8c5c857b6904cabff9870b1ae6683d967c1c9db21b39d60dbeceacdb27d4d20a[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8c5c857b6904cabff9870b1ae6683d967c1c9db21b39d60dbeceacdb27d4d20a.exe.zip
Size

1.9MB
MD5

2f055852e5c0149f3e48b139c4128a38
SHA1

c4d3bbff92bae5186ac1bc5db04c1648720905ce
SHA256

7568f583e90a0b3084564e6229d9f5c063fb5aa9f625691f9507633309c77d17
SHA512

f4221322cc48a236aa867e52f180e998495c3bb400c9818f282d66e97360771f6d7195eaf85579d56de2be006d8804f15a59f70d0809b64936895115500682fc
SSDEEP

49152:ZG05Ac/sMxY6ADGmA/EQ9qoYdIu3yxnHNOKm2QN97UU7RD:QoiMu6pmAcsYdIuAntA2Q4q5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/8c5c857b6904cabff9870b1ae6683d967c1c9db21b39d60dbeceacdb27d4d20a.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

8c5c857b6904cabff9870b1ae6683d967c1c9db21b39d60dbeceacdb27d4d20a.exe.zip
.zip

Password: infected
8c5c857b6904cabff9870b1ae6683d967c1c9db21b39d60dbeceacdb27d4d20a.exe
.exe windows:5 windows x86

Code Sign

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40
Certificate

Issuer

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Not Before

09/11/2017, 17:25

Not After

09/11/2020, 17:55

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:63:e2:e2
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

10/09/2009, 21:59

Not After

10/09/2019, 22:29

Subject

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:a1:c6:8d:23:a8:ef:98:00:00:00:00:55:65:47:82
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

15/08/2017, 00:13

Not After

15/08/2019, 00:43

Subject

SERIALNUMBER=91110108700000458B,CN=Lenovo (Beijing) Limited,O=Lenovo (Beijing) Limited,L=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2015, 20:55

Not After

07/07/2025, 20:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:a1:c6:8d:23:a8:ef:98:00:00:00:00:55:65:47:82
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

15/08/2017, 00:13

Not After

15/08/2019, 00:43

Subject

SERIALNUMBER=91110108700000458B,CN=Lenovo (Beijing) Limited,O=Lenovo (Beijing) Limited,L=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2015, 20:55

Not After

07/07/2025, 20:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:46:0b:f3:8c:57:42:20:00:00:00:00:55:91:c4:09
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

09/11/2017, 17:41

Not After

09/02/2029, 18:11

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:d5:70:41:88:66:be:e3:d5:ca:fc:88:5c:5d:b2:7a:1d:29:1e:32:36:99:40:aa:a1:5a:ed:84:4d:fb:b4:43
Signer

Actual PE Digest

ae:d5:70:41:88:66:be:e3:d5:ca:fc:88:5c:5d:b2:7a:1d:29:1e:32:36:99:40:aa:a1:5a:ed:84:4d:fb:b4:43

Digest Algorithm

sha256

PE Digest Matches

true

22:74:47:1f:45:7e:59:93:fe:51:59:80:0d:d9:b1:09:46:f3:91:9d
Signer

Actual PE Digest

22:74:47:1f:45:7e:59:93:fe:51:59:80:0d:d9:b1:09:46:f3:91:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 731KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40Certificate

Extended Key Usages

Key Usages

38:63:e2:e2Certificate

Key Usages

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

c5:a1:c6:8d:23:a8:ef:98:00:00:00:00:55:65:47:82Certificate

Extended Key Usages

Key Usages

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42Certificate

Extended Key Usages

Key Usages

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

c5:a1:c6:8d:23:a8:ef:98:00:00:00:00:55:65:47:82Certificate

Extended Key Usages

Key Usages

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42Certificate

Extended Key Usages

Key Usages

13:46:0b:f3:8c:57:42:20:00:00:00:00:55:91:c4:09Certificate

Extended Key Usages

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

ae:d5:70:41:88:66:be:e3:d5:ca:fc:88:5c:5d:b2:7a:1d:29:1e:32:36:99:40:aa:a1:5a:ed:84:4d:fb:b4:43Signer

22:74:47:1f:45:7e:59:93:fe:51:59:80:0d:d9:b1:09:46:f3:91:9dSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 20KB - Virtual size: 24KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 731KB - Virtual size: 731KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 51KB - Virtual size: 50KB

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40
Certificate

38:63:e2:e2
Certificate

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

c5:a1:c6:8d:23:a8:ef:98:00:00:00:00:55:65:47:82
Certificate

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

c5:a1:c6:8d:23:a8:ef:98:00:00:00:00:55:65:47:82
Certificate

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

13:46:0b:f3:8c:57:42:20:00:00:00:00:55:91:c4:09
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

ae:d5:70:41:88:66:be:e3:d5:ca:fc:88:5c:5d:b2:7a:1d:29:1e:32:36:99:40:aa:a1:5a:ed:84:4d:fb:b4:43
Signer

22:74:47:1f:45:7e:59:93:fe:51:59:80:0d:d9:b1:09:46:f3:91:9d
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 20KB - Virtual size: 24KB

.text
Size: 731KB - Virtual size: 731KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 51KB - Virtual size: 50KB