e0bc2140d5a10035fb6d3b4e1b46cdfe[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e0bc2140d5a10035fb6d3b4e1b46cdfe.bin
Size

793KB
MD5

e11409eecf2162bc8af9a00fd88671a1
SHA1

d9fde9f4f349c2acf1f2ee07f4559c1e28a2f528
SHA256

a4738214c53d547349799ec1338c8ff1c5185cbab58cb74327f68fb1982df9ef
SHA512

c69440d5b84ab8ca88e44d2932b0eb9405eb36f93755201c5d162fbe5a9f899cb8d9dc0c4beb60169e7908405c68a859afeff556030b229951dd57a018b137ed
SSDEEP

12288:VDpS4eldrPFhVrotJDH67oQuBQAnFJZau5WHi+f05hCDIYgEsUavuiOJnNQ:JJUdBhZE27o31av7uqhg9vuiANQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/4e2375353e49f18d6679c5372a688fc5c9a2ae3994830e6fe19e1cd20bc5ea6d.exe	upx

Files

e0bc2140d5a10035fb6d3b4e1b46cdfe.bin
.zip

Password: infected
4e2375353e49f18d6679c5372a688fc5c9a2ae3994830e6fe19e1cd20bc5ea6d.exe
.exe windows:6 windows x64 arch:x64

Code Sign

03:da:a4:f4:12:25:4f:73:19:0c:f6:63:1a:09:ba:28
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/12/2023, 02:15

Not After

23/12/2024, 02:15

Subject

CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:db:b5:c7:23:87:3c:91:43:66:9f:d1:d8:f2:dd:ca:69:09:47:82:ed:25:67:c0:40:59:ae:a3:a3:90:ce:cf
Signer

Actual PE Digest

6c:db:b5:c7:23:87:3c:91:43:66:9f:d1:d8:f2:dd:ca:69:09:47:82:ed:25:67:c0:40:59:ae:a3:a3:90:ce:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 789KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

03:da:a4:f4:12:25:4f:73:19:0c:f6:63:1a:09:ba:28Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6c:db:b5:c7:23:87:3c:91:43:66:9f:d1:d8:f2:dd:ca:69:09:47:82:ed:25:67:c0:40:59:ae:a3:a3:90:ce:cfSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 789KB - Virtual size: 792KB

.rsrc Size: 3KB - Virtual size: 4KB

03:da:a4:f4:12:25:4f:73:19:0c:f6:63:1a:09:ba:28
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6c:db:b5:c7:23:87:3c:91:43:66:9f:d1:d8:f2:dd:ca:69:09:47:82:ed:25:67:c0:40:59:ae:a3:a3:90:ce:cf
Signer

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 789KB - Virtual size: 792KB

.rsrc
Size: 3KB - Virtual size: 4KB