56c9eab5b731e613c7911f32a4d66164dd0249267bd0863475e20f4945bba5d5[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

56c9eab5b731e613c7911f32a4d66164dd0249267bd0863475e20f4945bba5d5.exe.zip
Size

1.4MB
MD5

0d1a7997c71d56b9b4925c9fb786b8a4
SHA1

355841690561d01247699101fe0ea6ee08eac9a6
SHA256

42d33bc1ff6da5872f558738806cd51493bd4859041ce5ceba2c6164169af51a
SHA512

f65ebef54707a979f7a9262dc3605f9aba93a70196dc985c9981cc05933fc70e61bc6bbfbb0e4bc155bfeeac470184c1906efee80dd46b9ec5e68cb9fe56bc16
SSDEEP

24576:u2X3n4EX7haA7PSAZI2etKO30ER3QSRMzH1rI+Un8I0MeBIJr6k2TmQ:uB8FluYI20fpt4VhU8+ehkDQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/56c9eab5b731e613c7911f32a4d66164dd0249267bd0863475e20f4945bba5d5.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

56c9eab5b731e613c7911f32a4d66164dd0249267bd0863475e20f4945bba5d5.exe.zip
.zip

Password: infected
56c9eab5b731e613c7911f32a4d66164dd0249267bd0863475e20f4945bba5d5.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:6e:90:e0:35:6e:47:ca:81:c3:36:f1:51:b2:66:a1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/03/2016, 00:00

Not After

03/11/2016, 23:59

Subject

CN=Reason Software Company Inc.,O=Reason Software Company Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:6e:90:e0:35:6e:47:ca:81:c3:36:f1:51:b2:66:a1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/03/2016, 00:00

Not After

03/11/2016, 23:59

Subject

CN=Reason Software Company Inc.,O=Reason Software Company Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:01:b7:d9:b0:56:c8:fa:67:d6:f0:d7:c1:f4:be:46:71:8e:5b:f6:00:6f:34:be:9f:b4:a8:92:33:3b:bf:99
Signer

Actual PE Digest

58:01:b7:d9:b0:56:c8:fa:67:d6:f0:d7:c1:f4:be:46:71:8e:5b:f6:00:6f:34:be:9f:b4:a8:92:33:3b:bf:99

Digest Algorithm

sha256

PE Digest Matches

true

5a:51:ba:a3:d2:4f:1a:51:1a:78:50:72:12:5f:39:6a:f3:2e:8d:6e
Signer

Actual PE Digest

5a:51:ba:a3:d2:4f:1a:51:1a:78:50:72:12:5f:39:6a:f3:2e:8d:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 528KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 299KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1d:6e:90:e0:35:6e:47:ca:81:c3:36:f1:51:b2:66:a1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1d:6e:90:e0:35:6e:47:ca:81:c3:36:f1:51:b2:66:a1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

58:01:b7:d9:b0:56:c8:fa:67:d6:f0:d7:c1:f4:be:46:71:8e:5b:f6:00:6f:34:be:9f:b4:a8:92:33:3b:bf:99Signer

5a:51:ba:a3:d2:4f:1a:51:1a:78:50:72:12:5f:39:6a:f3:2e:8d:6eSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 528KB

UPX1 Size: 299KB - Virtual size: 300KB

.rsrc Size: 30KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 502KB - Virtual size: 501KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 11KB - Virtual size: 28KB

.rsrc Size: 142KB - Virtual size: 141KB

.reloc Size: 23KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1d:6e:90:e0:35:6e:47:ca:81:c3:36:f1:51:b2:66:a1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1d:6e:90:e0:35:6e:47:ca:81:c3:36:f1:51:b2:66:a1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

58:01:b7:d9:b0:56:c8:fa:67:d6:f0:d7:c1:f4:be:46:71:8e:5b:f6:00:6f:34:be:9f:b4:a8:92:33:3b:bf:99
Signer

5a:51:ba:a3:d2:4f:1a:51:1a:78:50:72:12:5f:39:6a:f3:2e:8d:6e
Signer

UPX0
Size: - Virtual size: 528KB

UPX1
Size: 299KB - Virtual size: 300KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 502KB - Virtual size: 501KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 11KB - Virtual size: 28KB

.rsrc
Size: 142KB - Virtual size: 141KB

.reloc
Size: 23KB - Virtual size: 23KB