MDE_File_Sample_9328a46f81e4125b179b7377238bef368afdb7d0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_9328a46f81e4125b179b7377238bef368afdb7d0.zip
Size

1.1MB
MD5

5be27d5d2f48d0354aadda894f815b20
SHA1

2b1ea728427aac885c1f8c0674a6a228ba52d7ff
SHA256

3c109bad8ef9b0ee599640d1eea92ee2ba9b5c0f3b4ef2cad5e779ae4b8e032a
SHA512

8355305851e2ba2744d987dfa7503e05c1a235877bfeae02e4caf4db2fe638df03ec24aa727f9b833064ce45a3dacf7157202171571b54a5ddaa8f4c7fff17fd
SSDEEP

24576:v2ukqQUAuMwKmxXp8ytjxXVsUiCT/K5ErAE7kSD+7q:epqQ4MwKsX/xXtirS9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/??????.exe	upx

Files

MDE_File_Sample_9328a46f81e4125b179b7377238bef368afdb7d0.zip
.zip

Password: infected
??????.exe
.exe windows x86

Code Sign

5c:e2:a3:03:9e:b0:0c:67:ba:af:03:e9:b0:4a:e1:57
Certificate

Issuer

CN=People's Republic of China

Not Before

15/05/2018, 09:03

Not After

31/12/2039, 23:59

Subject

CN=People's Republic of China

96:97:74:dd:29:0f:ac:13:f5:4d:d7:c2:f7:c3:9e:10:da:ac:dc:fe
Signer

Actual PE Digest

96:97:74:dd:29:0f:ac:13:f5:4d:d7:c2:f7:c3:9e:10:da:ac:dc:fe

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=People's Republic of China

07/02/2023, 20:40
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

5c:e2:a3:03:9e:b0:0c:67:ba:af:03:e9:b0:4a:e1:57Certificate

96:97:74:dd:29:0f:ac:13:f5:4d:d7:c2:f7:c3:9e:10:da:ac:dc:feSigner

Signature Validations

Verification

07/02/2023, 20:40 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 48KB - Virtual size: 52KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 7KB - Virtual size: 6KB

5c:e2:a3:03:9e:b0:0c:67:ba:af:03:e9:b0:4a:e1:57
Certificate

96:97:74:dd:29:0f:ac:13:f5:4d:d7:c2:f7:c3:9e:10:da:ac:dc:fe
Signer

07/02/2023, 20:40
Valid: false

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 48KB - Virtual size: 52KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 6KB