d2abd75b401de715cad3596f0c53a28f84ae9ae2e117a2456aaa5efc93f9f465[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d2abd75b401de715cad3596f0c53a28f84ae9ae2e117a2456aaa5efc93f9f465.exe.zip
Size

7.0MB
MD5

0a5b97bae8432acf000a547bdd5249e7
SHA1

197da47ba84e787420cc2eca710c62677eea5448
SHA256

ff433735bee5223aad2c1126728b245ad1c23613264e88828f570d3f6929b0fd
SHA512

1162d8127b56c777e88f3ead3b663d559c209d4e171d7169ef63e149928f5a8677d0545370589438ce9d0317a4f9fd317a70b1fd2b23500b6dd5f1d4d4ff9dfe
SSDEEP

196608:/KNiG+qvOzVCGY8BF97UZUFIAIGVegzTv1Q1/:/W+qGzVCGhp9FIWwgI/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/d2abd75b401de715cad3596f0c53a28f84ae9ae2e117a2456aaa5efc93f9f465.exe	upx

Files

d2abd75b401de715cad3596f0c53a28f84ae9ae2e117a2456aaa5efc93f9f465.exe.zip
.zip

Password: infected
d2abd75b401de715cad3596f0c53a28f84ae9ae2e117a2456aaa5efc93f9f465.exe
.exe windows:5 windows x86

Code Sign

7d:d6:6b:fd:88:b7:3d:85:80:60:c7:89
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/11/2019, 12:46

Not After

19/01/2021, 16:25

Subject

SERIALNUMBER=01524500442,CN=Enter Srl,O=Enter Srl,STREET=VIA CARLO ALBERTO DALLA CHIESA 18,L=GROTTAMMARE,ST=Ascoli Piceno,C=IT,1.2.840.113549.1.9.1=#0c13612e746f7a7a6940656e74657273726c2e6974,1.3.6.1.4.1.311.60.2.1.3=#13024954,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:ad:fd:34:06:05:56:38:12:81:1f:97:2a:55:57:f5:14:c0:14:09:da:72:67:aa:17:a5:8e:b0:e5:85:74:c5
Signer

Actual PE Digest

50:ad:fd:34:06:05:56:38:12:81:1f:97:2a:55:57:f5:14:c0:14:09:da:72:67:aa:17:a5:8e:b0:e5:85:74:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 17.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

7d:d6:6b:fd:88:b7:3d:85:80:60:c7:89Certificate

Extended Key Usages

Key Usages

50:ad:fd:34:06:05:56:38:12:81:1f:97:2a:55:57:f5:14:c0:14:09:da:72:67:aa:17:a5:8e:b0:e5:85:74:c5Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 17.9MB

UPX1 Size: 7.0MB - Virtual size: 7.0MB

.rsrc Size: 60KB - Virtual size: 60KB

7d:d6:6b:fd:88:b7:3d:85:80:60:c7:89
Certificate

50:ad:fd:34:06:05:56:38:12:81:1f:97:2a:55:57:f5:14:c0:14:09:da:72:67:aa:17:a5:8e:b0:e5:85:74:c5
Signer

UPX0
Size: - Virtual size: 17.9MB

UPX1
Size: 7.0MB - Virtual size: 7.0MB

.rsrc
Size: 60KB - Virtual size: 60KB