00ef3b11b4f77fe02a2e66dfc7d93e11ac5e24ff03bebdefe0420386d066e6b4[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

00ef3b11b4f77fe02a2e66dfc7d93e11ac5e24ff03bebdefe0420386d066e6b4.exe.zip
Size

109KB
MD5

582fa6e0b19bc0a8d551ad1f64f3cda4
SHA1

b6c32e6ed0e13a3e8e51a0603227183d12e66fb9
SHA256

94844c54f952807ca5646004fce280f13395163c30e010aff89f5469f4343e3f
SHA512

1f819fb333f055feb40a64725fbbf0bd187bb7680189ff9043aaee8451ef08bc0fb3df7ac8bf0daf431140e5bf6252096abb4d53ec30f594ec82e8e4c3e54e5a
SSDEEP

3072:K5dNc2Tr+AMjGSOXzgP/a3o46zTwQA1wpLYqIsrFQ:eTc2Tr+BjGSOj4aY1wf18Isrq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/00ef3b11b4f77fe02a2e66dfc7d93e11ac5e24ff03bebdefe0420386d066e6b4.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

00ef3b11b4f77fe02a2e66dfc7d93e11ac5e24ff03bebdefe0420386d066e6b4.exe.zip
.zip

Password: infected
00ef3b11b4f77fe02a2e66dfc7d93e11ac5e24ff03bebdefe0420386d066e6b4.exe
.exe windows:4 windows x86 arch:x86

Code Sign

c5:4a:e5:f9:19:68:c7:19:7f:d2:de:f2:18:4a:37:42
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/10/2013, 00:00

Not After

27/10/2016, 23:59

Subject

CN=PJRC.COM\, LLC,O=PJRC.COM\, LLC,POSTALCODE=97140,STREET=14723 SW Brooke Ct,L=Sherwood,ST=OR,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:ba:0e:20:30:56:d9:38:fb:8e:35:e7:00:e5:78:6f:e5:71:93:9d
Signer

Actual PE Digest

b7:ba:0e:20:30:56:d9:38:fb:8e:35:e7:00:e5:78:6f:e5:71:93:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

c5:4a:e5:f9:19:68:c7:19:7f:d2:de:f2:18:4a:37:42Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

01Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b7:ba:0e:20:30:56:d9:38:fb:8e:35:e7:00:e5:78:6f:e5:71:93:9dSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 105KB - Virtual size: 108KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 204KB - Virtual size: 203KB

.data Size: 28KB - Virtual size: 27KB

.rdata Size: 30KB - Virtual size: 29KB

.bss Size: - Virtual size: 14KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

c5:4a:e5:f9:19:68:c7:19:7f:d2:de:f2:18:4a:37:42
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b7:ba:0e:20:30:56:d9:38:fb:8e:35:e7:00:e5:78:6f:e5:71:93:9d
Signer

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 105KB - Virtual size: 108KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 204KB - Virtual size: 203KB

.data
Size: 28KB - Virtual size: 27KB

.rdata
Size: 30KB - Virtual size: 29KB

.bss
Size: - Virtual size: 14KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B