84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c

Resubmissions

27-02-2023 09:32

230227-lhsmdacf9v 10

27-02-2023 09:25

230227-ldly2acf61 10

Sharing

Copy URL

Twitter E-mail

General

Target

84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c
Size

4.0MB
MD5

d669b0cfc7943855c3596c9023889cb4
SHA1

2d2bc68788c8e590847bb126e5bf99a4ebb7606d
SHA256

84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c
SHA512

0a84926cec57fd284d0e0ad24988d8e64dc96e7d8fb603f4d1f42aeb50a777f1c7517f404588ef835156f03331877776a51cba5530d2f437c2d55c84af309ece
SSDEEP

98304:w9fw3cxmBSrj9Npa0DEwXXmLOwRSwZ9jcQ/2MVW3Hk3BnNBHNUqEUtu:wpyBSjpaAEw0QwZBx6EVNUv

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/5.exe	aspack_v212_v242

Files

84fd010be9c5d88bf487c276672099e65e06ca0695624ecf8e1c923b1c33f01c
.rar
5.exe
.exe windows x86

Code Sign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

Issuer

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-07-2013 12:00

Not After

22-10-2023 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:f7:e3:f7:b8:3e:72:15:91:74:e2:26:75:d1:38:07
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20-06-2022 00:00

Not After

18-06-2025 23:59

Subject

CN=Guangzhou QuYing Network Technology Co.\, Ltd.,O=Guangzhou QuYing Network Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-06-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:82:75:72:37:f5:16:c9:e7:22:77:d5:07:aa:94:4a:69:47:ce:27:a0:48:4b:af:fc:9a:b9:ab:c3:d4:55:3e
Signer

Actual PE Digest

24:82:75:72:37:f5:16:c9:e7:22:77:d5:07:aa:94:4a:69:47:ce:27:a0:48:4b:af:fc:9a:b9:ab:c3:d4:55:3e

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Guangzhou QuYing Network Technology Co.\, Ltd.,O=Guangzhou QuYing Network Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong province,C=CN

01-07-2022 07:08
Valid: true

Chain 1

CN=Guangzhou QuYing Network Technology Co.\, Ltd.,O=Guangzhou QuYing Network Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong province,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Guangzhou QuYing Network Technology Co.\, Ltd.,O=Guangzhou QuYing Network Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong province,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 276KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.7MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47Certificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:f7:e3:f7:b8:3e:72:15:91:74:e2:26:75:d1:38:07Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

24:82:75:72:37:f5:16:c9:e7:22:77:d5:07:aa:94:4a:69:47:ce:27:a0:48:4b:af:fc:9a:b9:ab:c3:d4:55:3eSigner

Signature Validations

Verification

01-07-2022 07:08 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Sections

.text Size: 276KB - Virtual size: 624KB

.rdata Size: 3.7MB - Virtual size: 10.0MB

.data Size: 27KB - Virtual size: 256KB

.rsrc Size: 5KB - Virtual size: 40KB

.aspack Size: 29KB - Virtual size: 32KB

.adata Size: - Virtual size: 4KB

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:f7:e3:f7:b8:3e:72:15:91:74:e2:26:75:d1:38:07
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

24:82:75:72:37:f5:16:c9:e7:22:77:d5:07:aa:94:4a:69:47:ce:27:a0:48:4b:af:fc:9a:b9:ab:c3:d4:55:3e
Signer

01-07-2022 07:08
Valid: true

.text
Size: 276KB - Virtual size: 624KB

.rdata
Size: 3.7MB - Virtual size: 10.0MB

.data
Size: 27KB - Virtual size: 256KB

.rsrc
Size: 5KB - Virtual size: 40KB

.aspack
Size: 29KB - Virtual size: 32KB

.adata
Size: - Virtual size: 4KB