a5a6481c82ebfe22e6bab8423724381a2d654efad3e362c64de17f9f7cf4ae21

Sharing

Copy URL Twitter E-mail

General

Target

a5a6481c82ebfe22e6bab8423724381a2d654efad3e362c64de17f9f7cf4ae21
Size

1.4MB
MD5

e2f7644ad882d64c0e9c60365ed8f134
SHA1

3e6c6141f0efd2be6b09a65f5a825870ca03097b
SHA256

a5a6481c82ebfe22e6bab8423724381a2d654efad3e362c64de17f9f7cf4ae21
SHA512

23f089290f83db1a8e466b178412cb26291e8dbe5dd2d5696b8849ea5ada18609e3d937e4b3bce5ff83fe7940139d766494ad072384ec5fe385aa0f0a217b0bc
SSDEEP

24576:9Y7nIfQ/JCuwlURX6FG2tg9JOy5XcQ7AkNo/5csiNEna1+dpn6lQ+klSfmnTpB:9Ot/JC0cjg9rp7AkWkip61klSf6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

a5a6481c82ebfe22e6bab8423724381a2d654efad3e362c64de17f9f7cf4ae21
.exe windows x86

Code Sign

17:01:8c:bb:00:00:00:35:f2:1f
Certificate

Issuer

CN=HWIT Enterprise CA 1

Not Before

18/09/2019, 03:11

Not After

16/09/2024, 03:11

Subject

CN=Huawei Technologies Co.\, Ltd.,OU=BP&IT,O=Huawei Technologies Co.\, Ltd.,L=ShenZhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:09:d5:2e:00:00:00:00:00:02
Certificate

Issuer

CN=Huawei IT Root CA,O=Huawei IT

Not Before

19/10/2013, 16:46

Not After

19/10/2029, 16:56

Subject

CN=HWIT Enterprise CA 1

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

c6:22:05:6f:ba:be:a8:9a:ad:ed:00:84:c4:f4:24:7d:0e:34:b8:e0
Signer

Actual PE Digest

c6:22:05:6f:ba:be:a8:9a:ad:ed:00:84:c4:f4:24:7d:0e:34:b8:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0?$oserializer@Vtext_oarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@boost@@QAE@XZ
??0?$singleton@V?$extended_type_info_typeid@U_JsonAuditInfoItem@@@serialization@boost@@@serialization@boost@@IAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@U_JsonAuditInfoItem@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U_JsonAuditInfoItem@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_iarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_oarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@3@XZ
?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@U_JsonAuditInfoItem@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?unlock@singleton_module@serialization@boost@@QAEXXZ

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

17:01:8c:bb:00:00:00:35:f2:1fCertificate

Extended Key Usages

Key Usages

11:09:d5:2e:00:00:00:00:00:02Certificate

Key Usages

c6:22:05:6f:ba:be:a8:9a:ad:ed:00:84:c4:f4:24:7d:0e:34:b8:e0Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.5MB

UPX1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 64KB - Virtual size: 85KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 155KB - Virtual size: 155KB

17:01:8c:bb:00:00:00:35:f2:1f
Certificate

11:09:d5:2e:00:00:00:00:00:02
Certificate

c6:22:05:6f:ba:be:a8:9a:ad:ed:00:84:c4:f4:24:7d:0e:34:b8:e0
Signer

UPX0
Size: - Virtual size: 2.5MB

UPX1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 64KB - Virtual size: 85KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 155KB - Virtual size: 155KB