566f80530e45f940ac01a2749ac0f0ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

566f80530e45f940ac01a2749ac0f0ca
Size

168KB
MD5

566f80530e45f940ac01a2749ac0f0ca
SHA1

5782ec8e426b3318f56733a15eb844626a495756
SHA256

6eebd78dace5f433ff9d04d10bba8bdd9cbc7b31c7a30b8bce79e68c8e0df8a0
SHA512

30911006e05b09b2ede6c05970cb6925e66e864019af4f9c5b040bab672558a061e05a8ec68dd1f1c889b4717b335e7f77446e6101875f5c1b6304e1704a6d5b
SSDEEP

3072:dUKQj0zido1pMalD5xJw8lQkIPnVpehVKlOwLR4KY3lfBCWdsSY:GFIwo1pXDq8QzV/T4X3Y

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/企鹅桌球瞄准器5.5/ZQ.exe	upx

Files

566f80530e45f940ac01a2749ac0f0ca
.rar
企鹅桌球瞄准器5.5/1教材.JPG
.jpg
企鹅桌球瞄准器5.5/2教材.JPG
.jpg
企鹅桌球瞄准器5.5/3教材.JPG
.jpg
企鹅桌球瞄准器5.5/4教材.JPG
.jpg
企鹅桌球瞄准器5.5/ZQ.exe
.exe windows:4 windows x86 arch:x86

Code Sign

32:25:fb:5a:95:d0:75:82:45:45:99:be:4e:85:fb:b1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

17/10/2009, 16:00

Not After

18/10/2012, 16:00

Subject

CN=Games Software Helper Tools

6f:4f:f0:fb:37:89:e4:fe:70:32:1a:e9:6d:26:bc:db:f6:fd:bc:6a
Signer

Actual PE Digest

6f:4f:f0:fb:37:89:e4:fe:70:32:1a:e9:6d:26:bc:db:f6:fd:bc:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
企鹅桌球瞄准器5.5/使用方法.txt
企鹅桌球瞄准器5.5/新云软件.url
.url