e5d04fd1b5f747d55fac03e555a54e279f9086fe47ff1c8c8f2be5e048cdfe2a

Sharing

Copy URL

Twitter E-mail

General

Target

e5d04fd1b5f747d55fac03e555a54e279f9086fe47ff1c8c8f2be5e048cdfe2a
Size

2.4MB
MD5

d6e43d5de09301e2d57af1d739f80e68
SHA1

fb3963bbbe1c544fff086c793e1cd3f6027ab12a
SHA256

e5d04fd1b5f747d55fac03e555a54e279f9086fe47ff1c8c8f2be5e048cdfe2a
SHA512

4281abcd71c728fd5187add0947ac58d6c15a00fb79d09bb84d770a0683b0d6bb4a825069c25aa01178d8f0fb269135a83f4c2ae3bf3a9ed3d2faa8022ded77c
SSDEEP

49152:Qv3Z43c5NsIRK6luqawIqm/GsmxIlSR5P3gZ11b+Tg4Mg1yxmtTyQp8CsQP:S3Z43c5N/RK6luNwDmusmxIQHvgZ11bI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

e5d04fd1b5f747d55fac03e555a54e279f9086fe47ff1c8c8f2be5e048cdfe2a
.exe windows x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ef:74:6f:16:e6:73:1b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2017, 07:21

Not After

27/10/2018, 05:30

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ef:74:6f:16:e6:73:1b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2017, 07:21

Not After

27/10/2018, 05:30

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:cf:db:24:f2:95:a0:15:e8:67:19:f4:d7:a3:ce:e8:9e:18:0a:60:a6:56:e5:0e:88:c1:14:b8:5c:08:69:20
Signer

Actual PE Digest

f0:cf:db:24:f2:95:a0:15:e8:67:19:f4:d7:a3:ce:e8:9e:18:0a:60:a6:56:e5:0e:88:c1:14:b8:5c:08:69:20

Digest Algorithm

sha256

PE Digest Matches

true

7c:e2:b4:04:49:9c:0d:c9:64:be:e1:96:99:7b:56:9e:8c:79:6b:a0
Signer

Actual PE Digest

7c:e2:b4:04:49:9c:0d:c9:64:be:e1:96:99:7b:56:9e:8c:79:6b:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

32:ef:74:6f:16:e6:73:1bCertificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

32:ef:74:6f:16:e6:73:1bCertificate

Extended Key Usages

Key Usages

f0:cf:db:24:f2:95:a0:15:e8:67:19:f4:d7:a3:ce:e8:9e:18:0a:60:a6:56:e5:0e:88:c1:14:b8:5c:08:69:20Signer

7c:e2:b4:04:49:9c:0d:c9:64:be:e1:96:99:7b:56:9e:8c:79:6b:a0Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 18KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 12KB - Virtual size: 12KB

1b:e7:15
Certificate

07
Certificate

32:ef:74:6f:16:e6:73:1b
Certificate

1b:e7:15
Certificate

07
Certificate

32:ef:74:6f:16:e6:73:1b
Certificate

f0:cf:db:24:f2:95:a0:15:e8:67:19:f4:d7:a3:ce:e8:9e:18:0a:60:a6:56:e5:0e:88:c1:14:b8:5c:08:69:20
Signer

7c:e2:b4:04:49:9c:0d:c9:64:be:e1:96:99:7b:56:9e:8c:79:6b:a0
Signer

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 18KB - Virtual size: 20KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 12KB - Virtual size: 12KB