4e442752e4c57bb5ad0fd0a7ab4a7e5644b8e55e5ea54575ec4553d4068987e9[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

4e442752e4c57bb5ad0fd0a7ab4a7e5644b8e55e5ea54575ec4553d4068987e9.exe.zip
Size

397KB
MD5

432049658294820beb9ca432beae6613
SHA1

ed399b395e9e385e920516960ae6edc2cecc488a
SHA256

e2aabaa4fbee335713e34af104aad0d15cf6fa088674c0f6e7bee484da67106c
SHA512

7cc60e162662f60591650468c2be478ec7c2166365e4102c802332f41a2f602581ac5234f953ef86cc796c193c9c753e2b8a8a045dd338f0eeae67140395157b
SSDEEP

12288:2UWSjtF+QWssLutJnLn1ykGPYhs0vsRvIxBzUR1:2UPtUG5L1Fs0kR2BzUR1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/4e442752e4c57bb5ad0fd0a7ab4a7e5644b8e55e5ea54575ec4553d4068987e9.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

4e442752e4c57bb5ad0fd0a7ab4a7e5644b8e55e5ea54575ec4553d4068987e9.exe.zip
.zip

Password: infected
4e442752e4c57bb5ad0fd0a7ab4a7e5644b8e55e5ea54575ec4553d4068987e9.exe
.exe windows:4 windows x86 arch:x86

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:e8:39:89:ee:31:f0:5e:fe:07:ff:70:c6:23:05:9d
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/10/2011, 06:53

Not After

25/10/2012, 06:53

Subject

CN=Pete Batard - Open Source Developer,O=akeo.ie - Open Source Developer,C=IE,1.2.840.113549.1.9.1=#0c0c7065746540616b656f2e6965

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:ae:e2:5c:34:18:a5:b7:f8:00:3e:23:90:fc:e6:18:45:e3:18:d6
Signer

Actual PE Digest

2d:ae:e2:5c:34:18:a5:b7:f8:00:3e:23:90:fc:e6:18:45:e3:18:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 393KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

04:7a:55Certificate

Extended Key Usages

04:7a:53Certificate

Key Usages

61:e8:39:89:ee:31:f0:5e:fe:07:ff:70:c6:23:05:9dCertificate

Extended Key Usages

Key Usages

2d:ae:e2:5c:34:18:a5:b7:f8:00:3e:23:90:fc:e6:18:45:e3:18:d6Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 348KB

UPX1 Size: 393KB - Virtual size: 396KB

.rsrc Size: 22KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 166KB - Virtual size: 166KB

.data Size: 14KB - Virtual size: 13KB

.rdata Size: 67KB - Virtual size: 67KB

/4 Size: 21KB - Virtual size: 21KB

.bss Size: - Virtual size: 9KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 427KB - Virtual size: 427KB

04:7a:55
Certificate

04:7a:53
Certificate

61:e8:39:89:ee:31:f0:5e:fe:07:ff:70:c6:23:05:9d
Certificate

2d:ae:e2:5c:34:18:a5:b7:f8:00:3e:23:90:fc:e6:18:45:e3:18:d6
Signer

UPX0
Size: - Virtual size: 348KB

UPX1
Size: 393KB - Virtual size: 396KB

.rsrc
Size: 22KB - Virtual size: 24KB

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 14KB - Virtual size: 13KB

.rdata
Size: 67KB - Virtual size: 67KB

/4
Size: 21KB - Virtual size: 21KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 427KB - Virtual size: 427KB