123[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

123.zip
Size

3.7MB
MD5

7abd1be29542989847386bc9713e4ba5
SHA1

5d60544d4115523e1f4277cba34d4cc5a3d87cb6
SHA256

a36ee7f1566a2e37ab8c81ae94ad780390b8ed3f1861b55bbb904943e938a6ac
SHA512

9ec270f2d5abea4411b0f4cb3eaf11a8743f861cae87cde829c24c5158dc43924460e8deecaffdff43c90bb06182250bd4e513e2b5d532ff100c6b53ca1c32a4
SSDEEP

98304:65iiaSfCt0RW0dI3BhGPj2r1MuKZSOVstdGTJMwcdpIBfXbGmpWn7:oir0C6cd37GPj2uJSPGFMw4I9M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/123/RdClient.exe	upx

Files

123.zip
.zip
123/RdClient.exe
.exe windows x86

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06/10/2011, 08:39

Not After

06/10/2046, 08:39

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:9e:5e:34:8c:9b:94:c0:91:39:85:95:73:0d:4f:33
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

31/01/2023, 07:49

Not After

30/01/2025, 00:00

Subject

CN=济南快安网络科技有限公司,O=济南快安网络科技有限公司,L=济南市,ST=山东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:a3:a6:36:e9:ca:d7:52:30:ec:d5:9c:47:99:d2:ba:4d:cd:1a:d3:19:69:82:2e:92:9c:4e:eb:17:02:79:fa
Signer

Actual PE Digest

fe:a3:a6:36:e9:ca:d7:52:30:ec:d5:9c:47:99:d2:ba:4d:cd:1a:d3:19:69:82:2e:92:9c:4e:eb:17:02:79:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 9.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
123/cfg.ini
123/host.dat

Sharing

General

Malware Config

Signatures

Files

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9Certificate

Key Usages

08:9e:5e:34:8c:9b:94:c0:91:39:85:95:73:0d:4f:33Certificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

fe:a3:a6:36:e9:ca:d7:52:30:ec:d5:9c:47:99:d2:ba:4d:cd:1a:d3:19:69:82:2e:92:9c:4e:eb:17:02:79:faSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 9.1MB

UPX1 Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 32KB - Virtual size: 32KB

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

08:9e:5e:34:8c:9b:94:c0:91:39:85:95:73:0d:4f:33
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

fe:a3:a6:36:e9:ca:d7:52:30:ec:d5:9c:47:99:d2:ba:4d:cd:1a:d3:19:69:82:2e:92:9c:4e:eb:17:02:79:fa
Signer

UPX0
Size: - Virtual size: 9.1MB

UPX1
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 32KB - Virtual size: 32KB