4350e88cd6453a6eb6036c7a82deede495eee1b933d9c0b0e6cec2d2a91bd443

Sharing

Copy URL Twitter E-mail

General

Target

4350e88cd6453a6eb6036c7a82deede495eee1b933d9c0b0e6cec2d2a91bd443
Size

2.0MB
MD5

2fe79f4439a2a296f245e82aa2a44f83
SHA1

b6e4eebf5915786a41f61d8cb9221e06413c9e80
SHA256

4350e88cd6453a6eb6036c7a82deede495eee1b933d9c0b0e6cec2d2a91bd443
SHA512

1770aa0ae9400958a184549bc7b8446f114365b5c0d378d03223b501a4da7f3fdc2b306f066c8eae06884979b7757e5ce997f149ae6f34ac54b6784b0fe67320
SSDEEP

49152:Nntzh5SlEAxtC9wp5BtQ9pWNgQINHUJJbaPBEnwd:9VWEm7OENgQIN6JbMywd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bittorrent.exe	upx

Files

4350e88cd6453a6eb6036c7a82deede495eee1b933d9c0b0e6cec2d2a91bd443
.zip
bittorrent.exe
.exe windows:5 windows x86 arch:x86

Code Sign

6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/10/2019, 00:00

Not After

16/12/2022, 23:59

Subject

CN=BitTorrent Inc,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bb:ea:a0:99:d4:65:b1:bb:48:39:dc:3b:70:3a:ee:65:e8:e9:59:f7:37:0d:18:38:0c:27:7a:61:9e:c9:65:82
Signer

Actual PE Digest

bb:ea:a0:99:d4:65:b1:bb:48:39:dc:3b:70:3a:ee:65:e8:e9:59:f7:37:0d:18:38:0c:27:7a:61:9e:c9:65:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

bb:ea:a0:99:d4:65:b1:bb:48:39:dc:3b:70:3a:ee:65:e8:e9:59:f7:37:0d:18:38:0c:27:7a:61:9e:c9:65:82Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.4MB

UPX1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 120KB - Virtual size: 120KB

6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

bb:ea:a0:99:d4:65:b1:bb:48:39:dc:3b:70:3a:ee:65:e8:e9:59:f7:37:0d:18:38:0c:27:7a:61:9e:c9:65:82
Signer

UPX0
Size: - Virtual size: 3.4MB

UPX1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 120KB - Virtual size: 120KB