cb7ac077b247088c88c62bab4a42e8364c3c4783b4bff44e08e23bf2c9dbb83c

Sharing

Copy URL Twitter E-mail

General

Target

cb7ac077b247088c88c62bab4a42e8364c3c4783b4bff44e08e23bf2c9dbb83c
Size

2.3MB
MD5

0e50ed1a0e86e59ffe31494f02edc7af
SHA1

4c9e7215015ea317927d78e7c9f817f2e3a9536a
SHA256

cb7ac077b247088c88c62bab4a42e8364c3c4783b4bff44e08e23bf2c9dbb83c
SHA512

eda21d02cbe19610083127e50a66eae379b25acb52d8974ae565ed66268e5912543ab749ccb68a53a35be0d338ea240204f9fc3927c5a0f6d2d98c5d0e9b95f7
SSDEEP

49152:u+dIxTLAXjRHSQlGsSDb0uBhw+kMHI7jB4uH1sPcwkXB/EHNCxtI8k+6F:u+KxLeNHvQDbFUCA4uVacdREHNKtIX+E

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/MSAct++ 2.07.8/MSAct++ x64.exe	upx
static1/unpack001/MSAct++ 2.07.8/MSAct++.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx

Files

cb7ac077b247088c88c62bab4a42e8364c3c4783b4bff44e08e23bf2c9dbb83c
.zip
MSAct++ 2.07.8/MSAct++ x64.exe
.exe windows:5 windows x64

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:2a:31:55:12:31:8a:09:7c:26:86:ed:03:a1:a7:f1:20:0e:ef:92:9d:c8:ea:65:5a:0b:b2:be:6a:3b:54:10
Signer

Actual PE Digest

08:2a:31:55:12:31:8a:09:7c:26:86:ed:03:a1:a7:f1:20:0e:ef:92:9d:c8:ea:65:5a:0b:b2:be:6a:3b:54:10

Digest Algorithm

sha256

PE Digest Matches

true

26:41:ae:24:c0:be:6a:b8:92:9b:b9:f8:4a:5d:e8:69:f5:b8:90:4e
Signer

Actual PE Digest

26:41:ae:24:c0:be:6a:b8:92:9b:b9:f8:4a:5d:e8:69:f5:b8:90:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 589KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSAct++ 2.07.8/MSAct++ x64.log
MSAct++ 2.07.8/MSAct++.exe
.exe windows:4 windows x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:e9:3b:4f:1f:04:62:b4:a0:b4:e3:de:63:c6:b9:22:f2:26:29:f2:c3:6a:fa:a6:d2:df:63:78:86:55:d7:87
Signer

Actual PE Digest

81:e9:3b:4f:1f:04:62:b4:a0:b4:e3:de:63:c6:b9:22:f2:26:29:f2:c3:6a:fa:a6:d2:df:63:78:86:55:d7:87

Digest Algorithm

sha256

PE Digest Matches

true

65:b6:bd:ad:eb:6e:84:57:ba:85:02:e0:74:c5:5f:bd:79:60:1f:af
Signer

Actual PE Digest

65:b6:bd:ad:eb:6e:84:57:ba:85:02:e0:74:c5:5f:bd:79:60:1f:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 579KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSAct++ 2.07.8/msact++.db
MSAct++ 2.07.8/readme_msact++_en.txt
MSAct++ 2.07.8/readme_msact++_ru.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

08:2a:31:55:12:31:8a:09:7c:26:86:ed:03:a1:a7:f1:20:0e:ef:92:9d:c8:ea:65:5a:0b:b2:be:6a:3b:54:10Signer

26:41:ae:24:c0:be:6a:b8:92:9b:b9:f8:4a:5d:e8:69:f5:b8:90:4eSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 70KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 186KB - Virtual size: 185KB

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 291KB - Virtual size: 290KB

.pdata Size: 72KB - Virtual size: 71KB

.data Size: 589KB - Virtual size: 625KB

.rsrc Size: 68KB - Virtual size: 68KB

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

81:e9:3b:4f:1f:04:62:b4:a0:b4:e3:de:63:c6:b9:22:f2:26:29:f2:c3:6a:fa:a6:d2:df:63:78:86:55:d7:87Signer

65:b6:bd:ad:eb:6e:84:57:ba:85:02:e0:74:c5:5f:bd:79:60:1f:afSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 69KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 113KB - Virtual size: 113KB

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 579KB - Virtual size: 605KB

.rsrc Size: 68KB - Virtual size: 68KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

08:2a:31:55:12:31:8a:09:7c:26:86:ed:03:a1:a7:f1:20:0e:ef:92:9d:c8:ea:65:5a:0b:b2:be:6a:3b:54:10
Signer

26:41:ae:24:c0:be:6a:b8:92:9b:b9:f8:4a:5d:e8:69:f5:b8:90:4e
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 70KB - Virtual size: 72KB

.code
Size: 186KB - Virtual size: 185KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 291KB - Virtual size: 290KB

.pdata
Size: 72KB - Virtual size: 71KB

.data
Size: 589KB - Virtual size: 625KB

.rsrc
Size: 68KB - Virtual size: 68KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

81:e9:3b:4f:1f:04:62:b4:a0:b4:e3:de:63:c6:b9:22:f2:26:29:f2:c3:6a:fa:a6:d2:df:63:78:86:55:d7:87
Signer

65:b6:bd:ad:eb:6e:84:57:ba:85:02:e0:74:c5:5f:bd:79:60:1f:af
Signer

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 69KB - Virtual size: 72KB

.code
Size: 113KB - Virtual size: 113KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 579KB - Virtual size: 605KB

.rsrc
Size: 68KB - Virtual size: 68KB