Behavioral task
behavioral1
Sample
980d33a6e9f62978ef72b37c79b74e4d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
980d33a6e9f62978ef72b37c79b74e4d.exe
Resource
win10v2004-20231222-en
General
-
Target
980d33a6e9f62978ef72b37c79b74e4d
-
Size
279KB
-
MD5
980d33a6e9f62978ef72b37c79b74e4d
-
SHA1
c35e1acf40d8a003edc4c121579cd46e81f155b6
-
SHA256
1aa68c2a0da5f5631a59e03ea297f7f36dbb311bf4036ab13b294d3d56b1bd76
-
SHA512
0a7ecc9160daa0cbc36bef0cef2d99966c18b76e2b49ea8b6cf8957dc0c00c3ae381d5cfab62394b37eaf760ab703cee18eea9b1298efd1ff7b96df7fe9e2158
-
SSDEEP
6144:nmZupz7bGXwTfJQa9cl4E5BrJilNfhw6RvsiJeffbMEGf5oDrOnx:nmZ0aXsfn9clT/rJk0awzMXqDrOx
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
980d33a6e9f62978ef72b37c79b74e4d.exe windows:4 windows x86 arch:x86
Code Sign
2d:1f:81:a6:98:05:fc:6f:b0:4a:bf:f8:fa:1e:49:1aCertificate
IssuerCN=Spy SoftwareNot Before06-03-2011 13:59Not After31-12-2039 23:59SubjectCN=Spy Software38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
a1:85:54:0b:71:5a:1d:f2:52:78:16:00:e3:af:c9:47:bc:a9:35:49Signer
Actual PE Digesta1:85:54:0b:71:5a:1d:f2:52:78:16:00:e3:af:c9:47:bc:a9:35:49Digest Algorithmsha1PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 52KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 271KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 294KB - Virtual size: 294KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ