698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9.exe.zip
Size

11.4MB
MD5

dad8c0481455d7bfba387301d4ab375f
SHA1

12f1ce8d315b55c250538afaa2eeac90c50bfe72
SHA256

955aeea006d2ff6be2861e829690b6a9dde281d099d31e6404bc96c33a08406a
SHA512

17e0227954cbfa9c41ec1b62f47e60253218306a10f5e142583dce18d98e25a05f5ab5dcc819b67d852778c881d87c3baa577f66cd98ba63a14380577b93ed25
SSDEEP

196608:hU8z1q14a9yeWNCFGbKw5wUFZiqa2paEQD6B0y119MzBl/SOTFce7Kj9vLFhDa56:qiq1x93yJZta2pBs6Cy7eL/PCe61plao

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9.exe.zip
.zip

Password: infected
698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9.exe
.exe windows:4 windows x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49
Signer

Actual PE Digest

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49

Digest Algorithm

sha256

PE Digest Matches

true

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8e
Signer

Actual PE Digest

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.5MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20.8MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49Signer

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8eSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.7MB

UPX1 Size: 11.5MB - Virtual size: 11.6MB

.rsrc Size: 84KB - Virtual size: 88KB

Headers

File Characteristics

Sections

.code Size: 254KB - Virtual size: 254KB

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 20.8MB - Virtual size: 21.2MB

.rsrc Size: 83KB - Virtual size: 82KB

.modplug Size: - Virtual size: 20KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49
Signer

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8e
Signer

UPX0
Size: - Virtual size: 10.7MB

UPX1
Size: 11.5MB - Virtual size: 11.6MB

.rsrc
Size: 84KB - Virtual size: 88KB

.code
Size: 254KB - Virtual size: 254KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 20.8MB - Virtual size: 21.2MB

.rsrc
Size: 83KB - Virtual size: 82KB

.modplug
Size: - Virtual size: 20KB