1eadf6c23c2a8f5fd8b88d7c367aeb982abe81cfd0627458f4d14737b0051dce

Sharing

Copy URL Twitter E-mail

General

Target

1eadf6c23c2a8f5fd8b88d7c367aeb982abe81cfd0627458f4d14737b0051dce
Size

2.3MB
MD5

8c17f601b01758c817029c3bcd549088
SHA1

ffc206657a943e02321cd4079fb396187a853a0c
SHA256

1eadf6c23c2a8f5fd8b88d7c367aeb982abe81cfd0627458f4d14737b0051dce
SHA512

04fc2d9bcaddcce186030aae3a89e53a5219dfae3323cf89d139afa1a71166cb8697b9a960bdab8b82b2e19c9400fd2b9d854d71bf3f3fd4fba6775d7fb7e7fd
SSDEEP

49152:wkk9Cmldx7480Ht0+JJYF4Wh4VtB11gupvCYkrIQi/0F7Ea25fvThKEKk/j9XQP6:w3J3x747HvJJ64NHBbgupKYkrIQBR92r

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1eadf6c23c2a8f5fd8b88d7c367aeb982abe81cfd0627458f4d14737b0051dce
.exe windows x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ef:74:6f:16:e6:73:1b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2017, 07:21

Not After

27/10/2018, 05:30

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ef:74:6f:16:e6:73:1b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2017, 07:21

Not After

27/10/2018, 05:30

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:2b:fe:38:d6:d9:25:dd:ae:1b:c2:d1:b5:cf:d6:96:b5:3c:e4:7e:ae:54:6f:9a:dd:cb:02:9c:7a:21:ff:25
Signer

Actual PE Digest

63:2b:fe:38:d6:d9:25:dd:ae:1b:c2:d1:b5:cf:d6:96:b5:3c:e4:7e:ae:54:6f:9a:dd:cb:02:9c:7a:21:ff:25

Digest Algorithm

sha256

PE Digest Matches

true

72:10:e8:c2:6d:33:75:89:e9:d0:b2:5d:f7:5f:2c:c1:c8:c7:50:46
Signer

Actual PE Digest

72:10:e8:c2:6d:33:75:89:e9:d0:b2:5d:f7:5f:2c:c1:c8:c7:50:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

32:ef:74:6f:16:e6:73:1bCertificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

32:ef:74:6f:16:e6:73:1bCertificate

Extended Key Usages

Key Usages

63:2b:fe:38:d6:d9:25:dd:ae:1b:c2:d1:b5:cf:d6:96:b5:3c:e4:7e:ae:54:6f:9a:dd:cb:02:9c:7a:21:ff:25Signer

72:10:e8:c2:6d:33:75:89:e9:d0:b2:5d:f7:5f:2c:c1:c8:c7:50:46Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 18KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 12KB - Virtual size: 12KB

1b:e7:15
Certificate

07
Certificate

32:ef:74:6f:16:e6:73:1b
Certificate

1b:e7:15
Certificate

07
Certificate

32:ef:74:6f:16:e6:73:1b
Certificate

63:2b:fe:38:d6:d9:25:dd:ae:1b:c2:d1:b5:cf:d6:96:b5:3c:e4:7e:ae:54:6f:9a:dd:cb:02:9c:7a:21:ff:25
Signer

72:10:e8:c2:6d:33:75:89:e9:d0:b2:5d:f7:5f:2c:c1:c8:c7:50:46
Signer

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 18KB - Virtual size: 20KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 12KB - Virtual size: 12KB