c4e688ecdb174c3606e5465792ffe3abbe1ed28c1e1c76aa517d236d4b0c9f29

Sharing

Copy URL

Twitter E-mail

General

Target

c4e688ecdb174c3606e5465792ffe3abbe1ed28c1e1c76aa517d236d4b0c9f29
Size

51KB
MD5

5548fab11a3319e5197442c9e6792dd5
SHA1

e30df8c0cea040fe3ab92197435f1493762fecb9
SHA256

c4e688ecdb174c3606e5465792ffe3abbe1ed28c1e1c76aa517d236d4b0c9f29
SHA512

cbc3c7995551dedb28f1491a28b8361cec008f191f49d51d5d063363dcd877f72cf90e94730baa361f91b30eae6a2ec0442a36607cede132f1355ba5d22895ed
SSDEEP

1536:g87YGwoD4dEZKFqCKYUgn7g91FlbSBd9mqvI:QGU9qCKcs91mLmqvI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

c4e688ecdb174c3606e5465792ffe3abbe1ed28c1e1c76aa517d236d4b0c9f29
.exe windows:4 windows x86 arch:x86

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0e:7d:55:88:79:b3:2f:1b:a7:6b:66:29:66:e6:29:e2
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/10/2001, 00:00

Not After

04/10/2002, 23:59

Subject

CN=Varadox Communication Corp,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development,O=VeriSign\, Inc.,L=Internet+L=Calgary,ST=Alberta,C=CA

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

0e:7d:55:88:79:b3:2f:1b:a7:6b:66:29:66:e6:29:e2Certificate

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 92KB

UPX1 Size: 41KB - Virtual size: 44KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 3KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

0e:7d:55:88:79:b3:2f:1b:a7:6b:66:29:66:e6:29:e2
Certificate

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 41KB - Virtual size: 44KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 3KB