a[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a.bin
Size

143KB
MD5

63018c9b53adafb04bd072c9f447b851
SHA1

743736f03b74e7be35bc9503fc81c88ca496532e
SHA256

475ad1bf3f3508d53562748a27d52da1a926229c6268022d65e808cf2fee3d07
SHA512

78ed103bda2eb5a77de0f3ef2afd7cbd4b81ec03697139916df558278fa0c74ada81638688b0394ebe0bee690e85e334d22de45b68bd9c386cb414fef25be08e
SSDEEP

3072:k0SzOhYzmoREhaQAqyr3KTBjHgH1VPoOnBpC/X2FYa1TPIIy:XAuGR8lrW9T1FYadPIt

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

a.bin
.dll windows:4 windows x86 arch:x86

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:ad:10:ae:36:96:e7:f2:82:3f:ff:af:f3:8d:a5:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/07/2009, 00:00

Not After

23/07/2011, 23:59

Subject

CN=Blackbaud\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development,O=Blackbaud\, Inc.,L=Charleston,ST=South Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:5d:49:84:eb:3e:50:21:aa:b4:d9:45:ad:6e:87:1f:75:39:d9:8b
Signer

Actual PE Digest

39:5d:49:84:eb:3e:50:21:aa:b4:d9:45:ad:6e:87:1f:75:39:d9:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 745KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

7f:ad:10:ae:36:96:e7:f2:82:3f:ff:af:f3:8d:a5:6bCertificate

Extended Key Usages

Key Usages

39:5d:49:84:eb:3e:50:21:aa:b4:d9:45:ad:6e:87:1f:75:39:d9:8bSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 800KB

UPX1 Size: 137KB - Virtual size: 140KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 745KB

.rsrc Size: 1024B - Virtual size: 884B

.reloc Size: 1KB - Virtual size: 4KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

7f:ad:10:ae:36:96:e7:f2:82:3f:ff:af:f3:8d:a5:6b
Certificate

39:5d:49:84:eb:3e:50:21:aa:b4:d9:45:ad:6e:87:1f:75:39:d9:8b
Signer

UPX0
Size: - Virtual size: 800KB

UPX1
Size: 137KB - Virtual size: 140KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 745KB

.rsrc
Size: 1024B - Virtual size: 884B

.reloc
Size: 1KB - Virtual size: 4KB