c83098bdeee2357a0ff927bb2b9eda0acb964aed42ce2a238ed7e8c048b94fbc

Sharing

Copy URL Twitter E-mail

General

Target

c83098bdeee2357a0ff927bb2b9eda0acb964aed42ce2a238ed7e8c048b94fbc
Size

3.3MB
MD5

5b36c1b08d93bb3ceedb35161d15989b
SHA1

6e8376e8e6bd8b7e1800eaa8e531e3f71c05e14c
SHA256

c83098bdeee2357a0ff927bb2b9eda0acb964aed42ce2a238ed7e8c048b94fbc
SHA512

72659c4a6417098d21fcf56d436ae7d8b16e19c2f94b41eb7e240744ae70f137c89c0a9c528be4ce406e8aa8bf106e77d740506ebe93f8a6424372d1894be5f5
SSDEEP

49152:4UTsam15x2OGs6muEy/m0WfAFNjEZ2h/MAcdyrAKjDgJG8VTn5ogKZF+++ANSnYg:4ai5x2OGs9Nye0Wmo2TcWXDgHTDOTg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

c83098bdeee2357a0ff927bb2b9eda0acb964aed42ce2a238ed7e8c048b94fbc
.exe windows x86

Code Sign

10:2b:ba:7b:9c:56:c2:07:de:da:65:7e:e7:18:b2:6a
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

08/03/2016, 08:38

Not After

08/03/2017, 08:38

Subject

CN=厦门仁优网络科技有限公司,O=厦门仁优网络科技有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0e383335333038384071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:43:55:7a:32:3e:ef:6a:2f:82:b3:c9:a3:f0:71:c0
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

08/03/2016, 08:40

Not After

08/03/2017, 08:40

Subject

CN=厦门仁优网络科技有限公司,O=厦门仁优网络科技有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0e383335333038384071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:87:e1:b4:32:49:f8:e6:18:c2:25:0c:96:27:e6:11:f6:12:68:00:98:c7:a6:48:73:52:e9:11:78:37:dd:11
Signer

Actual PE Digest

4e:87:e1:b4:32:49:f8:e6:18:c2:25:0c:96:27:e6:11:f6:12:68:00:98:c7:a6:48:73:52:e9:11:78:37:dd:11

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=厦门仁优网络科技有限公司,O=厦门仁优网络科技有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0e383335333038384071712e636f6d

17/01/2017, 04:31
Valid: false

44:1c:32:be:90:05:be:52:ad:2c:5d:e5:e9:42:cf:78:ce:a7:26:8a
Signer

Actual PE Digest

44:1c:32:be:90:05:be:52:ad:2c:5d:e5:e9:42:cf:78:ce:a7:26:8a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=厦门仁优网络科技有限公司,O=厦门仁优网络科技有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c0e383335333038384071712e636f6d

17/01/2017, 04:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 335KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

10:2b:ba:7b:9c:56:c2:07:de:da:65:7e:e7:18:b2:6aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

43:43:55:7a:32:3e:ef:6a:2f:82:b3:c9:a3:f0:71:c0Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

4e:87:e1:b4:32:49:f8:e6:18:c2:25:0c:96:27:e6:11:f6:12:68:00:98:c7:a6:48:73:52:e9:11:78:37:dd:11Signer

Signature Validations

Verification

17/01/2017, 04:31 Valid: false

44:1c:32:be:90:05:be:52:ad:2c:5d:e5:e9:42:cf:78:ce:a7:26:8aSigner

Signature Validations

Verification

17/01/2017, 04:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.5MB

UPX1 Size: 335KB - Virtual size: 336KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 41KB - Virtual size: 41KB

10:2b:ba:7b:9c:56:c2:07:de:da:65:7e:e7:18:b2:6a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

43:43:55:7a:32:3e:ef:6a:2f:82:b3:c9:a3:f0:71:c0
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

4e:87:e1:b4:32:49:f8:e6:18:c2:25:0c:96:27:e6:11:f6:12:68:00:98:c7:a6:48:73:52:e9:11:78:37:dd:11
Signer

17/01/2017, 04:31
Valid: false

44:1c:32:be:90:05:be:52:ad:2c:5d:e5:e9:42:cf:78:ce:a7:26:8a
Signer

17/01/2017, 04:24
Valid: false

UPX0
Size: - Virtual size: 2.5MB

UPX1
Size: 335KB - Virtual size: 336KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 41KB - Virtual size: 41KB