3d48dfc7fff39de716ae75388d0e4a89

Sharing

Copy URL

Twitter E-mail

General

Target

3d48dfc7fff39de716ae75388d0e4a89
Size

1.2MB
MD5

3d48dfc7fff39de716ae75388d0e4a89
SHA1

abf07b1917192b9f3ca45169737a4b7d12bcfbc1
SHA256

11c54b78375b7698a445a3a3c0c4cb2a41afad32ab790942393083bcc0680128
SHA512

e51534aa9025e08e539e789dd42b468660af4f3259599c5a8d6b8af305198ed95275d1668ee899b7d4e1e3142d6d903afbcfc70428a47af819831e1d9749c6bf
SSDEEP

24576:wivxRhs4KqZ/20RvyiGkfqk9l8ZhNladZd9OeE8nzMR5ao5VBWcBJ:A41Z/2KCkfqkj8Zh7KZdZzo5PX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

3d48dfc7fff39de716ae75388d0e4a89
.exe windows:5 windows x86 arch:x86

Code Sign

62:65:2b:f1:15:c4:ca:a5:f6:08:c4:1a:dd:c7:64:af
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

21-11-2014 00:00

Not After

21-11-2015 23:59

Subject

CN=KІA FORVARDІNG LLC,O=KІA FORVARDІNG LLC,L=Gersevan?vka village,ST=Ukraine,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:31:36:9c:fc:06:f2:6b:67:4e:9f:07:d8:22:58:61:ef:c5:b0:e9
Signer

Actual PE Digest

8c:31:36:9c:fc:06:f2:6b:67:4e:9f:07:d8:22:58:61:ef:c5:b0:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 100KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

62:65:2b:f1:15:c4:ca:a5:f6:08:c4:1a:dd:c7:64:afCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

8c:31:36:9c:fc:06:f2:6b:67:4e:9f:07:d8:22:58:61:ef:c5:b0:e9Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.9MB

UPX1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 65KB - Virtual size: 68KB

Headers

File Characteristics

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.itext Size: 9KB - Virtual size: 8KB

.data Size: 47KB - Virtual size: 46KB

.bss Size: - Virtual size: 100KB

.idata Size: 14KB - Virtual size: 14KB

.didata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 76B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 435KB - Virtual size: 435KB

62:65:2b:f1:15:c4:ca:a5:f6:08:c4:1a:dd:c7:64:af
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

8c:31:36:9c:fc:06:f2:6b:67:4e:9f:07:d8:22:58:61:ef:c5:b0:e9
Signer

UPX0
Size: - Virtual size: 1.9MB

UPX1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 65KB - Virtual size: 68KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 47KB - Virtual size: 46KB

.bss
Size: - Virtual size: 100KB

.idata
Size: 14KB - Virtual size: 14KB

.didata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 76B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 435KB - Virtual size: 435KB