e75cf08167a1a9b535cbe898a692ef1dca90111cfd0d6e725fbf2e23da0a8bfd[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

e75cf08167a1a9b535cbe898a692ef1dca90111cfd0d6e725fbf2e23da0a8bfd.exe.zip
Size

158KB
MD5

a8213d48b9b5afba5620fd5a1366bebd
SHA1

781504b648eddbbc526096530276efdeb6c4309f
SHA256

877ca047667aac5dcd974c8ee6ed166de611e574e70ef71adee1ec6d314762b4
SHA512

05f93a4cdee244cd1a3eff4a4534b683cdd4b74acea9052c860dc0d589fc228026422facd63378151aa8e50c63d50ac09b1ac20522b20625594d3d1ede959e57
SSDEEP

3072:rufLCCV8TItTvOccSiiqNiQXkTNirYAodM9b56lki7YJyOs5UD:qOCVbtTmBri6PkTGogzs5UD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/e75cf08167a1a9b535cbe898a692ef1dca90111cfd0d6e725fbf2e23da0a8bfd.exe	upx

Files

e75cf08167a1a9b535cbe898a692ef1dca90111cfd0d6e725fbf2e23da0a8bfd.exe.zip
.zip

Password: infected
e75cf08167a1a9b535cbe898a692ef1dca90111cfd0d6e725fbf2e23da0a8bfd.exe
.exe windows:4 windows x86

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

12/12/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

19/11/2002, 00:00

Not After

19/11/2003, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:f8:8c:07:9b:23:28:30:c2:1e:89:33:4a:7c:70:86:13:81:02:a8
Signer

Actual PE Digest

c9:f8:8c:07:9b:23:28:30:c2:1e:89:33:4a:7c:70:86:13:81:02:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57Certificate

Extended Key Usages

Key Usages

c9:f8:8c:07:9b:23:28:30:c2:1e:89:33:4a:7c:70:86:13:81:02:a8Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 532KB

UPX1 Size: 154KB - Virtual size: 156KB

.rsrc Size: 4KB - Virtual size: 8KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57
Certificate

c9:f8:8c:07:9b:23:28:30:c2:1e:89:33:4a:7c:70:86:13:81:02:a8
Signer

UPX0
Size: - Virtual size: 532KB

UPX1
Size: 154KB - Virtual size: 156KB

.rsrc
Size: 4KB - Virtual size: 8KB