7a29f2c5e3dccfd034551f7ec78190c63f6b58d6d0e88d24ec9ce318d2a5a54f

Sharing

Copy URL Twitter E-mail

General

Target

7a29f2c5e3dccfd034551f7ec78190c63f6b58d6d0e88d24ec9ce318d2a5a54f
Size

1.0MB
MD5

8fde5af628c5161d0b1dfe468dd55d3b
SHA1

749f73f88ef4b4bfaf407f83fd0d08fcb370e8a3
SHA256

7a29f2c5e3dccfd034551f7ec78190c63f6b58d6d0e88d24ec9ce318d2a5a54f
SHA512

7965b5907d6da1deaf30909246b76a15d0ada3daa6d9a41ad6e13959ea84efc691e63f4ec564b1b578024767d5309dda42419f4bfdaf7cc77a85cdd6d03af84c
SSDEEP

24576:hFE//Tct4bOswZ+8xrMgZdUCxD6U59kwHUd4m8lvu:TSVw48/Ue9dHUWmJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

7a29f2c5e3dccfd034551f7ec78190c63f6b58d6d0e88d24ec9ce318d2a5a54f
.exe windows x86

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:35:8c:75:0a:9d:07:2d:6f:15:f8:ac:67:8d:f2:3c:db:c9:c9:dc:24:d0:fa:0c:a4:38:bb:c0:11:01:f4:7c
Signer

Actual PE Digest

48:35:8c:75:0a:9d:07:2d:6f:15:f8:ac:67:8d:f2:3c:db:c9:c9:dc:24:d0:fa:0c:a4:38:bb:c0:11:01:f4:7c

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

18/04/2022, 08:39
Valid: true

Chain 1

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

69:a3:fb:6a:9f:5c:99:9e:a8:e9:58:f3:3a:1d:b5:53:78:10:3e:2c
Signer

Actual PE Digest

69:a3:fb:6a:9f:5c:99:9e:a8:e9:58:f3:3a:1d:b5:53:78:10:3e:2c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

18/04/2022, 08:39
Valid: true

Chain 1

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

48:35:8c:75:0a:9d:07:2d:6f:15:f8:ac:67:8d:f2:3c:db:c9:c9:dc:24:d0:fa:0c:a4:38:bb:c0:11:01:f4:7cSigner

Signature Validations

Verification

18/04/2022, 08:39 Valid: true

Chain 1

69:a3:fb:6a:9f:5c:99:9e:a8:e9:58:f3:3a:1d:b5:53:78:10:3e:2cSigner

Signature Validations

Verification

18/04/2022, 08:39 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 488KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 53KB - Virtual size: 56KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 56KB - Virtual size: 55KB

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

48:35:8c:75:0a:9d:07:2d:6f:15:f8:ac:67:8d:f2:3c:db:c9:c9:dc:24:d0:fa:0c:a4:38:bb:c0:11:01:f4:7c
Signer

18/04/2022, 08:39
Valid: true

69:a3:fb:6a:9f:5c:99:9e:a8:e9:58:f3:3a:1d:b5:53:78:10:3e:2c
Signer

18/04/2022, 08:39
Valid: true

UPX0
Size: - Virtual size: 488KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 53KB - Virtual size: 56KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 56KB - Virtual size: 55KB