01a1b964ebe12076ca8dd16febc638c47f709400d951ae00e813edc90c7cd013[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

01a1b964ebe12076ca8dd16febc638c47f709400d951ae00e813edc90c7cd013.exe.zip
Size

1.6MB
MD5

cf4fc70c6b044111ae918add83c7b050
SHA1

a1a21eec41c4244a78957d4a1167ae050293e385
SHA256

aec1823eb4c53f55bd5c3c06c761047b93c8e4f04211d707d7f2b36a7b6d23a7
SHA512

55edc2fa6ab2e417d43694d7792c36aaf6207bb4f89f58f960eb9f987c0f3ba9982ded32a00d1a53b69f8d510b2e74efd21f0831e7eae8c6dcbe07978d6d2dca
SSDEEP

24576:w5N4OZwgYzjRGHyfwQkFMU0/mDmJqGVwerDfPrm9vwpN+ih2OZfULSIJTnSGYfK7:w5u53fqYmDDGSePPrG9o1Za7SGYScWh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/01a1b964ebe12076ca8dd16febc638c47f709400d951ae00e813edc90c7cd013.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

01a1b964ebe12076ca8dd16febc638c47f709400d951ae00e813edc90c7cd013.exe.zip
.zip

Password: infected
01a1b964ebe12076ca8dd16febc638c47f709400d951ae00e813edc90c7cd013.exe
.exe windows:5 windows x86

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/02/2019, 12:28

Not After

27/02/2022, 12:28

Subject

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:10:b0:f0:5e:fa:6c:4a:f5:53:e4:db
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign TSA for Standard - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/02/2019, 12:28

Not After

27/02/2022, 12:28

Subject

CN=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,O=Teknopars Bilisim Teknolojileri Sanayi ve Ticaret Ltd. Sti.,L=Esenler,ST=Istanbul,C=TR,1.2.840.113549.1.9.1=#0c1362696c67694074656b6e6f706172732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:c4:94:5a:64:5a:b0:74:87:da:5c:36:53:58:71:fc:af:fa:40:b3:e0:d0:e7:b1:7e:9c:2e:c3:f5:2f:83:5b
Signer

Actual PE Digest

e0:c4:94:5a:64:5a:b0:74:87:da:5c:36:53:58:71:fc:af:fa:40:b3:e0:d0:e7:b1:7e:9c:2e:c3:f5:2f:83:5b

Digest Algorithm

sha256

PE Digest Matches

true

00:65:67:50:35:11:b1:19:6e:0f:81:2c:d2:26:e0:d9:5e:bd:6b:76
Signer

Actual PE Digest

00:65:67:50:35:11:b1:19:6e:0f:81:2c:d2:26:e0:d9:5e:bd:6b:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 84B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

21:52:34:41:93:5e:9a:3a:78:b1:fa:3eCertificate

Extended Key Usages

Key Usages

73:10:b0:f0:5e:fa:6c:4a:f5:53:e4:dbCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

21:52:34:41:93:5e:9a:3a:78:b1:fa:3eCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

e0:c4:94:5a:64:5a:b0:74:87:da:5c:36:53:58:71:fc:af:fa:40:b3:e0:d0:e7:b1:7e:9c:2e:c3:f5:2f:83:5bSigner

00:65:67:50:35:11:b1:19:6e:0f:81:2c:d2:26:e0:d9:5e:bd:6b:76Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.5MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 48KB - Virtual size: 48KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.itext Size: 11KB - Virtual size: 11KB

.data Size: 85KB - Virtual size: 84KB

.bss Size: - Virtual size: 28KB

.idata Size: 17KB - Virtual size: 16KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 160B

.tls Size: - Virtual size: 84B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 412KB - Virtual size: 411KB

.rsrc Size: 553KB - Virtual size: 553KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

73:10:b0:f0:5e:fa:6c:4a:f5:53:e4:db
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

21:52:34:41:93:5e:9a:3a:78:b1:fa:3e
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

e0:c4:94:5a:64:5a:b0:74:87:da:5c:36:53:58:71:fc:af:fa:40:b3:e0:d0:e7:b1:7e:9c:2e:c3:f5:2f:83:5b
Signer

00:65:67:50:35:11:b1:19:6e:0f:81:2c:d2:26:e0:d9:5e:bd:6b:76
Signer

UPX0
Size: - Virtual size: 4.5MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 48KB - Virtual size: 48KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.itext
Size: 11KB - Virtual size: 11KB

.data
Size: 85KB - Virtual size: 84KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 17KB - Virtual size: 16KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 160B

.tls
Size: - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 412KB - Virtual size: 411KB

.rsrc
Size: 553KB - Virtual size: 553KB