216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5

Sharing

Copy URL Twitter E-mail

General

Target

216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5
Size

54KB
MD5

92283d4d0e7e730c3f4f5485bfa48cb6
SHA1

3288f6f98bc2445f4ad688b562fe12414893c1ac
SHA256

216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5
SHA512

f532c17155e0fa50a6b41303fb35bc9ee1b017125d728cc6ce1bbcf948171fbf4d933ed7d58452e2d7bff4a6ab8889392946b2f0cf316a243cf35c8e02fb8407
SSDEEP

1536:FA3cJAgmSRC5DcLxIBLGwUgIW2sV9R2Jml:1OozkV9RW+

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

216047c048bf1dcbf031cf24bd5e0f263994a5df60b23089e393033d17257cb5
.exe windows x86

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:5a:71:d9:53:a7:e1:b3:a5:9f:d6:4d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

24/12/2021, 15:23

Not After

25/12/2022, 15:23

Subject

SERIALNUMBER=10044873,CN=MK Investment Properties Inc.,O=MK Investment Properties Inc.,STREET=667 Richmond Rd,L=Ashton,ST=Ontario,C=CA,1.2.840.113549.1.9.1=#0c2643686c6f652e4d696c6c657240676c6f62616c74726565696e766573746d656e74732e636f6d,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:50:1f:e6:08:b9:76:21:f5:9e:f5:17:1b:2d:b8:62:35:a0:97:89
Signer

Actual PE Digest

03:50:1f:e6:08:b9:76:21:f5:9e:f5:17:1b:2d:b8:62:35:a0:97:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

36:5a:71:d9:53:a7:e1:b3:a5:9f:d6:4dCertificate

Extended Key Usages

Key Usages

03:50:1f:e6:08:b9:76:21:f5:9e:f5:17:1b:2d:b8:62:35:a0:97:89Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 40KB - Virtual size: 44KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

36:5a:71:d9:53:a7:e1:b3:a5:9f:d6:4d
Certificate

03:50:1f:e6:08:b9:76:21:f5:9e:f5:17:1b:2d:b8:62:35:a0:97:89
Signer

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 40KB - Virtual size: 44KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB