tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

1.9MB
MD5

02ff7a7701fb78965cd3f8c91b7b0ef9
SHA1

46b0579533b21d11df830f3b8257af317d1d2996
SHA256

725dac7dac800932bbfcefcc5de750e98449727e198f5eef82b8343b8ebfb25a
SHA512

318a6e5348e0c2e67737213a9ff13a391ebe1164ae2d556ba6fcdfb4539c0f0241bd2e325d65a8f72000125bd307fad50eb3f11f3295c8e6744f0e766ca72351
SSDEEP

49152:01g0pJDLFYi1YorBdTxzFC29qFk8cNKoUELLQBjZ0:QgsJDL6gP3VE2oFkXNKo9AB6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

tmp
.exe windows x86

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:73:bc:59:5d:65:e6:f3:74:c6:27:4f:43:b9:c3:69
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/05/2020, 00:00

Not After

01/05/2022, 23:59

Subject

CN=Pharmbase Corp,OU=Management Team,O=Pharmbase Corp,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:bd:c4:9b:47:08:0f:27:c6:91:d3:f5:bc:35:ec:c3:68:ff:84:cd
Signer

Actual PE Digest

26:bd:c4:9b:47:08:0f:27:c6:91:d3:f5:bc:35:ec:c3:68:ff:84:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 412KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

4e:73:bc:59:5d:65:e6:f3:74:c6:27:4f:43:b9:c3:69Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

26:bd:c4:9b:47:08:0f:27:c6:91:d3:f5:bc:35:ec:c3:68:ff:84:cdSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 23KB - Virtual size: 24KB

Headers

File Characteristics

Sections

CODE Size: 2.8MB - Virtual size: 2.8MB

DATA Size: 57KB - Virtual size: 57KB

BSS Size: - Virtual size: 412KB

.idata Size: 13KB - Virtual size: 13KB

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 163KB - Virtual size: 162KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

4e:73:bc:59:5d:65:e6:f3:74:c6:27:4f:43:b9:c3:69
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

26:bd:c4:9b:47:08:0f:27:c6:91:d3:f5:bc:35:ec:c3:68:ff:84:cd
Signer

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 23KB - Virtual size: 24KB

CODE
Size: 2.8MB - Virtual size: 2.8MB

DATA
Size: 57KB - Virtual size: 57KB

BSS
Size: - Virtual size: 412KB

.idata
Size: 13KB - Virtual size: 13KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 163KB - Virtual size: 162KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB