3569564b7c3103e59ba9859b3c3ecbd87c565d77203cb2b5dd919473936cfd56[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

3569564b7c3103e59ba9859b3c3ecbd87c565d77203cb2b5dd919473936cfd56.exe.zip
Size

516KB
MD5

d8aef8e1ba55284728b80bdd0ab943cb
SHA1

57a67df366e86a677029cc3a2b4e55d91c88dffa
SHA256

61821570765ff6f6637134ad7d3080000f58c9df32ee54b7f49d74972fc2dc1f
SHA512

7087baa5acfeef763b381d4ac37ce5d9e59b63b40ecc96350b1f9527f105631d0f9abdc44cc9304416501efe71b5a3846e016f9016f41be135fa0de070d57efa
SSDEEP

12288:HsDldLE5LTtDvUZVMPJv9Tz1jCBJ2sWSg2jl5T8DfnSjvtn:MDlcGZM5Tm2RY8DfSjvx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/3569564b7c3103e59ba9859b3c3ecbd87c565d77203cb2b5dd919473936cfd56.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

3569564b7c3103e59ba9859b3c3ecbd87c565d77203cb2b5dd919473936cfd56.exe.zip
.zip

Password: infected
3569564b7c3103e59ba9859b3c3ecbd87c565d77203cb2b5dd919473936cfd56.exe
.exe windows:5 windows x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:95:51:a1:d1:ae:ec:f7
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

06/01/2017, 13:55

Not After

06/01/2020, 13:55

Subject

CN=Data4U,O=Data4U,L=Brasilia,ST=Distrito Federal,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:6e:3d:7d:23:36:25:4d
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c5:5d:73:c4:be:65:44:2b:d7:98:eb:34:c0:51:4d:6e:e2:24:f1:9a
Signer

Actual PE Digest

c5:5d:73:c4:be:65:44:2b:d7:98:eb:34:c0:51:4d:6e:e2:24:f1:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 510KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

f5:95:51:a1:d1:ae:ec:f7Certificate

Extended Key Usages

Key Usages

3c:6e:3d:7d:23:36:25:4dCertificate

Extended Key Usages

Key Usages

c5:5d:73:c4:be:65:44:2b:d7:98:eb:34:c0:51:4d:6e:e2:24:f1:9aSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 510KB - Virtual size: 512KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 15KB

.bss Size: - Virtual size: 21KB

.idata Size: 13KB - Virtual size: 12KB

.didata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 100B

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 162KB - Virtual size: 162KB

.rsrc Size: 172KB - Virtual size: 172KB

1b:e7:15
Certificate

07
Certificate

f5:95:51:a1:d1:ae:ec:f7
Certificate

3c:6e:3d:7d:23:36:25:4d
Certificate

c5:5d:73:c4:be:65:44:2b:d7:98:eb:34:c0:51:4d:6e:e2:24:f1:9a
Signer

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 510KB - Virtual size: 512KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 13KB - Virtual size: 12KB

.didata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 100B

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 162KB - Virtual size: 162KB

.rsrc
Size: 172KB - Virtual size: 172KB