6543c9cb506081b4b475a6cd30c4d7eb67ca5687add6f8ff81144fe9230694b9

Sharing

Copy URL Twitter E-mail

General

Target

6543c9cb506081b4b475a6cd30c4d7eb67ca5687add6f8ff81144fe9230694b9
Size

11.7MB
MD5

2dd7a82bfc4558baee1ca974a05a7917
SHA1

fc7701b585bdd62212ff4e5d74eec9b1d16130c1
SHA256

6543c9cb506081b4b475a6cd30c4d7eb67ca5687add6f8ff81144fe9230694b9
SHA512

81b97c25cb6adfd0af142eb89ec1569bb08962663ad81184f53e26a04584e9d970abb474b4784940bab08ae68e3ef3a988031c1946110dcb8cc2123486bb9851
SSDEEP

196608:gdg+qUkTDOuVSWdRRkrUv9TrKldqdlx5ySWRUFfbfhIp08HtsBmOk+3OoAUkTTkn:iyUkfLVdRmrUvZrK3qQU1bJW08Htamcr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

6543c9cb506081b4b475a6cd30c4d7eb67ca5687add6f8ff81144fe9230694b9
.exe windows x86

Code Sign

49:63:3d:02:a6:c1:80:54:e2:21:ff:1b:ec:b6:27:7c
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

11/04/2017, 07:20

Not After

11/05/2019, 07:20

Subject

CN=Yifeng Ye,O=Yifeng Ye,L=Ningde,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:73:40:fd:97:51:f6:94:d3:62:1a:93:a5:0c:bb:49
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

11/04/2017, 07:15

Not After

11/05/2019, 07:15

Subject

CN=Yifeng Ye,O=Yifeng Ye,L=Ningde,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:aa:9f:b2:5a:1f:04:aa:96:0f:0b:dc:38:97:6c:e7:1c:14:c3:77:cd:a5:eb:77:43:61:83:46:37:03:58:9f
Signer

Actual PE Digest

7e:aa:9f:b2:5a:1f:04:aa:96:0f:0b:dc:38:97:6c:e7:1c:14:c3:77:cd:a5:eb:77:43:61:83:46:37:03:58:9f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Yifeng Ye,O=Yifeng Ye,L=Ningde,ST=Fujian,C=CN

16/03/2023, 15:39
Valid: false

d1:d3:cc:d9:ca:6d:7b:7e:cd:2d:7f:91:1d:c4:30:61:fb:8e:e1:1f
Signer

Actual PE Digest

d1:d3:cc:d9:ca:6d:7b:7e:cd:2d:7f:91:1d:c4:30:61:fb:8e:e1:1f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Yifeng Ye,O=Yifeng Ye,L=Ningde,ST=Fujian,C=CN

16/03/2023, 15:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 339KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

49:63:3d:02:a6:c1:80:54:e2:21:ff:1b:ec:b6:27:7cCertificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

2d:73:40:fd:97:51:f6:94:d3:62:1a:93:a5:0c:bb:49Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

7e:aa:9f:b2:5a:1f:04:aa:96:0f:0b:dc:38:97:6c:e7:1c:14:c3:77:cd:a5:eb:77:43:61:83:46:37:03:58:9fSigner

Signature Validations

Verification

16/03/2023, 15:39 Valid: false

d1:d3:cc:d9:ca:6d:7b:7e:cd:2d:7f:91:1d:c4:30:61:fb:8e:e1:1fSigner

Signature Validations

Verification

16/03/2023, 15:39 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 11.8MB

UPX1 Size: 339KB - Virtual size: 340KB

.rsrc Size: 11.3MB - Virtual size: 11.3MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 11.3MB - Virtual size: 11.3MB

.reloc Size: 41KB - Virtual size: 41KB

49:63:3d:02:a6:c1:80:54:e2:21:ff:1b:ec:b6:27:7c
Certificate

19:c2:85:30:e9:3b:36
Certificate

2d:73:40:fd:97:51:f6:94:d3:62:1a:93:a5:0c:bb:49
Certificate

19:c2:85:30:e9:3b:36
Certificate

7e:aa:9f:b2:5a:1f:04:aa:96:0f:0b:dc:38:97:6c:e7:1c:14:c3:77:cd:a5:eb:77:43:61:83:46:37:03:58:9f
Signer

16/03/2023, 15:39
Valid: false

d1:d3:cc:d9:ca:6d:7b:7e:cd:2d:7f:91:1d:c4:30:61:fb:8e:e1:1f
Signer

16/03/2023, 15:39
Valid: false

UPX0
Size: - Virtual size: 11.8MB

UPX1
Size: 339KB - Virtual size: 340KB

.rsrc
Size: 11.3MB - Virtual size: 11.3MB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 11.3MB - Virtual size: 11.3MB

.reloc
Size: 41KB - Virtual size: 41KB