168066-bagsface[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

168066-bagsface.zip
Size

4.6MB
MD5

d0c8e4505e6058d70fc6a3ebc7c3114c
SHA1

a08a1c9ac0ad58d661a278017f64712e3f14f0c7
SHA256

3acfc21cfe517c7e8a10b60d303e03397b54ae1b9d8eeddba2cc189acba27988
SHA512

56dae126c41cafee938ba3a2b227dd54fb5e0b9339d1c3ab57c0037d2cc7cc2d18e250f4bca1d971885f6c9cacba1e2bde17fedf70a404abe7b2f2f7e0034075
SSDEEP

98304:C2nnSUfEyBw18GLlXt/cNegEeaof59F3ES+s6In4c:VnVfEyHGpt/4z1Z3EDon4c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/168066-bagsface.exe	upx

Files

168066-bagsface.zip
.zip
168066-bagsface.exe
.exe windows x86

Code Sign

c9:ec:e0:ba:c8:c9:ea:dc:32:12:01:dd:e7:11:00:84
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/03/2021, 00:00

Not After

26/03/2023, 23:59

Subject

CN=WOM (WOM CORPORATION OU),O=WOM (WOM CORPORATION OU),POSTALCODE=10152,STREET=Vesivarava tn 50-201,L=Tallinn,ST=Harjumaa,C=EE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3a:24:28:96:81:b3:25:31:88:3f:9d:80:2e:7a:71:cc:1c:ce:8e
Signer

Actual PE Digest

75:3a:24:28:96:81:b3:25:31:88:3f:9d:80:2e:7a:71:cc:1c:ce:8e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=WOM (WOM CORPORATION OU),O=WOM (WOM CORPORATION OU),POSTALCODE=10152,STREET=Vesivarava tn 50-201,L=Tallinn,ST=Harjumaa,C=EE

07/02/2023, 20:40
Valid: true

Chain 1

CN=WOM (WOM CORPORATION OU),O=WOM (WOM CORPORATION OU),POSTALCODE=10152,STREET=Vesivarava tn 50-201,L=Tallinn,ST=Harjumaa,C=EE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=WOM (WOM CORPORATION OU),O=WOM (WOM CORPORATION OU),POSTALCODE=10152,STREET=Vesivarava tn 50-201,L=Tallinn,ST=Harjumaa,C=EE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
168066-bagsface.mmrc

Sharing

General

Malware Config

Signatures

Files

Code Sign

c9:ec:e0:ba:c8:c9:ea:dc:32:12:01:dd:e7:11:00:84Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3a:24:28:96:81:b3:25:31:88:3f:9d:80:2e:7a:71:cc:1c:ce:8eSigner

Signature Validations

Verification

07/02/2023, 20:40 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.1MB

UPX1 Size: 4.2MB - Virtual size: 4.2MB

.rsrc Size: 82KB - Virtual size: 84KB

c9:ec:e0:ba:c8:c9:ea:dc:32:12:01:dd:e7:11:00:84
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3a:24:28:96:81:b3:25:31:88:3f:9d:80:2e:7a:71:cc:1c:ce:8e
Signer

07/02/2023, 20:40
Valid: true

UPX0
Size: - Virtual size: 4.1MB

UPX1
Size: 4.2MB - Virtual size: 4.2MB

.rsrc
Size: 82KB - Virtual size: 84KB