07ec18c02e1298b5b47f04f267e5eecf8a161add80ed85a7d94941f9d9ef318f[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

07ec18c02e1298b5b47f04f267e5eecf8a161add80ed85a7d94941f9d9ef318f.exe.zip
Size

1.3MB
MD5

996c6a40cc419f303624db76d679e058
SHA1

4c37b1a39fa734218699d4cad8887b365aca988b
SHA256

7d946054bdebb6b35eb08111b6a8e54d720ab07ea367df7aadb4933c97422010
SHA512

f200aa26110aa8ab9621085e5f97cfcac1a08fdb423d87ce1bbfdd4bb08a8968766f9bdf896593d95adaaf862e899b5f145874d8909814e72f1a02f3834f21fe
SSDEEP

24576:m6FVVNazmn7PBWwZrcVY7JMALDIio4/72lb1LtbbrWvrU4G1nXJf5gf:rFVfnDBbZrH7JMALWNnrWYRnXnm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/07ec18c02e1298b5b47f04f267e5eecf8a161add80ed85a7d94941f9d9ef318f.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

07ec18c02e1298b5b47f04f267e5eecf8a161add80ed85a7d94941f9d9ef318f.exe.zip
.zip

Password: infected
07ec18c02e1298b5b47f04f267e5eecf8a161add80ed85a7d94941f9d9ef318f.exe
.exe windows:4 windows x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:93:34:d4:1b:37:7d:9c:2f:d1:54:24:b8:ee:42:fe:98:eb:73:9b:33:69:06:8d:ae:d6:d2:a0:bb:eb:39:9d
Signer

Actual PE Digest

55:93:34:d4:1b:37:7d:9c:2f:d1:54:24:b8:ee:42:fe:98:eb:73:9b:33:69:06:8d:ae:d6:d2:a0:bb:eb:39:9d

Digest Algorithm

sha256

PE Digest Matches

true

38:87:35:e4:02:29:32:11:a0:79:90:2f:d6:83:4f:5b:fe:37:2e:b7
Signer

Actual PE Digest

38:87:35:e4:02:29:32:11:a0:79:90:2f:d6:83:4f:5b:fe:37:2e:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

55:93:34:d4:1b:37:7d:9c:2f:d1:54:24:b8:ee:42:fe:98:eb:73:9b:33:69:06:8d:ae:d6:d2:a0:bb:eb:39:9dSigner

38:87:35:e4:02:29:32:11:a0:79:90:2f:d6:83:4f:5b:fe:37:2e:b7Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.3MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 69KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 41KB - Virtual size: 40KB

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 4.1MB - Virtual size: 4.1MB

.rsrc Size: 68KB - Virtual size: 67KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

55:93:34:d4:1b:37:7d:9c:2f:d1:54:24:b8:ee:42:fe:98:eb:73:9b:33:69:06:8d:ae:d6:d2:a0:bb:eb:39:9d
Signer

38:87:35:e4:02:29:32:11:a0:79:90:2f:d6:83:4f:5b:fe:37:2e:b7
Signer

UPX0
Size: - Virtual size: 3.3MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 69KB - Virtual size: 72KB

.code
Size: 41KB - Virtual size: 40KB

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 4.1MB - Virtual size: 4.1MB

.rsrc
Size: 68KB - Virtual size: 67KB