016831e603740b92e481801d63bec676ae92ca4139a9cf7b5e820ff5584ea61e[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

016831e603740b92e481801d63bec676ae92ca4139a9cf7b5e820ff5584ea61e.exe.zip
Size

222.6MB
MD5

a891af719ee25eb3e902ca632851bfc4
SHA1

89d04b0095d139930c2f1245cd385f1cf6d66269
SHA256

b0c404e0076aa3ddedb77278b420ae8981c51dfed5597ecad398296d5aeceafa
SHA512

bd2640e0cb006a54fb1094c511894116d27bea6f80c9732d6045e7cf420651130149e47b2da59b292ab65b282e65fa509f277571a3ebb097271471360f3a20ce
SSDEEP

6291456:ct+fEZ4sQbnIUmvWaQH/QNBeG5V6DMny1iAhe:DfEZjQEX+Ejry0Me

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/016831e603740b92e481801d63bec676ae92ca4139a9cf7b5e820ff5584ea61e.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

016831e603740b92e481801d63bec676ae92ca4139a9cf7b5e820ff5584ea61e.exe.zip
.zip

Password: infected
016831e603740b92e481801d63bec676ae92ca4139a9cf7b5e820ff5584ea61e.exe
.exe windows:4 windows x86

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-04-2021 00:00

Not After

20-04-2022 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:68:75:a3:11:aa:d4:92:fa:59:0f:6d:72:79:dd:c0:26:8b:df:26:34:a0:de:49:ec:f8:02:b6:fd:9b:26:b9
Signer

Actual PE Digest

03:68:75:a3:11:aa:d4:92:fa:59:0f:6d:72:79:dd:c0:26:8b:df:26:34:a0:de:49:ec:f8:02:b6:fd:9b:26:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 524KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:ebCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

03:68:75:a3:11:aa:d4:92:fa:59:0f:6d:72:79:dd:c0:26:8b:df:26:34:a0:de:49:ec:f8:02:b6:fd:9b:26:b9Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 524KB

UPX1 Size: 319KB - Virtual size: 320KB

.rsrc Size: 81KB - Virtual size: 84KB

Headers

File Characteristics

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 148KB - Virtual size: 146KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

03:68:75:a3:11:aa:d4:92:fa:59:0f:6d:72:79:dd:c0:26:8b:df:26:34:a0:de:49:ec:f8:02:b6:fd:9b:26:b9
Signer

UPX0
Size: - Virtual size: 524KB

UPX1
Size: 319KB - Virtual size: 320KB

.rsrc
Size: 81KB - Virtual size: 84KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 148KB - Virtual size: 146KB