Behavioral task
behavioral1
Sample
5ac0718700a442fb657b526f9c9cca3c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5ac0718700a442fb657b526f9c9cca3c.exe
Resource
win10v2004-20231215-en
General
-
Target
5ac0718700a442fb657b526f9c9cca3c
-
Size
744KB
-
MD5
5ac0718700a442fb657b526f9c9cca3c
-
SHA1
f80e04f09cf05a17d61b4c1b3921cf1b9bf713b8
-
SHA256
e7c84569b6faf6bd4a36dcc061bbdb550c62ae040ed1d30d3cfa0b5b3f3c08d5
-
SHA512
b0797aab3f820b3c41bc7e4f655d147472fc2d44c6a3376acabf2f3f0f064e2005593b03652995d3d5636edfdfd01483e2db061a4b7d4535296a9a90ec18849e
-
SSDEEP
12288:89QYWQj+g6Ct9rBg/D93NENNKHYXJoAAipaAs42niG7EIurmi3LwuBKd9dMyW4KB:Gffjp6Ct9rBg/D93WN84XJ0ipaA5st7c
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
5ac0718700a442fb657b526f9c9cca3c.exe windows:4 windows x86 arch:x86
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5bCertificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before24-11-2006 00:00Not After23-11-2008 23:59SubjectCN=Qizhi Software (beijing) Co. Ltd,OU=Secure Application Development,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 731KB - Virtual size: 732KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 192KB - Virtual size: 190KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 168KB - Virtual size: 174KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 4KB - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ