b62d850f3fe134226475889841f260ec8314e21702e8917aa99addd14a86dd96[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b62d850f3fe134226475889841f260ec8314e21702e8917aa99addd14a86dd96.exe.zip
Size

6.9MB
MD5

dc9e0631340968f99750df67f818f14f
SHA1

e9ea379d32b88705d7c862521081c2eacf6afead
SHA256

94d63de6a1e82d6aef1eb816aec90d0043c3e83a302164d92b46abd478456d84
SHA512

67505c8c5e70169352f61888e8e45d59127107c57fb1dc3be25512743ccbd389334ae748e4d7e26b01652c6455a7ca939a202e57bff3cb0ef1e10d3b460f3cda
SSDEEP

196608:SfUPdbvATrCQpEHvUbDzELjC4Pj+e/P68IcTRc:Sf+dgrCQmvW0v9/Tdc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/b62d850f3fe134226475889841f260ec8314e21702e8917aa99addd14a86dd96.exe	upx

Files

b62d850f3fe134226475889841f260ec8314e21702e8917aa99addd14a86dd96.exe.zip
.zip

Password: infected
b62d850f3fe134226475889841f260ec8314e21702e8917aa99addd14a86dd96.exe
.exe windows:5 windows x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:00:31:0e:8c:5a:23:7e:5c:f8:09:a2:50:ba:f6:f1
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/07/2020, 00:00

Not After

09/09/2021, 12:00

Subject

SERIALNUMBER=2850305,CN=AWERAY LIMITED,O=AWERAY LIMITED,L=Tai Ping Shan,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:38:55:58:fd:12:d2:ad:ea:67:b2:86:f2:8a:2c:9d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/07/2020, 00:00

Not After

09/09/2021, 12:00

Subject

SERIALNUMBER=2850305,CN=AWERAY LIMITED,O=AWERAY LIMITED,L=Tai Ping Shan,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:ed:47:53:49:7b:ad:1a:76:16:72:52:4a:ef:3e:ac:6e:52:7a:24:bd:d8:f6:41:43:ec:f6:f3:b2:08:9a:3e
Signer

Actual PE Digest

2c:ed:47:53:49:7b:ad:1a:76:16:72:52:4a:ef:3e:ac:6e:52:7a:24:bd:d8:f6:41:43:ec:f6:f3:b2:08:9a:3e

Digest Algorithm

sha256

PE Digest Matches

true

e2:4f:81:a1:77:ad:94:4f:8f:5a:21:52:d5:87:c0:69:de:50:0c:f4
Signer

Actual PE Digest

e2:4f:81:a1:77:ad:94:4f:8f:5a:21:52:d5:87:c0:69:de:50:0c:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 15.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

06:00:31:0e:8c:5a:23:7e:5c:f8:09:a2:50:ba:f6:f1Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0e:38:55:58:fd:12:d2:ad:ea:67:b2:86:f2:8a:2c:9dCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

2c:ed:47:53:49:7b:ad:1a:76:16:72:52:4a:ef:3e:ac:6e:52:7a:24:bd:d8:f6:41:43:ec:f6:f3:b2:08:9a:3eSigner

e2:4f:81:a1:77:ad:94:4f:8f:5a:21:52:d5:87:c0:69:de:50:0c:f4Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 15.0MB

UPX1 Size: 7.0MB - Virtual size: 7.0MB

.rsrc Size: 130KB - Virtual size: 132KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

06:00:31:0e:8c:5a:23:7e:5c:f8:09:a2:50:ba:f6:f1
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0e:38:55:58:fd:12:d2:ad:ea:67:b2:86:f2:8a:2c:9d
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

2c:ed:47:53:49:7b:ad:1a:76:16:72:52:4a:ef:3e:ac:6e:52:7a:24:bd:d8:f6:41:43:ec:f6:f3:b2:08:9a:3e
Signer

e2:4f:81:a1:77:ad:94:4f:8f:5a:21:52:d5:87:c0:69:de:50:0c:f4
Signer

UPX0
Size: - Virtual size: 15.0MB

UPX1
Size: 7.0MB - Virtual size: 7.0MB

.rsrc
Size: 130KB - Virtual size: 132KB