tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

2.0MB
MD5

b012953451edc5c58c45f40921e4d4b5
SHA1

23ea2b86943739107b60d503353aca7eff04f7bb
SHA256

53216ae04ca65bec2c0503b11a03e2b8bcbc111c226161055e867a5096756f56
SHA512

7bb9a8e853b2637149ceee640bece196b56a7f432b12c9e9fcc057bea43260777911a89579b1b773366156d9d5f19116759553d8386b69235a0cb4af0f3df788
SSDEEP

49152:tRGJYFqpdeL/IfXWrhCI9rxPXrimVm0pD5zqj/HJPV:HjFqpdeLgfXWNXFxTTQ0h5Wj/HJPV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

tmp
.exe windows x86

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:3b:e7:19:ce:0e:78
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

13/05/2012, 10:44

Not After

18/05/2015, 02:29

Subject

CN=深圳第七大道科技有限公司,O=深圳第七大道科技有限公司,L=深圳市,ST=广东省,C=CN,1.2.840.113549.1.9.1=#0c13616c6973612e6c756f4037726f61642e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:5d:b0:dc:1b:27:37:2e:9f:8f:93:d0:15:d5:25:fd:ea:01:da:5d
Signer

Actual PE Digest

7c:5d:b0:dc:1b:27:37:2e:9f:8f:93:d0:15:d5:25:fd:ea:01:da:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

19:9d:f8:8eCertificate

Key Usages

18:3b:e7:19:ce:0e:78Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

7c:5d:b0:dc:1b:27:37:2e:9f:8f:93:d0:15:d5:25:fd:ea:01:da:5dSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 70KB - Virtual size: 72KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 292KB - Virtual size: 291KB

.data Size: 26KB - Virtual size: 55KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 173KB - Virtual size: 173KB

19:9d:f8:8e
Certificate

18:3b:e7:19:ce:0e:78
Certificate

3d
Certificate

7c:5d:b0:dc:1b:27:37:2e:9f:8f:93:d0:15:d5:25:fd:ea:01:da:5d
Signer

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 70KB - Virtual size: 72KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 292KB - Virtual size: 291KB

.data
Size: 26KB - Virtual size: 55KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 173KB - Virtual size: 173KB