34efd7f6aeeeef723859021cec49c5b870d82bd952700a570630f60cf7f5d476

Sharing

Copy URL Twitter E-mail

General

Target

34efd7f6aeeeef723859021cec49c5b870d82bd952700a570630f60cf7f5d476
Size

418KB
MD5

993d03556710fad0eb43247a53c88d3d
SHA1

80ffc2ec2925e26432926ca9768aab5867c8e331
SHA256

34efd7f6aeeeef723859021cec49c5b870d82bd952700a570630f60cf7f5d476
SHA512

f1922252e6fe99d34afdd3f70c62fb10183bbba1737624d3320a99529dbc7f7f42dfba6c45a79335eeb2b8314421ea3da51fed2a9e19a3f4f440f33f5bde8d69
SSDEEP

12288:HOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPi8nnFURmN:Hq5TfcdHj4fmbnnga

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

34efd7f6aeeeef723859021cec49c5b870d82bd952700a570630f60cf7f5d476
.exe windows x86

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:05:fd:22:b2:6d:3d:62:12:f4:98:2d:69:67:68:6a
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

12/03/2019, 11:27

Not After

11/06/2020, 11:27

Subject

CN=厦门仁优网络科技有限公司,O=厦门仁优网络科技有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c10786d72656e796f75403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:46:e4:be:d0:24:da:82:18:ed:2e:91:b5:c6:bd:3c:70:6a:b1:4f:24:c1:01:4e:36:96:0e:c7:78:62:70:74
Signer

Actual PE Digest

3b:46:e4:be:d0:24:da:82:18:ed:2e:91:b5:c6:bd:3c:70:6a:b1:4f:24:c1:01:4e:36:96:0e:c7:78:62:70:74

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=厦门仁优网络科技有限公司,O=厦门仁优网络科技有限公司,L=厦门市,ST=福建省,C=CN,1.2.840.113549.1.9.1=#0c10786d72656e796f75403136332e636f6d

27/03/2023, 18:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 334KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:44:c0Certificate

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

0c:05:fd:22:b2:6d:3d:62:12:f4:98:2d:69:67:68:6aCertificate

Extended Key Usages

Key Usages

3b:46:e4:be:d0:24:da:82:18:ed:2e:91:b5:c6:bd:3c:70:6a:b1:4f:24:c1:01:4e:36:96:0e:c7:78:62:70:74Signer

Signature Validations

Verification

27/03/2023, 18:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 596KB

UPX1 Size: 334KB - Virtual size: 336KB

.rsrc Size: 79KB - Virtual size: 80KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 41KB - Virtual size: 41KB

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

0c:05:fd:22:b2:6d:3d:62:12:f4:98:2d:69:67:68:6a
Certificate

3b:46:e4:be:d0:24:da:82:18:ed:2e:91:b5:c6:bd:3c:70:6a:b1:4f:24:c1:01:4e:36:96:0e:c7:78:62:70:74
Signer

27/03/2023, 18:21
Valid: false

UPX0
Size: - Virtual size: 596KB

UPX1
Size: 334KB - Virtual size: 336KB

.rsrc
Size: 79KB - Virtual size: 80KB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 41KB - Virtual size: 41KB