ec020db4c64bcfa5c9b8d0f2a3c8e092c7324d95c0dde6ff489515e7c7698ed3[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ec020db4c64bcfa5c9b8d0f2a3c8e092c7324d95c0dde6ff489515e7c7698ed3.exe.zip
Size

7.0MB
MD5

22deabdd1f5cbc5b87b798a7bb947f4a
SHA1

bfc7ecd0d7b2726083aa8b7e0bfe0a7e0075c9cc
SHA256

a77ab5dcd11a6694d7d359dbbadd05604156c5c4fa9e96abb1caf2283157c9a6
SHA512

7abdfb73ef590961c474a39b9d6c6dccae49674565460ac0e356ba05cee1e6130fa258e92d226f22e1ea4f2d26dd2887c405e514548ba78937e01524be2582ae
SSDEEP

196608:VFNL7U0MULs+9Qovj8D3E3zCE6OuUoOylYPB6gFE:VFNL7bLs+9h8LQexOMAB6eE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ec020db4c64bcfa5c9b8d0f2a3c8e092c7324d95c0dde6ff489515e7c7698ed3.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

ec020db4c64bcfa5c9b8d0f2a3c8e092c7324d95c0dde6ff489515e7c7698ed3.exe.zip
.zip

Password: infected
ec020db4c64bcfa5c9b8d0f2a3c8e092c7324d95c0dde6ff489515e7c7698ed3.exe
.exe windows:5 windows x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a0:99:e6:4e:21:4d:65:58:01:ea:38:ad:87:67:11
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/09/2020, 00:00

Not After

02/11/2023, 12:00

Subject

CN=Psiphon Inc.,O=Psiphon Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:91:7b:0c:49:27:c6:18:33:35:0e:36:27:ac:f9:6b:9a:ce:66:30
Signer

Actual PE Digest

85:91:7b:0c:49:27:c6:18:33:35:0e:36:27:ac:f9:6b:9a:ce:66:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 13.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.8MB - Virtual size: 17.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a0:99:e6:4e:21:4d:65:58:01:ea:38:ad:87:67:11Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

85:91:7b:0c:49:27:c6:18:33:35:0e:36:27:ac:f9:6b:9a:ce:66:30Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 13.7MB

UPX1 Size: 7.0MB - Virtual size: 7.0MB

.rsrc Size: 87KB - Virtual size: 88KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 27KB - Virtual size: 40KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 17.8MB - Virtual size: 17.8MB

.reloc Size: 69KB - Virtual size: 69KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a0:99:e6:4e:21:4d:65:58:01:ea:38:ad:87:67:11
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

85:91:7b:0c:49:27:c6:18:33:35:0e:36:27:ac:f9:6b:9a:ce:66:30
Signer

UPX0
Size: - Virtual size: 13.7MB

UPX1
Size: 7.0MB - Virtual size: 7.0MB

.rsrc
Size: 87KB - Virtual size: 88KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 27KB - Virtual size: 40KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 17.8MB - Virtual size: 17.8MB

.reloc
Size: 69KB - Virtual size: 69KB