e25d2a6b4c9bbc85545db053c3d3a67aead057cf8a1b2e2345ce92b690235f7f

Sharing

Copy URL Twitter E-mail

General

Target

e25d2a6b4c9bbc85545db053c3d3a67aead057cf8a1b2e2345ce92b690235f7f
Size

52KB
MD5

84c46ae3b677133966c7dc81dcdda550
SHA1

19cdf289c47023562884ec09fe5703ed71feff96
SHA256

e25d2a6b4c9bbc85545db053c3d3a67aead057cf8a1b2e2345ce92b690235f7f
SHA512

b558ee927cacd8f3da8111874ce2068ab49c3d926ee70b68a916dd0f65481c432451241e9e24aff28ef6b3342024d181756293f15699cd2212d330ec7caf2418
SSDEEP

768:FWk0H3PfJp8fPVxZnO/IyZj3XpO8Fm09zyOrLocJMUM2vg3h2DHvN3hZ0:RicxtO/ND5LFjP/Ds2I3h2bl3hZ0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

e25d2a6b4c9bbc85545db053c3d3a67aead057cf8a1b2e2345ce92b690235f7f
.exe windows x86

Code Sign

4c:a1:90:a5:f8:5a:6c:b6:45:9a:05:09:05:92:39:84
Certificate

Issuer

CN=技术服务部,1.2.840.113549.1.9.1=#130b7777772e6363686f2e6363

Not Before

24/09/2020, 00:36

Not After

31/12/2039, 23:59

Subject

CN=www.ccho.cc,1.2.840.113549.1.9.1=#130b7777772e6363686f2e6363

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:a1:90:a5:f8:5a:6c:b6:45:9a:05:09:05:92:39:84
Certificate

Issuer

CN=技术服务部,1.2.840.113549.1.9.1=#130b7777772e6363686f2e6363

Not Before

24/09/2020, 00:36

Not After

31/12/2039, 23:59

Subject

CN=www.ccho.cc,1.2.840.113549.1.9.1=#130b7777772e6363686f2e6363

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:c3:db:eb:4d:13:1b:9d:9c:ce:af:d4:ac:cb:fb:6a:e9:b6:d4:21:5a:9d:24:76:18:3c:65:e9:e5:4e:36:42
Signer

Actual PE Digest

34:c3:db:eb:4d:13:1b:9d:9c:ce:af:d4:ac:cb:fb:6a:e9:b6:d4:21:5a:9d:24:76:18:3c:65:e9:e5:4e:36:42

Digest Algorithm

sha256

PE Digest Matches

true

0e:54:4d:64:e7:40:05:1c:51:44:bd:58:40:8f:0e:69:7e:2c:bc:90
Signer

Actual PE Digest

0e:54:4d:64:e7:40:05:1c:51:44:bd:58:40:8f:0e:69:7e:2c:bc:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4c:a1:90:a5:f8:5a:6c:b6:45:9a:05:09:05:92:39:84Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

4c:a1:90:a5:f8:5a:6c:b6:45:9a:05:09:05:92:39:84Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

34:c3:db:eb:4d:13:1b:9d:9c:ce:af:d4:ac:cb:fb:6a:e9:b6:d4:21:5a:9d:24:76:18:3c:65:e9:e5:4e:36:42Signer

0e:54:4d:64:e7:40:05:1c:51:44:bd:58:40:8f:0e:69:7e:2c:bc:90Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 220KB

UPX1 Size: 20KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 105KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 22KB - Virtual size: 21KB

4c:a1:90:a5:f8:5a:6c:b6:45:9a:05:09:05:92:39:84
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4c:a1:90:a5:f8:5a:6c:b6:45:9a:05:09:05:92:39:84
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

34:c3:db:eb:4d:13:1b:9d:9c:ce:af:d4:ac:cb:fb:6a:e9:b6:d4:21:5a:9d:24:76:18:3c:65:e9:e5:4e:36:42
Signer

0e:54:4d:64:e7:40:05:1c:51:44:bd:58:40:8f:0e:69:7e:2c:bc:90
Signer

UPX0
Size: - Virtual size: 220KB

UPX1
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 105KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 22KB - Virtual size: 21KB