af60522655e6c87a174b4d066b9d7f99c3b1958df3ae40cf3ec8b60249a8d9a0[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

af60522655e6c87a174b4d066b9d7f99c3b1958df3ae40cf3ec8b60249a8d9a0.exe.zip
Size

4.9MB
MD5

528fb774e3e5b9c073df4bdbfd08330d
SHA1

b5de3e0a3c0b78757ae5f2948695eb75efbca46a
SHA256

36f2664320f67d0fc3cda3c6793e45b66ca50783d61807534300607d0344195f
SHA512

737903cdb61cbd886154e51eb9f5abb44ecbe63053e5a023a61c466710cc6e5656133087076237bb06537a13bb20e0e39084c8f3c39e04ce0b194c79bb1ad511
SSDEEP

98304:L7viq0uJXpd7AiHm+aS49MgHUWNqkjcUybRcLkvzMCzHXxS4/j9sJ/ER:L7KleXpBft40YjXY7vz/HX3CJ/e

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/af60522655e6c87a174b4d066b9d7f99c3b1958df3ae40cf3ec8b60249a8d9a0.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

af60522655e6c87a174b4d066b9d7f99c3b1958df3ae40cf3ec8b60249a8d9a0.exe.zip
.zip

Password: infected
af60522655e6c87a174b4d066b9d7f99c3b1958df3ae40cf3ec8b60249a8d9a0.exe
.exe windows:5 windows x86

Code Sign

7a:82:72:3e:ec:7b:30:55
Certificate

Issuer

CN=Mole,O=Home,L=Crimean Peninsula,C=RU,1.2.840.113549.1.9.1=#0c0f666f726765744061626f75742e6974

Not Before

28/06/2017, 00:00

Not After

28/06/2022, 00:00

Subject

CN=Mole,O=Home,L=Crimean Peninsula,C=RU,1.2.840.113549.1.9.1=#0c0f666f726765744061626f75742e6974

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1c:48:b0:60:1d:6a:7c:db:a4:9d:bf:b8:0c:18:f9:35:1c:70:7d:9d
Signer

Actual PE Digest

1c:48:b0:60:1d:6a:7c:db:a4:9d:bf:b8:0c:18:f9:35:1c:70:7d:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 344KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

7a:82:72:3e:ec:7b:30:55Certificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

1c:48:b0:60:1d:6a:7c:db:a4:9d:bf:b8:0c:18:f9:35:1c:70:7d:9dSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.1MB

UPX1 Size: 344KB - Virtual size: 348KB

.rsrc Size: 4.6MB - Virtual size: 4.6MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 567KB - Virtual size: 567KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 28KB - Virtual size: 28KB

7a:82:72:3e:ec:7b:30:55
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1c:48:b0:60:1d:6a:7c:db:a4:9d:bf:b8:0c:18:f9:35:1c:70:7d:9d
Signer

UPX0
Size: - Virtual size: 5.1MB

UPX1
Size: 344KB - Virtual size: 348KB

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 28KB - Virtual size: 28KB