38665a49399a8a8ee32eccc14aa668ed79e753409babbc950fb50c2da02b15ac[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

38665a49399a8a8ee32eccc14aa668ed79e753409babbc950fb50c2da02b15ac.exe.zip
Size

248KB
MD5

ecc6494f149b4461f9a57042afa79fde
SHA1

24348dd6c9ebe5f0360c590dec6b84cd233278d0
SHA256

53395c8c7b743325d3cc619573b6185e37fc1cccf5792b2edd9b5fd77b927b9c
SHA512

a2eb742dbaa20ef295ec3a285ecaff2bacad7072ec7894960d9ccfcc55a677e1f2ea54bca7043c3a34a8ce2868a6aa115f8ffd372410bcbaab466807b4e82472
SSDEEP

6144:vDmAnDp6uXL8PfM8r2AHrLfsGNTTM/6budypX2:7hFXA6AHfXNTkpcX2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/38665a49399a8a8ee32eccc14aa668ed79e753409babbc950fb50c2da02b15ac.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

38665a49399a8a8ee32eccc14aa668ed79e753409babbc950fb50c2da02b15ac.exe.zip
.zip

Password: infected
38665a49399a8a8ee32eccc14aa668ed79e753409babbc950fb50c2da02b15ac.exe
.exe windows:5 windows x86

Code Sign

04:ef:c2:23:97:ac:f8:db:fa:3e:35:cf:cf:2f:af:6c
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/08/2019, 00:00

Not After

04/11/2022, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:24:81:9e:5f:74:64:51:01:53:0d:47:6d:5d:c6:a8
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/05/2019, 00:00

Not After

27/07/2022, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094c6173205665676173,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:3e:30:e4:19:a6:0f:b4:a0:2d:a7:ad:3f:b4:32:84:4f:28:47:f9:57:ac:57:0b:d4:24:8f:ea:88:b9:ec:a0
Signer

Actual PE Digest

17:3e:30:e4:19:a6:0f:b4:a0:2d:a7:ad:3f:b4:32:84:4f:28:47:f9:57:ac:57:0b:d4:24:8f:ea:88:b9:ec:a0

Digest Algorithm

sha256

PE Digest Matches

true

8e:ee:ac:f4:8f:c6:c9:95:9e:d8:19:77:69:ab:fc:e7:81:7b:ad:66
Signer

Actual PE Digest

8e:ee:ac:f4:8f:c6:c9:95:9e:d8:19:77:69:ab:fc:e7:81:7b:ad:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

04:ef:c2:23:97:ac:f8:db:fa:3e:35:cf:cf:2f:af:6cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

61:24:81:9e:5f:74:64:51:01:53:0d:47:6d:5d:c6:a8Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

17:3e:30:e4:19:a6:0f:b4:a0:2d:a7:ad:3f:b4:32:84:4f:28:47:f9:57:ac:57:0b:d4:24:8f:ea:88:b9:ec:a0Signer

8e:ee:ac:f4:8f:c6:c9:95:9e:d8:19:77:69:ab:fc:e7:81:7b:ad:66Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 520KB

UPX1 Size: 168KB - Virtual size: 168KB

.rsrc Size: 96KB - Virtual size: 100KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 5KB - Virtual size: 23KB

.rsrc Size: 136KB - Virtual size: 135KB

.reloc Size: 37KB - Virtual size: 37KB

04:ef:c2:23:97:ac:f8:db:fa:3e:35:cf:cf:2f:af:6c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

61:24:81:9e:5f:74:64:51:01:53:0d:47:6d:5d:c6:a8
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

17:3e:30:e4:19:a6:0f:b4:a0:2d:a7:ad:3f:b4:32:84:4f:28:47:f9:57:ac:57:0b:d4:24:8f:ea:88:b9:ec:a0
Signer

8e:ee:ac:f4:8f:c6:c9:95:9e:d8:19:77:69:ab:fc:e7:81:7b:ad:66
Signer

UPX0
Size: - Virtual size: 520KB

UPX1
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 96KB - Virtual size: 100KB

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 5KB - Virtual size: 23KB

.rsrc
Size: 136KB - Virtual size: 135KB

.reloc
Size: 37KB - Virtual size: 37KB