04367a86c2d056e9ae73ab1c36555b44[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

04367a86c2d056e9ae73ab1c36555b44.bin
Size

1.0MB
MD5

1b16d5949197396d6e64f8490fa86b4e
SHA1

f2159f94b406745e7596ba7ead012c795ae21aac
SHA256

e5be49571e5f2151a9a68c6e2e13c4eca767e2c1a6d7b8ee50865cf7dc15b2bd
SHA512

591a76ef3835cf4d9cdce1cba6206d40246cc6c21ee9d1269f69db3b84bc932b7eed4992b21e4764ab4c8256ac58aa5539bd18527f9d6d7bc483f72c2ff0697d
SSDEEP

24576:tThPevUxz3S4csic8NZ9p/4K4AUerXxdqoqb/8c:dMvU53gPNDF4Krzqb0c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

04367a86c2d056e9ae73ab1c36555b44.bin
.zip

Password: infected
dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Code Sign

09:59:9d:a1:98:ab:73:b3:9c:e6:63:8b
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22-08-2023 08:26

Not After

08-11-2026 12:04

Subject

CN=IP Izmaylov Artem Andreevich,O=IP Izmaylov Artem Andreevich,L=Tula,ST=Tula Oblast,C=RU,1.2.840.113549.1.9.1=#0c0f737570706f72744061696d702e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:d3:fd:84:4e:b1:8c:d3:2f:67:f9:8a:33:05:08:af:5f:3e:f8:56:1a:63:ab:3c:41:df:b2:07:51:d3:94:36
Signer

Actual PE Digest

63:d3:fd:84:4e:b1:8c:d3:2f:67:f9:8a:33:05:08:af:5f:3e:f8:56:1a:63:ab:3c:41:df:b2:07:51:d3:94:36

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 860KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 333KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 68B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

09:59:9d:a1:98:ab:73:b3:9c:e6:63:8bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

63:d3:fd:84:4e:b1:8c:d3:2f:67:f9:8a:33:05:08:af:5f:3e:f8:56:1a:63:ab:3c:41:df:b2:07:51:d3:94:36Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 860KB

UPX1 Size: 333KB - Virtual size: 336KB

.rsrc Size: 219KB - Virtual size: 220KB

Headers

File Characteristics

Sections

.text Size: 837KB - Virtual size: 836KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 15KB

.bss Size: - Virtual size: 20KB

.idata Size: 12KB - Virtual size: 12KB

.tls Size: - Virtual size: 68B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 54KB - Virtual size: 54KB

.rsrc Size: 219KB - Virtual size: 219KB

09:59:9d:a1:98:ab:73:b3:9c:e6:63:8b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

63:d3:fd:84:4e:b1:8c:d3:2f:67:f9:8a:33:05:08:af:5f:3e:f8:56:1a:63:ab:3c:41:df:b2:07:51:d3:94:36
Signer

UPX0
Size: - Virtual size: 860KB

UPX1
Size: 333KB - Virtual size: 336KB

.rsrc
Size: 219KB - Virtual size: 220KB

.text
Size: 837KB - Virtual size: 836KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 68B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 219KB - Virtual size: 219KB