f92f1e572619dfa04356daf942f6d86295a4f02ade18b4826077cb3a3c1d95a1[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f92f1e572619dfa04356daf942f6d86295a4f02ade18b4826077cb3a3c1d95a1.exe.zip
Size

950KB
MD5

f21f7c6d16f910790fbdaa6aa7970a95
SHA1

fbe5ea5fc52a3013ea085cb281513d7e5555997c
SHA256

f8b70f627047a99542040c2b61572eefbe9ccfbc944933ee9951197a993b23dd
SHA512

902c4c4f624bbbfba424cfa75afeb746320382c370f721bb623da262c1a1fdf081058745ffdc4e9e93160f800906f94b0cd6d1ee085a3e15e874ecbdc99f6665
SSDEEP

24576:FUTmCWBOCHTVDumiejTaq9y1IEV+aKM3dQKiHlM1Nl9sP1:F+m7ICHTVDumievawgZdiHlM1N4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/f92f1e572619dfa04356daf942f6d86295a4f02ade18b4826077cb3a3c1d95a1.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

f92f1e572619dfa04356daf942f6d86295a4f02ade18b4826077cb3a3c1d95a1.exe.zip
.zip

Password: infected
f92f1e572619dfa04356daf942f6d86295a4f02ade18b4826077cb3a3c1d95a1.exe
.exe windows:4 windows x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:85:51:72:e5:1e:15:71:80:1e:f7:ae:30:cf:15:eb:fe:8d:44:7f:4b:f5:bc:19:bf:9b:4c:60:33:ef:e8:8a
Signer

Actual PE Digest

62:85:51:72:e5:1e:15:71:80:1e:f7:ae:30:cf:15:eb:fe:8d:44:7f:4b:f5:bc:19:bf:9b:4c:60:33:ef:e8:8a

Digest Algorithm

sha256

PE Digest Matches

true

29:ca:04:a8:53:8b:be:96:81:57:28:f8:30:69:c7:66:1c:ad:3a:d3
Signer

Actual PE Digest

29:ca:04:a8:53:8b:be:96:81:57:28:f8:30:69:c7:66:1c:ad:3a:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 960KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

62:85:51:72:e5:1e:15:71:80:1e:f7:ae:30:cf:15:eb:fe:8d:44:7f:4b:f5:bc:19:bf:9b:4c:60:33:ef:e8:8aSigner

29:ca:04:a8:53:8b:be:96:81:57:28:f8:30:69:c7:66:1c:ad:3a:d3Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 960KB - Virtual size: 960KB

.rsrc Size: 84KB - Virtual size: 84KB

Headers

File Characteristics

Sections

.code Size: 32KB - Virtual size: 32KB

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 83KB - Virtual size: 82KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

62:85:51:72:e5:1e:15:71:80:1e:f7:ae:30:cf:15:eb:fe:8d:44:7f:4b:f5:bc:19:bf:9b:4c:60:33:ef:e8:8a
Signer

29:ca:04:a8:53:8b:be:96:81:57:28:f8:30:69:c7:66:1c:ad:3a:d3
Signer

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 960KB - Virtual size: 960KB

.rsrc
Size: 84KB - Virtual size: 84KB

.code
Size: 32KB - Virtual size: 32KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 83KB - Virtual size: 82KB