7e34bfdd1c8c674a0eca06bc4134faf1a25ae20090b6b5ad321a00d7e96d110a

Sharing

Copy URL Twitter E-mail

General

Target

7e34bfdd1c8c674a0eca06bc4134faf1a25ae20090b6b5ad321a00d7e96d110a
Size

731KB
MD5

c82342f211e6720f6ba9193e50cdf1c7
SHA1

199dec35b2203aa0c9099ff60579a5c60a016ba4
SHA256

7e34bfdd1c8c674a0eca06bc4134faf1a25ae20090b6b5ad321a00d7e96d110a
SHA512

ac33d65b7193c78ab80a6b88552691c175fbcde4547af1f53d64dc896a4a089880bcd0afcf1231dfa6caf54fc022530c33009a94397758c5e0e945b1425ce05d
SSDEEP

12288:Gx7xRAcQjP+yyTDxbSKhYGKuLSrrbEXSfZ3rHq86YLt5LE5e3Yd4P2Kr3SXFAF8o:Gx77hWPDyTVphYPySrys7qpGt9E5yQ4j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

7e34bfdd1c8c674a0eca06bc4134faf1a25ae20090b6b5ad321a00d7e96d110a
.exe windows x86

Code Sign

0c:b5:11:e4:d2:b2:e7:7d:b9:39:3c:36:17:93:a0:8f
Certificate

Issuer

CN=xiedaxia,ST=江西,C=China,1.2.840.113549.1.9.1=#0c0d7869656461786961402e636f6d

Not Before

18/12/2022, 05:25

Not After

30/12/2099, 16:00

Subject

CN=xiedaxia,ST=江西,C=China,1.2.840.113549.1.9.1=#0c0d7869656461786961402e636f6d

0c:b5:11:e4:d2:b2:e7:7d:b9:39:3c:36:17:93:a0:8f
Certificate

Issuer

CN=xiedaxia,ST=江西,C=China,1.2.840.113549.1.9.1=#0c0d7869656461786961402e636f6d

Not Before

18/12/2022, 05:25

Not After

30/12/2099, 16:00

Subject

CN=xiedaxia,ST=江西,C=China,1.2.840.113549.1.9.1=#0c0d7869656461786961402e636f6d

17:37:d5:93:33:46:2d:9f:d0:2d:8b:43:cf:86:ba:99:d7:73:c1:69:a8:cc:f7:cc:4a:54:f1:e1:37:46:3e:ce
Signer

Actual PE Digest

17:37:d5:93:33:46:2d:9f:d0:2d:8b:43:cf:86:ba:99:d7:73:c1:69:a8:cc:f7:cc:4a:54:f1:e1:37:46:3e:ce

Digest Algorithm

sha256

PE Digest Matches

true

a9:74:a0:8a:5c:85:a7:41:86:c8:e6:84:4a:b5:bd:c5:9b:4b:21:14
Signer

Actual PE Digest

a9:74:a0:8a:5c:85:a7:41:86:c8:e6:84:4a:b5:bd:c5:9b:4b:21:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 864KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 639KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0c:b5:11:e4:d2:b2:e7:7d:b9:39:3c:36:17:93:a0:8fCertificate

0c:b5:11:e4:d2:b2:e7:7d:b9:39:3c:36:17:93:a0:8fCertificate

17:37:d5:93:33:46:2d:9f:d0:2d:8b:43:cf:86:ba:99:d7:73:c1:69:a8:cc:f7:cc:4a:54:f1:e1:37:46:3e:ceSigner

a9:74:a0:8a:5c:85:a7:41:86:c8:e6:84:4a:b5:bd:c5:9b:4b:21:14Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 864KB

UPX1 Size: 639KB - Virtual size: 640KB

.rsrc Size: 88KB - Virtual size: 92KB

Headers

File Characteristics

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 252KB - Virtual size: 248KB

.data Size: 96KB - Virtual size: 369KB

.rsrc Size: 104KB - Virtual size: 103KB

0c:b5:11:e4:d2:b2:e7:7d:b9:39:3c:36:17:93:a0:8f
Certificate

0c:b5:11:e4:d2:b2:e7:7d:b9:39:3c:36:17:93:a0:8f
Certificate

17:37:d5:93:33:46:2d:9f:d0:2d:8b:43:cf:86:ba:99:d7:73:c1:69:a8:cc:f7:cc:4a:54:f1:e1:37:46:3e:ce
Signer

a9:74:a0:8a:5c:85:a7:41:86:c8:e6:84:4a:b5:bd:c5:9b:4b:21:14
Signer

UPX0
Size: - Virtual size: 864KB

UPX1
Size: 639KB - Virtual size: 640KB

.rsrc
Size: 88KB - Virtual size: 92KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 252KB - Virtual size: 248KB

.data
Size: 96KB - Virtual size: 369KB

.rsrc
Size: 104KB - Virtual size: 103KB