sample.zip
Size

648KB
MD5

77293d2e2cc4f8ee6f202bebb193d1ec
SHA1

dc6771f50a6f9a35ac84df1314cc2c4199b0fca4
SHA256

087b07fad192dda80e27551b579b8b00ca29910514cd99903ca1f3ec95ac2866
SHA512

6bf09dccbba17d9538e6400e240cbd0005b5617d2bec7e854f43939359f1ade9a513549f4fdc43a78361a51083477145a9fbd1615d4a81e4f255eca372295563
SSDEEP

12288:nMQ7OdJOx3wDD7XF1B64kH6lrAOKN7FOk+h9JFGGtswbWNN:MQ7QZP71zkyAxNx7Gv9bW/

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/正常测试2/111111/LiveUpdate.exe	upx

Files

Sample.zip
.zip

Password: infected
正常测试2/111111/LiveUpdate.dat
.zip
正常测试2/111111/LiveUpdate.exe
.exe windows x86

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:b0:36:d2:cb:27:e9:7c:ef:1e:1f:bf
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-12-2019 10:00

Not After

17-03-2023 06:23

Subject

SERIALNUMBER=110111-1535991,CN=NetSarang Computer\, Inc.,O=NetSarang Computer\, Inc.,STREET=85\, Gwangnaru-ro 56-gil,L=GWANGJIN-GU,ST=SEOUL,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28-01-2021 11:08

Not After

01-03-2032 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:c3:75:72:5c:02:15:9a:72:82:68:a1:e6:5a:66:fa:2f:5e:76:b5:a6:a2:ce:12:09:6a:34:28:b4:d8:bd:dc
Signer

Actual PE Digest

67:c3:75:72:5c:02:15:9a:72:82:68:a1:e6:5a:66:fa:2f:5e:76:b5:a6:a2:ce:12:09:6a:34:28:b4:d8:bd:dc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=110111-1535991,CN=NetSarang Computer\, Inc.,O=NetSarang Computer\, Inc.,STREET=85\, Gwangnaru-ro 56-gil,L=GWANGJIN-GU,ST=SEOUL,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-12-2021 06:13
Valid: true

Chain 1

SERIALNUMBER=110111-1535991,CN=NetSarang Computer\, Inc.,O=NetSarang Computer\, Inc.,STREET=85\, Gwangnaru-ro 56-gil,L=GWANGJIN-GU,ST=SEOUL,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=110111-1535991,CN=NetSarang Computer\, Inc.,O=NetSarang Computer\, Inc.,STREET=85\, Gwangnaru-ro 56-gil,L=GWANGJIN-GU,ST=SEOUL,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 437KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 916KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
正常测试2/叶进伟的简历.pdf
.pdf
正常测试2/叶进伟的简历.pdf.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

7a:b0:36:d2:cb:27:e9:7c:ef:1e:1f:bfCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

67:c3:75:72:5c:02:15:9a:72:82:68:a1:e6:5a:66:fa:2f:5e:76:b5:a6:a2:ce:12:09:6a:34:28:b4:d8:bd:dcSigner

Signature Validations

Verification

20-12-2021 06:13 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 796KB

UPX1 Size: 437KB - Virtual size: 440KB

.rsrc Size: 30KB - Virtual size: 32KB

Headers

File Characteristics

Sections

.text Size: 916KB - Virtual size: 914KB

.rdata Size: 164KB - Virtual size: 160KB

.data Size: 84KB - Virtual size: 99KB

.rsrc Size: 40KB - Virtual size: 39KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

7a:b0:36:d2:cb:27:e9:7c:ef:1e:1f:bf
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

67:c3:75:72:5c:02:15:9a:72:82:68:a1:e6:5a:66:fa:2f:5e:76:b5:a6:a2:ce:12:09:6a:34:28:b4:d8:bd:dc
Signer

20-12-2021 06:13
Valid: true

UPX0
Size: - Virtual size: 796KB

UPX1
Size: 437KB - Virtual size: 440KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 916KB - Virtual size: 914KB

.rdata
Size: 164KB - Virtual size: 160KB

.data
Size: 84KB - Virtual size: 99KB

.rsrc
Size: 40KB - Virtual size: 39KB