29f487440d0e6a9927600fd9555bce3dbe7903aa2b47b245c60332bb49ab369b[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

29f487440d0e6a9927600fd9555bce3dbe7903aa2b47b245c60332bb49ab369b.exe.zip
Size

4.8MB
MD5

fc9d4d4ab7df0d24d85b3e28381d7f1f
SHA1

b7c20e8afe3f085f1f73d417f59f53ec85af8c37
SHA256

5649e722f1daa1cf6c87d136b54a682b20a637c38f880d270f4495bcf68a3f75
SHA512

a63858e059423c276e15a183c25c5cd1542d207fe905645235f13faeaa0b54f4b1040ce6f9cd3232830afd17b1030d8fef944f6eafa021451d259396c4786b1d
SSDEEP

98304:GwYPLji5/lqiZfR2JkN7oBzlAj0MzxFkePjxxkJZxtaPxOtWev6:Gjj8qiZf97oplA/xFbTk/kM5v6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/29f487440d0e6a9927600fd9555bce3dbe7903aa2b47b245c60332bb49ab369b.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

29f487440d0e6a9927600fd9555bce3dbe7903aa2b47b245c60332bb49ab369b.exe.zip
.zip

Password: infected
29f487440d0e6a9927600fd9555bce3dbe7903aa2b47b245c60332bb49ab369b.exe
.exe windows:5 windows x86 arch:x86

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:41:a8:99:67:82:43:3b:9a:ed:8d:bc:fc:a5:5e:dc:62:c8:86:b8
Signer

Actual PE Digest

3c:41:a8:99:67:82:43:3b:9a:ed:8d:bc:fc:a5:5e:dc:62:c8:86:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

Sections

UPX0
Size: - Virtual size: 896KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 571KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

Sections

.text
Size: 896KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

3c:41:a8:99:67:82:43:3b:9a:ed:8d:bc:fc:a5:5e:dc:62:c8:86:b8Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 896KB

UPX1 Size: 571KB - Virtual size: 572KB

.rsrc Size: 74KB - Virtual size: 76KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 896KB - Virtual size: 896KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 19KB - Virtual size: 43KB

.rsrc Size: 183KB - Virtual size: 182KB

.reloc Size: 95KB - Virtual size: 94KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

3c:41:a8:99:67:82:43:3b:9a:ed:8d:bc:fc:a5:5e:dc:62:c8:86:b8
Signer

UPX0
Size: - Virtual size: 896KB

UPX1
Size: 571KB - Virtual size: 572KB

.rsrc
Size: 74KB - Virtual size: 76KB

.text
Size: 896KB - Virtual size: 896KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 19KB - Virtual size: 43KB

.rsrc
Size: 183KB - Virtual size: 182KB

.reloc
Size: 95KB - Virtual size: 94KB