tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

123KB
MD5

8322a25fdf4aa5ac1377a49b15454570
SHA1

7c534fdc51a74dba95afea65fdb97d14a046203b
SHA256

b3c512c8f441b498e6e97216e27bfaccad1a35885d192f7cf2b4f6d05bf020ff
SHA512

8a98892bd5129a9e704b3967487472fd452a99f2aa4b0e4d899ea937df45cfbb863da073ee94b29e845ffd5bab40aab5932f8dccbf74aedd4428140dfc07ebec
SSDEEP

3072:GNhkj8e5Nc4TpV0ttgjAM7xCflW4o8AxOMx3FKIaQNhxCv:khkj8e5NRf0tt47xA9kkMjKIJNfc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

tmp
.exe windows x64

Code Sign

42:53:5e:57:29:d6:b0:a1
Certificate

Issuer

CN=Adler SignKey CA,O=Adler Soft Development,L=Luhansk

Not Before

27/06/2023, 00:00

Not After

27/06/2025, 00:00

Subject

CN=EpicHelpic,O=EpicHelpic,L=EpicHelpic,C=RU,1.2.840.113549.1.9.1=#130a4570696348656c706963

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

42:53:5e:57:29:d6:b0:a1
Certificate

Issuer

CN=Adler SignKey CA,O=Adler Soft Development,L=Luhansk

Not Before

27/06/2023, 00:00

Not After

27/06/2025, 00:00

Subject

CN=EpicHelpic,O=EpicHelpic,L=EpicHelpic,C=RU,1.2.840.113549.1.9.1=#130a4570696348656c706963

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:aa:60:50:37:c0:b5:ee:a0:ea:0f:14:b0:54:f8:9e:9c:8f:96:60:f6:61:e7:66:02:e2:53:5c:07:34:ff:bf
Signer

Actual PE Digest

4d:aa:60:50:37:c0:b5:ee:a0:ea:0f:14:b0:54:f8:9e:9c:8f:96:60:f6:61:e7:66:02:e2:53:5c:07:34:ff:bf

Digest Algorithm

sha256

PE Digest Matches

true

73:a8:b1:ec:cb:0a:df:93:ca:cb:13:e6:d5:8e:6e:60:cc:a4:e8:23
Signer

Actual PE Digest

73:a8:b1:ec:cb:0a:df:93:ca:cb:13:e6:d5:8e:6e:60:cc:a4:e8:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

42:53:5e:57:29:d6:b0:a1Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

42:53:5e:57:29:d6:b0:a1Certificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4d:aa:60:50:37:c0:b5:ee:a0:ea:0f:14:b0:54:f8:9e:9c:8f:96:60:f6:61:e7:66:02:e2:53:5c:07:34:ff:bfSigner

73:a8:b1:ec:cb:0a:df:93:ca:cb:13:e6:d5:8e:6e:60:cc:a4:e8:23Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 110KB - Virtual size: 112KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 11KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 2KB

42:53:5e:57:29:d6:b0:a1
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

42:53:5e:57:29:d6:b0:a1
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4d:aa:60:50:37:c0:b5:ee:a0:ea:0f:14:b0:54:f8:9e:9c:8f:96:60:f6:61:e7:66:02:e2:53:5c:07:34:ff:bf
Signer

73:a8:b1:ec:cb:0a:df:93:ca:cb:13:e6:d5:8e:6e:60:cc:a4:e8:23
Signer

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 110KB - Virtual size: 112KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 2KB