f0ad4b4d09a27ebefeaabbd5e39f9be76e5d37b72dcfd5dda316b196f938922f[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

f0ad4b4d09a27ebefeaabbd5e39f9be76e5d37b72dcfd5dda316b196f938922f.exe.zip
Size

9.3MB
MD5

575edf8860242f4e7dbdda4ec52aa391
SHA1

0d524659cec4500f8ee9c48fa0e2b64cb59e9eca
SHA256

adc30d84d8e012b858d263ac483e264801b6646e2bbc90298d4f8f71dac639cd
SHA512

8260f6d893a78f474b6e36862091c3765b75f5c439a652df9c599261b8ce3b929fd174a4285afc4c8e86b0746b48b62970eadee9643d207ef22d76018c1cc8e5
SSDEEP

196608:RVgAQdHMgp70p083LNfGywxwi4unqra/Htv1GTfoX7wBl9lM:nN+sgZ0pHLN+ywxwiVBHtvITfoX7wBl4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/f0ad4b4d09a27ebefeaabbd5e39f9be76e5d37b72dcfd5dda316b196f938922f.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

f0ad4b4d09a27ebefeaabbd5e39f9be76e5d37b72dcfd5dda316b196f938922f.exe.zip
.zip

Password: infected
f0ad4b4d09a27ebefeaabbd5e39f9be76e5d37b72dcfd5dda316b196f938922f.exe
.exe windows:6 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:e4:26:19:9e:20:72:97:3b:59:c9:20:9d:56:77:88
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18/12/2021, 00:00

Not After

17/12/2022, 23:59

Subject

CN=Duy Anh,O=Duy Anh,ST=Ha Noi,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a4:ef:37:87:75:42:df:e3:91:2a:de:9c:82:e6:37:55:f0:fb:94:38
Signer

Actual PE Digest

a4:ef:37:87:75:42:df:e3:91:2a:de:9c:82:e6:37:55:f0:fb:94:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 12.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_cgo_dummy_export
goELEMENT_COMPARATOR
goElementEventProc
goKeyValueCallback
goLPCBYTE_RECEIVER
goLPCSTR_RECEIVER
goLPCWSTR_RECEIVER
goNATIVE_FUNCTOR_INVOKE
goNATIVE_FUNCTOR_RELEASE
goSciterElementCallback
goSciterHostCallback

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 387B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 778KB - Virtual size: 778KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/116
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/135
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/151
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/167
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

54:e4:26:19:9e:20:72:97:3b:59:c9:20:9d:56:77:88Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

a4:ef:37:87:75:42:df:e3:91:2a:de:9c:82:e6:37:55:f0:fb:94:38Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 12.2MB

UPX1 Size: 9.4MB - Virtual size: 9.4MB

.rsrc Size: 18KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.data Size: 214KB - Virtual size: 213KB

.rdata Size: 13.4MB - Virtual size: 13.4MB

/4 Size: 25KB - Virtual size: 24KB

.bss Size: - Virtual size: 192KB

.edata Size: 512B - Virtual size: 387B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 162KB - Virtual size: 162KB

/14 Size: 1024B - Virtual size: 592B

/29 Size: 2.5MB - Virtual size: 2.5MB

/41 Size: 6KB - Virtual size: 6KB

/55 Size: 778KB - Virtual size: 778KB

/67 Size: 165KB - Virtual size: 164KB

/80 Size: 5KB - Virtual size: 4KB

/91 Size: 1.5MB - Virtual size: 1.5MB

/102 Size: 379KB - Virtual size: 378KB

/116 Size: 512B - Virtual size: 54B

/135 Size: 4KB - Virtual size: 3KB

/151 Size: 33KB - Virtual size: 32KB

/167 Size: 8KB - Virtual size: 8KB

.rsrc Size: 17KB - Virtual size: 17KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

54:e4:26:19:9e:20:72:97:3b:59:c9:20:9d:56:77:88
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

a4:ef:37:87:75:42:df:e3:91:2a:de:9c:82:e6:37:55:f0:fb:94:38
Signer

UPX0
Size: - Virtual size: 12.2MB

UPX1
Size: 9.4MB - Virtual size: 9.4MB

.rsrc
Size: 18KB - Virtual size: 20KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 214KB - Virtual size: 213KB

.rdata
Size: 13.4MB - Virtual size: 13.4MB

/4
Size: 25KB - Virtual size: 24KB

.bss
Size: - Virtual size: 192KB

.edata
Size: 512B - Virtual size: 387B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 162KB - Virtual size: 162KB

/14
Size: 1024B - Virtual size: 592B

/29
Size: 2.5MB - Virtual size: 2.5MB

/41
Size: 6KB - Virtual size: 6KB

/55
Size: 778KB - Virtual size: 778KB

/67
Size: 165KB - Virtual size: 164KB

/80
Size: 5KB - Virtual size: 4KB

/91
Size: 1.5MB - Virtual size: 1.5MB

/102
Size: 379KB - Virtual size: 378KB

/116
Size: 512B - Virtual size: 54B

/135
Size: 4KB - Virtual size: 3KB

/151
Size: 33KB - Virtual size: 32KB

/167
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 17KB - Virtual size: 17KB