4abea2082250ac3bbded68da5b18158ae223beb0159466f2fbf10372af017f9a[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

4abea2082250ac3bbded68da5b18158ae223beb0159466f2fbf10372af017f9a.exe.zip
Size

22.5MB
MD5

361e522a378d3ad8699e17ad67bab8ab
SHA1

0f1215baf64bbe9772afdc4d882f068d7c499eae
SHA256

a7db757dbf0e983881536def95fd3394525f3043017e4de292c7e19ba1f0a56a
SHA512

e3548f7d2d4ccfa1870e0c9aaf009c0c898921885f1f0bee8014e0655a9a9475691f44b082cf93b3a5726593f5c002ad93589b1354af0d13a2b8aa25b97e93f1
SSDEEP

393216:YLny9Jk6Xg5JtKBIP4lfLG4TGKYY9NPiKkKtuLTEYDuHNJF0Skdq5uotEcP:YLny9O/4ljrThn/qKDMLTOt7kdEuQEcP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/4abea2082250ac3bbded68da5b18158ae223beb0159466f2fbf10372af017f9a.exe	upx

Files

4abea2082250ac3bbded68da5b18158ae223beb0159466f2fbf10372af017f9a.exe.zip
.zip

Password: infected
4abea2082250ac3bbded68da5b18158ae223beb0159466f2fbf10372af017f9a.exe
.exe windows:5 windows x86

Code Sign

0b:3e:d0:c3:7e:6f:e0:a3:81:cd:68:3b:de:f4:19:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/10/2022, 00:00

Not After

02/11/2023, 23:59

Subject

CN=Shanghai Best Oray Information S&T Co.\,Ltd.,O=Shanghai Best Oray Information S&T Co.\,Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:3e:d0:c3:7e:6f:e0:a3:81:cd:68:3b:de:f4:19:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/10/2022, 00:00

Not After

02/11/2023, 23:59

Subject

CN=Shanghai Best Oray Information S&T Co.\,Ltd.,O=Shanghai Best Oray Information S&T Co.\,Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:25:a9:7c:bf:8e:9c:b5:bd:9b:b9:a6:38:98:c6:1b:1a:63:d6:01:30:e6:ca:7b:b8:7e:ee:8c:e8:f8:53:35
Signer

Actual PE Digest

ae:25:a9:7c:bf:8e:9c:b5:bd:9b:b9:a6:38:98:c6:1b:1a:63:d6:01:30:e6:ca:7b:b8:7e:ee:8c:e8:f8:53:35

Digest Algorithm

sha256

PE Digest Matches

true

e7:06:21:dd:f3:f0:b9:d2:65:e4:ef:36:da:93:ff:d2:a9:ce:d9:77
Signer

Actual PE Digest

e7:06:21:dd:f3:f0:b9:d2:65:e4:ef:36:da:93:ff:d2:a9:ce:d9:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22.8MB - Virtual size: 22.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

0b:3e:d0:c3:7e:6f:e0:a3:81:cd:68:3b:de:f4:19:ffCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:3e:d0:c3:7e:6f:e0:a3:81:cd:68:3b:de:f4:19:ffCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ae:25:a9:7c:bf:8e:9c:b5:bd:9b:b9:a6:38:98:c6:1b:1a:63:d6:01:30:e6:ca:7b:b8:7e:ee:8c:e8:f8:53:35Signer

e7:06:21:dd:f3:f0:b9:d2:65:e4:ef:36:da:93:ff:d2:a9:ce:d9:77Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 44.6MB

UPX1 Size: 22.8MB - Virtual size: 22.8MB

.rsrc Size: 423KB - Virtual size: 424KB

0b:3e:d0:c3:7e:6f:e0:a3:81:cd:68:3b:de:f4:19:ff
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:3e:d0:c3:7e:6f:e0:a3:81:cd:68:3b:de:f4:19:ff
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:25:a9:7c:bf:8e:9c:b5:bd:9b:b9:a6:38:98:c6:1b:1a:63:d6:01:30:e6:ca:7b:b8:7e:ee:8c:e8:f8:53:35
Signer

e7:06:21:dd:f3:f0:b9:d2:65:e4:ef:36:da:93:ff:d2:a9:ce:d9:77
Signer

UPX0
Size: - Virtual size: 44.6MB

UPX1
Size: 22.8MB - Virtual size: 22.8MB

.rsrc
Size: 423KB - Virtual size: 424KB