9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b.exe.zip
Size

10.6MB
MD5

1d91bd76769b9db365656c8f431ff5fc
SHA1

c7583c41aad83597e23a5cd7c47673831363ba70
SHA256

81728e28c92d3f4a2c1456d2222c75aee4da81156afeb42dc62f5ab1fa66e41e
SHA512

29c33204129e072bf220905c0b43cfd77fb2279bd0209431ec792e2c6efbb27de791ca6c93ae1490b989c54aa1282634cee46a5893d79f85c60fda61f5c9d9cc
SSDEEP

196608:KDUQSdkNwifVxoykl4mqYUXUE57iikd469jgb4Gv5zZBlwmV6SoCPaAGx/:CXomxoH48UXF57iDdxcbLLPdVivb/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b.exe	upx

Files

9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b.exe.zip
.zip

Password: infected
9b95083034e292c79fff42143bb3c0c3c6bc5a9e3a2bc5a07a967d2677371a6b.exe
.exe windows:5 windows x86

Code Sign

08:49:d8:42:5a:e2:cf:1a:de:a4:c7:0e:c5:a7:fd:b6
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/03/2020, 00:00

Not After

04/04/2023, 12:00

Subject

SERIALNUMBER=91310110787862412B,CN=Shanghai Best Oray Information S&T Co. Ltd.,OU=IT部,O=Shanghai Best Oray Information S&T Co. Ltd.,POSTALCODE=200000,STREET=上海市杨浦区国定路335号1号楼9层,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:d2:bd:c9:a5:b2:32:ed:a5:15:6d:45:fe:b4:cb:58
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/03/2020, 00:00

Not After

04/04/2023, 12:00

Subject

SERIALNUMBER=91310110787862412B,CN=Shanghai Best Oray Information S&T Co. Ltd.,OU=IT部,O=Shanghai Best Oray Information S&T Co. Ltd.,POSTALCODE=200000,STREET=上海市杨浦区国定路335号1号楼9层,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:28:57:01:d8:e7:6d:71:9c:68:ee:fb:00:9c:e1:28:26:0f:c1:2d:9b:4f:df:a4:2f:d3:a6:81:54:94:1a:d2
Signer

Actual PE Digest

d1:28:57:01:d8:e7:6d:71:9c:68:ee:fb:00:9c:e1:28:26:0f:c1:2d:9b:4f:df:a4:2f:d3:a6:81:54:94:1a:d2

Digest Algorithm

sha256

PE Digest Matches

true

d6:fb:47:56:8c:cd:ce:f5:ce:30:b9:53:9e:2e:29:17:92:e1:0b:6a
Signer

Actual PE Digest

d6:fb:47:56:8c:cd:ce:f5:ce:30:b9:53:9e:2e:29:17:92:e1:0b:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 19.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

08:49:d8:42:5a:e2:cf:1a:de:a4:c7:0e:c5:a7:fd:b6Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

06:d2:bd:c9:a5:b2:32:ed:a5:15:6d:45:fe:b4:cb:58Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

d1:28:57:01:d8:e7:6d:71:9c:68:ee:fb:00:9c:e1:28:26:0f:c1:2d:9b:4f:df:a4:2f:d3:a6:81:54:94:1a:d2Signer

d6:fb:47:56:8c:cd:ce:f5:ce:30:b9:53:9e:2e:29:17:92:e1:0b:6aSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 19.6MB

UPX1 Size: 10.7MB - Virtual size: 10.7MB

.rsrc Size: 134KB - Virtual size: 136KB

08:49:d8:42:5a:e2:cf:1a:de:a4:c7:0e:c5:a7:fd:b6
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

06:d2:bd:c9:a5:b2:32:ed:a5:15:6d:45:fe:b4:cb:58
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

d1:28:57:01:d8:e7:6d:71:9c:68:ee:fb:00:9c:e1:28:26:0f:c1:2d:9b:4f:df:a4:2f:d3:a6:81:54:94:1a:d2
Signer

d6:fb:47:56:8c:cd:ce:f5:ce:30:b9:53:9e:2e:29:17:92:e1:0b:6a
Signer

UPX0
Size: - Virtual size: 19.6MB

UPX1
Size: 10.7MB - Virtual size: 10.7MB

.rsrc
Size: 134KB - Virtual size: 136KB