575cd45bc66b57679f2b565270c84c957bf68a8ab84833845a038aad87b7bfb0[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

575cd45bc66b57679f2b565270c84c957bf68a8ab84833845a038aad87b7bfb0.exe.zip
Size

6.9MB
MD5

5d171ffd757a2e53b0d8c6844c7d577c
SHA1

db5b9a9dc439c2daa39b62d19c70b21679dec97b
SHA256

1b1538b00cf54ecfa887d8bfef93c736cef3d667e1a49bb98aa32e01c5da3fb7
SHA512

e634e25cd7d8c117c4a92c8b4293570d8d855cfa42470074ba337608aac8eb1c4f86d3c6ade10dde742232c353a3e81087ea060028103473e9750127d03ee813
SSDEEP

196608:5qXNhPMyKqDLCA9Tk3JKz7btrLwX2zmBY/+d1cpaG:YUydDLCAe4prPT/+dkaG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/575cd45bc66b57679f2b565270c84c957bf68a8ab84833845a038aad87b7bfb0.exe	upx

Files

575cd45bc66b57679f2b565270c84c957bf68a8ab84833845a038aad87b7bfb0.exe.zip
.zip

Password: infected
575cd45bc66b57679f2b565270c84c957bf68a8ab84833845a038aad87b7bfb0.exe
.exe windows:5 windows x86 arch:x86

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:bb:b9:b0:66:2b:f1:8b:7a:c1:1c:4e
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18/02/2020, 15:23

Not After

19/01/2021, 16:25

Subject

SERIALNUMBER=01524500442,CN=Enter Srl,O=Enter Srl,STREET=VIA CARLO ALBERTO DALLA CHIESA 18,L=GROTTAMMARE,ST=Ascoli Piceno,C=IT,1.2.840.113549.1.9.1=#0c13612e746f7a7a6940656e74657273726c2e6974,1.3.6.1.4.1.311.60.2.1.3=#13024954,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:49:13:98:10:b1:50:f1:56:d7:7c:3d
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign TSA for Standard - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:bb:b9:b0:66:2b:f1:8b:7a:c1:1c:4e
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18/02/2020, 15:23

Not After

19/01/2021, 16:25

Subject

SERIALNUMBER=01524500442,CN=Enter Srl,O=Enter Srl,STREET=VIA CARLO ALBERTO DALLA CHIESA 18,L=GROTTAMMARE,ST=Ascoli Piceno,C=IT,1.2.840.113549.1.9.1=#0c13612e746f7a7a6940656e74657273726c2e6974,1.3.6.1.4.1.311.60.2.1.3=#13024954,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:55:27:ed:95:0e:bd:d9:ae:e0:8e:96:b5:db:ee:34:7e:44:21:2e:60:b8:c6:4e:bd:41:bf:31:ac:1b:5e:3a
Signer

Actual PE Digest

5a:55:27:ed:95:0e:bd:d9:ae:e0:8e:96:b5:db:ee:34:7e:44:21:2e:60:b8:c6:4e:bd:41:bf:31:ac:1b:5e:3a

Digest Algorithm

sha256

PE Digest Matches

true

5d:18:46:3e:49:b5:5f:cf:82:13:66:62:0e:78:d0:26:79:3c:f9:27
Signer

Actual PE Digest

5d:18:46:3e:49:b5:5f:cf:82:13:66:62:0e:78:d0:26:79:3c:f9:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 17.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

42:bb:b9:b0:66:2b:f1:8b:7a:c1:1c:4eCertificate

Extended Key Usages

Key Usages

72:49:13:98:10:b1:50:f1:56:d7:7c:3dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

42:bb:b9:b0:66:2b:f1:8b:7a:c1:1c:4eCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

5a:55:27:ed:95:0e:bd:d9:ae:e0:8e:96:b5:db:ee:34:7e:44:21:2e:60:b8:c6:4e:bd:41:bf:31:ac:1b:5e:3aSigner

5d:18:46:3e:49:b5:5f:cf:82:13:66:62:0e:78:d0:26:79:3c:f9:27Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 17.9MB

UPX1 Size: 7.0MB - Virtual size: 7.0MB

.rsrc Size: 35KB - Virtual size: 36KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

42:bb:b9:b0:66:2b:f1:8b:7a:c1:1c:4e
Certificate

72:49:13:98:10:b1:50:f1:56:d7:7c:3d
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

42:bb:b9:b0:66:2b:f1:8b:7a:c1:1c:4e
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

5a:55:27:ed:95:0e:bd:d9:ae:e0:8e:96:b5:db:ee:34:7e:44:21:2e:60:b8:c6:4e:bd:41:bf:31:ac:1b:5e:3a
Signer

5d:18:46:3e:49:b5:5f:cf:82:13:66:62:0e:78:d0:26:79:3c:f9:27
Signer

UPX0
Size: - Virtual size: 17.9MB

UPX1
Size: 7.0MB - Virtual size: 7.0MB

.rsrc
Size: 35KB - Virtual size: 36KB