ca47df156216f0d0155ed2128fb1bd0ebfa411f864b6f062ada292000a57fe98[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ca47df156216f0d0155ed2128fb1bd0ebfa411f864b6f062ada292000a57fe98.exe.zip
Size

159KB
MD5

9598845e5749b815ea05fb4e61d81c0b
SHA1

e702b1e129dd847565379125a728a0dbb975aa59
SHA256

962e3f9c9646a82e128ff2ab105d0b13752026fb5964635839cee14d3f7def9f
SHA512

2fd7a6666a31601ca44ef4d0d4b5b559db7fb8dbb4a1767dda6ac85e191515a19f0c2602962f53e6efcb7fd2f0e7e87a5a904e62a06498335306fce021d5883b
SSDEEP

3072:kYMGo5WvVd3SApLwhciVr8FZXk3TRjDahVKs4OIqPeEpw3BmzcQU:v2W/31whci1AXk3JahVj45qGB8cB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ca47df156216f0d0155ed2128fb1bd0ebfa411f864b6f062ada292000a57fe98.exe	upx

Files

ca47df156216f0d0155ed2128fb1bd0ebfa411f864b6f062ada292000a57fe98.exe.zip
.zip

Password: infected
ca47df156216f0d0155ed2128fb1bd0ebfa411f864b6f062ada292000a57fe98.exe
.exe windows:4 windows x86

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

12/12/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

19/11/2002, 00:00

Not After

19/11/2003, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:64:cb:30:33:4c:81:85:f2:36:1f:d2:22:34:d6:ca:76:9a:24:63
Signer

Actual PE Digest

4b:64:cb:30:33:4c:81:85:f2:36:1f:d2:22:34:d6:ca:76:9a:24:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57Certificate

Extended Key Usages

Key Usages

4b:64:cb:30:33:4c:81:85:f2:36:1f:d2:22:34:d6:ca:76:9a:24:63Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 532KB

UPX1 Size: 155KB - Virtual size: 156KB

.rsrc Size: 4KB - Virtual size: 8KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57
Certificate

4b:64:cb:30:33:4c:81:85:f2:36:1f:d2:22:34:d6:ca:76:9a:24:63
Signer

UPX0
Size: - Virtual size: 532KB

UPX1
Size: 155KB - Virtual size: 156KB

.rsrc
Size: 4KB - Virtual size: 8KB