1302b878cefca8241a023c41dfdd3c8f6ae312aa1ae4e9c9adeb830670f8acec[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1302b878cefca8241a023c41dfdd3c8f6ae312aa1ae4e9c9adeb830670f8acec.exe.zip
Size

1.6MB
MD5

aa3a5b1238ee97c6190ea9d82bd0db14
SHA1

7bb690b03d2463baaed5e33fca9710046e1fcd50
SHA256

ff1ad7133c3b34e0f1b13c62065d7a4d2ca9369ce275b7a47b7b227c31e3394a
SHA512

ecde4bdde21b170a74293f6ce047e0c69b6874e24e814599df63169c58987e40364f91480bd97c79d35195088949f4adf8980bc8a1f632a664374b1f0ecad320
SSDEEP

49152:Vm9Ju38jOv1AzlCdKwN2skQvbRZeqahI2vfVzD5c:U9J16vTdKwN2skcohI2lu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1302b878cefca8241a023c41dfdd3c8f6ae312aa1ae4e9c9adeb830670f8acec.exe	upx

Files

1302b878cefca8241a023c41dfdd3c8f6ae312aa1ae4e9c9adeb830670f8acec.exe.zip
.zip

Password: infected
1302b878cefca8241a023c41dfdd3c8f6ae312aa1ae4e9c9adeb830670f8acec.exe
.exe windows:5 windows x86

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/02/2019, 12:28

Not After

27/02/2022, 12:28

Subject

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:10:b0:f0:5e:fa:6c:4a:f5:53:e4:db
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign TSA for Standard - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/02/2019, 12:28

Not After

27/02/2022, 12:28

Subject

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:ff:79:f5:71:b3:6e:37:43:24:d2:e0:fb:d0:58:bb:bc:3e:d6:43:b8:c0:b6:04:ec:5a:39:78:ed:af:3f:57
Signer

Actual PE Digest

79:ff:79:f5:71:b3:6e:37:43:24:d2:e0:fb:d0:58:bb:bc:3e:d6:43:b8:c0:b6:04:ec:5a:39:78:ed:af:3f:57

Digest Algorithm

sha256

PE Digest Matches

true

51:a2:38:35:56:da:d5:30:ad:44:ef:d7:87:bd:0d:fe:ba:83:8e:b2
Signer

Actual PE Digest

51:a2:38:35:56:da:d5:30:ad:44:ef:d7:87:bd:0d:fe:ba:83:8e:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

21:52:34:41:93:5e:9a:3a:78:b1:fa:3eCertificate

Extended Key Usages

Key Usages

73:10:b0:f0:5e:fa:6c:4a:f5:53:e4:dbCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

21:52:34:41:93:5e:9a:3a:78:b1:fa:3eCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

79:ff:79:f5:71:b3:6e:37:43:24:d2:e0:fb:d0:58:bb:bc:3e:d6:43:b8:c0:b6:04:ec:5a:39:78:ed:af:3f:57Signer

51:a2:38:35:56:da:d5:30:ad:44:ef:d7:87:bd:0d:fe:ba:83:8e:b2Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.5MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 48KB - Virtual size: 48KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

73:10:b0:f0:5e:fa:6c:4a:f5:53:e4:db
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

79:ff:79:f5:71:b3:6e:37:43:24:d2:e0:fb:d0:58:bb:bc:3e:d6:43:b8:c0:b6:04:ec:5a:39:78:ed:af:3f:57
Signer

51:a2:38:35:56:da:d5:30:ad:44:ef:d7:87:bd:0d:fe:ba:83:8e:b2
Signer

UPX0
Size: - Virtual size: 4.5MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 48KB - Virtual size: 48KB