d3da6b93e7598fb522fe8858e15e445ba1ca13d05aacd22156d8ad3d745dd2d8

Sharing

Copy URL

Twitter E-mail

General

Target

d3da6b93e7598fb522fe8858e15e445ba1ca13d05aacd22156d8ad3d745dd2d8
Size

398KB
MD5

8ff87a847f8ab762522075d18d67aecb
SHA1

0bf00a44ff52486e270aa5776aa1b91ccf7855c5
SHA256

d3da6b93e7598fb522fe8858e15e445ba1ca13d05aacd22156d8ad3d745dd2d8
SHA512

edc93c8975905cc77723c4f73bd607a9e6632baa05e4b362235f608873f2aa89d9762fc127808e4bad3c7053b9676c108dd4c8e7a731a122fc058bdafea1520d
SSDEEP

6144:eNAfdtIIp3THTZRqokUu7g8tfxFADRc+Sn5whgDL9jKxb6jBGbXO42W6jGC4ZKYU:zdtIIlqozl8t8llbh4j9GcPjtxuva

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/out.upx

resource	yara_rule
sample	upx

resource
unpack001/out.upx

Files

d3da6b93e7598fb522fe8858e15e445ba1ca13d05aacd22156d8ad3d745dd2d8
.exe windows x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16-12-2015 00:00

Not After

16-12-2018 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:d2:28:82:f7:64:f7:e1:d4:1f:3d:6d:93:9e:3b:c3:bf:72:c5:71:8b:a2:0d:d7:3c:eb:9b:69:0f:82:68:f5
Signer

Actual PE Digest

cd:d2:28:82:f7:64:f7:e1:d4:1f:3d:6d:93:9e:3b:c3:bf:72:c5:71:8b:a2:0d:d7:3c:eb:9b:69:0f:82:68:f5

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

17-01-2017 09:22
Valid: true

Chain 1

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 387KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

cd:d2:28:82:f7:64:f7:e1:d4:1f:3d:6d:93:9e:3b:c3:bf:72:c5:71:8b:a2:0d:d7:3c:eb:9b:69:0f:82:68:f5Signer

Signature Validations

Verification

17-01-2017 09:22 Valid: true

Chain 1

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 616KB

UPX1 Size: 387KB - Virtual size: 388KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 588KB - Virtual size: 587KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 92KB - Virtual size: 246KB

.rsrc Size: 20KB - Virtual size: 20KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

cd:d2:28:82:f7:64:f7:e1:d4:1f:3d:6d:93:9e:3b:c3:bf:72:c5:71:8b:a2:0d:d7:3c:eb:9b:69:0f:82:68:f5
Signer

17-01-2017 09:22
Valid: true

UPX0
Size: - Virtual size: 616KB

UPX1
Size: 387KB - Virtual size: 388KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 588KB - Virtual size: 587KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 92KB - Virtual size: 246KB

.rsrc
Size: 20KB - Virtual size: 20KB