51f820b2a7b06afa16ede840839fcc7167251e47f2a37e4726f42ff18545b70c[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

51f820b2a7b06afa16ede840839fcc7167251e47f2a37e4726f42ff18545b70c.exe.zip
Size

11.4MB
MD5

cb0bbfcbc95f4c9328f4b39f024e9886
SHA1

05f029a2c81144aefe6e7faf42fd5fe4c64afd5a
SHA256

316675c7a3956c98b5d9299074cce67ec776effaa70b66ef5f690bf93f22538d
SHA512

bc08567e4c721bb21742dbf5b86f836c6f3b81f95fb4a5145b3961ae7f16385fd27e4a05e0c13202e05b62283b716ed0c33afd3e3f4c7436970e4a143109287e
SSDEEP

196608:UTlFDfG3daoT5L4IFjizXSWUJYNWQiAEBJawtEtDQrsp6fBBPojmfx7y9:UJY3EEV4IFjiyJYYRrtE6AEfrwjmfx7a

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/51f820b2a7b06afa16ede840839fcc7167251e47f2a37e4726f42ff18545b70c.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

51f820b2a7b06afa16ede840839fcc7167251e47f2a37e4726f42ff18545b70c.exe.zip
.zip

Password: infected
51f820b2a7b06afa16ede840839fcc7167251e47f2a37e4726f42ff18545b70c.exe
.exe windows:4 windows x86 arch:x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:8b:d6:52:f1:48:d5:88:80:36:c9:39:3d:c2:e2:ef:37:57:8b:c7:dc:19:30:71:a2:38:ab:0c:ed:fb:10:3d
Signer

Actual PE Digest

42:8b:d6:52:f1:48:d5:88:80:36:c9:39:3d:c2:e2:ef:37:57:8b:c7:dc:19:30:71:a2:38:ab:0c:ed:fb:10:3d

Digest Algorithm

sha256

PE Digest Matches

true

b2:92:74:36:70:b8:f0:48:c8:ca:5c:8c:09:ea:96:00:46:5b:3f:ca
Signer

Actual PE Digest

b2:92:74:36:70:b8:f0:48:c8:ca:5c:8c:09:ea:96:00:46:5b:3f:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20.8MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

42:8b:d6:52:f1:48:d5:88:80:36:c9:39:3d:c2:e2:ef:37:57:8b:c7:dc:19:30:71:a2:38:ab:0c:ed:fb:10:3dSigner

b2:92:74:36:70:b8:f0:48:c8:ca:5c:8c:09:ea:96:00:46:5b:3f:caSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.8MB

UPX1 Size: 11.6MB - Virtual size: 11.6MB

.rsrc Size: 84KB - Virtual size: 88KB

Headers

File Characteristics

Sections

.code Size: 257KB - Virtual size: 256KB

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 20.8MB - Virtual size: 21.3MB

.rsrc Size: 83KB - Virtual size: 82KB

.modplug Size: - Virtual size: 20KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

42:8b:d6:52:f1:48:d5:88:80:36:c9:39:3d:c2:e2:ef:37:57:8b:c7:dc:19:30:71:a2:38:ab:0c:ed:fb:10:3d
Signer

b2:92:74:36:70:b8:f0:48:c8:ca:5c:8c:09:ea:96:00:46:5b:3f:ca
Signer

UPX0
Size: - Virtual size: 10.8MB

UPX1
Size: 11.6MB - Virtual size: 11.6MB

.rsrc
Size: 84KB - Virtual size: 88KB

.code
Size: 257KB - Virtual size: 256KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 20.8MB - Virtual size: 21.3MB

.rsrc
Size: 83KB - Virtual size: 82KB

.modplug
Size: - Virtual size: 20KB