2afba858f205bac5062d30dfa2645536522c26db3b3d86562c879dbbfb1d9cd7

General

Target

2afba858f205bac5062d30dfa2645536522c26db3b3d86562c879dbbfb1d9cd7
Size

412KB
MD5

aac3368fc9f458e4e4c819a5f2bc4b12
SHA1

67b99bfd2a54eabdc9c87aceb049600f491bd737
SHA256

2afba858f205bac5062d30dfa2645536522c26db3b3d86562c879dbbfb1d9cd7
SHA512

c10e5bdd573b892bcc132c36e614438b1b845ed4f2696866085c5e0033e9fe8fd7602124107dffa541a29144e7e648dbcd44f3193e46aec9b044c1a3542be24d
SSDEEP

6144:paFSkSF36ZhByRenZ0f8wU9SLNvWKASiT/+QcUKk2XkuxU9gTrgLKoNMYgF:w236bGKZy3RFQOXkuxU9gTN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

2afba858f205bac5062d30dfa2645536522c26db3b3d86562c879dbbfb1d9cd7
.exe windows:4 windows x86

Code Sign

2c:f0:eb:4c:28:64:53:aa:45:4f:cd:c8:ce:cb:dd:c4
Certificate

Issuer

CN=ChongZi,O=虫子,1.2.840.113549.1.9.1=#0c11313631353435373733344071712e636f6d

Not Before

26/06/2014, 02:05

Not After

31/12/2039, 23:59

Subject

CN=ChongZi,O=虫子,1.2.840.113549.1.9.1=#0c11313631353435373733344071712e636f6d

56:c9:b2:b6:59:33:fe:09:8d:a9:70:7a:34:73:d8:ab:69:49:d8:71
Signer

Actual PE Digest

56:c9:b2:b6:59:33:fe:09:8d:a9:70:7a:34:73:d8:ab:69:49:d8:71

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 401KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 496KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

2c:f0:eb:4c:28:64:53:aa:45:4f:cd:c8:ce:cb:dd:c4Certificate

56:c9:b2:b6:59:33:fe:09:8d:a9:70:7a:34:73:d8:ab:69:49:d8:71Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 624KB

UPX1 Size: 401KB - Virtual size: 404KB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 496KB - Virtual size: 492KB

.rdata Size: 344KB - Virtual size: 341KB

.data Size: 72KB - Virtual size: 158KB

.rsrc Size: 16KB - Virtual size: 13KB

2c:f0:eb:4c:28:64:53:aa:45:4f:cd:c8:ce:cb:dd:c4
Certificate

56:c9:b2:b6:59:33:fe:09:8d:a9:70:7a:34:73:d8:ab:69:49:d8:71
Signer

UPX0
Size: - Virtual size: 624KB

UPX1
Size: 401KB - Virtual size: 404KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 496KB - Virtual size: 492KB

.rdata
Size: 344KB - Virtual size: 341KB

.data
Size: 72KB - Virtual size: 158KB

.rsrc
Size: 16KB - Virtual size: 13KB