4546FEBCB3C32451D1D5D128FD87FBD7[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4546FEBCB3C32451D1D5D128FD87FBD7.zip
Size

3.2MB
MD5

7b5a9cd4b97a7fa43a07ea25bac44fe6
SHA1

cb7bc6f644d601a5e50de40c1678d64b9f6508ac
SHA256

0970966134c9cc99e8bc48ed319e2199fc1c985bc1a62bb58a3bbf2f21862ae2
SHA512

071b7037c39bfdefe5001979a90bb07f6ee609671a2aef0074f9f4ef86323a03b641d769533278b8145377c86ad9b57e5030c98d441235c41f5b007e6372e9ef
SSDEEP

98304:eHeytZgoWf9ENOJVvdDx7lsm/gij31e4I:eeyt+oWf9iO71rsm/h3U4I

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/g2ax_customer_combined_dll_core_win32_x86_1702.exe/g2ax_customer_combined_dll_core_win32_x86_1702.exe	upx

Files

4546FEBCB3C32451D1D5D128FD87FBD7.zip
.zip

Password: infected
details.json
g2ax_customer_combined_dll_core_win32_x86_1702.exe/g2ax_customer_combined_dll_core_win32_x86_1702.exe
.exe windows:5 windows x86

Code Sign

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-10-2018 00:00

Not After

03-11-2021 12:00

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-10-2018 00:00

Not After

03-11-2021 12:00

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:4f:17:e4:2d:78:c1:7c:6e:a6:c5:57:c9:94:b6:6a:d2:1a:a1:8d:be:fd:d1:14:7b:22:c5:0b:34:40:fe:4b
Signer

Actual PE Digest

e2:4f:17:e4:2d:78:c1:7c:6e:a6:c5:57:c9:94:b6:6a:d2:1a:a1:8d:be:fd:d1:14:7b:22:c5:0b:34:40:fe:4b

Digest Algorithm

sha256

PE Digest Matches

true

e1:ed:ff:a0:df:c6:38:dc:61:a0:56:c1:92:4b:90:e7:0e:aa:c2:05
Signer

Actual PE Digest

e1:ed:ff:a0:df:c6:38:dc:61:a0:56:c1:92:4b:90:e7:0e:aa:c2:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 26.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

e2:4f:17:e4:2d:78:c1:7c:6e:a6:c5:57:c9:94:b6:6a:d2:1a:a1:8d:be:fd:d1:14:7b:22:c5:0b:34:40:fe:4bSigner

e1:ed:ff:a0:df:c6:38:dc:61:a0:56:c1:92:4b:90:e7:0e:aa:c2:05Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 26.5MB

UPX1 Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 294KB - Virtual size: 296KB

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

e2:4f:17:e4:2d:78:c1:7c:6e:a6:c5:57:c9:94:b6:6a:d2:1a:a1:8d:be:fd:d1:14:7b:22:c5:0b:34:40:fe:4b
Signer

e1:ed:ff:a0:df:c6:38:dc:61:a0:56:c1:92:4b:90:e7:0e:aa:c2:05
Signer

UPX0
Size: - Virtual size: 26.5MB

UPX1
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 294KB - Virtual size: 296KB