039730feda4ac9c677a16505b6d97012faa3227e7966308351b7de8eeabfc32b

Sharing

Copy URL Twitter E-mail

General

Target

039730feda4ac9c677a16505b6d97012faa3227e7966308351b7de8eeabfc32b
Size

1.5MB
MD5

3dfa71248fab815d13189238415a474a
SHA1

3203f015459996b493a32c79265855d19f7c1217
SHA256

039730feda4ac9c677a16505b6d97012faa3227e7966308351b7de8eeabfc32b
SHA512

1c1ccfa3678339d15907e3e2ae3f851a4685040a5f67e3a33bbbcb451c318a04625a683f345ced169f98f751853ebd6a65e70c0db66add1eb89198ae76c2cda2
SSDEEP

24576:uGUaCtULsUlUZcMDAC4WMl/t2umFvKcXundon2yY792W6uncScu+:uGUaCqLTlyDZytqFvsyq92W6ucxu+

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 2 IoCs

resource	yara_rule
sample	UPX
static1/unpack001/out.upx	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

039730feda4ac9c677a16505b6d97012faa3227e7966308351b7de8eeabfc32b
.exe windows:4 windows x86 arch:x86

Code Sign

04:68:e1:d3:69:fe:2a:5f:2a:a4:8e:ac:33:61:5a:0b
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/05/2011, 00:00

Not After

05/06/2012, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:23:e5:b8:b6:b3:87:84:d3:85:4c:92:51:98:55:0f
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/09/2011, 00:00

Not After

04/10/2012, 12:00

Subject

CN=Stream Development Ltd.,O=Stream Development Ltd.,L=VICTORIA,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:04:df:21:74:5d:4d:2b:8c:ea:33:72:05:00:50:e9
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:62:6a:ec:6a:f9:3a:07:cd:f5:60:0d:30:c6:32:11:4e:fe:a8:a4
Signer

Actual PE Digest

ed:62:6a:ec:6a:f9:3a:07:cd:f5:60:0d:30:c6:32:11:4e:fe:a8:a4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 945KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$18Gnugettext@TDomain
@$xp$18Gnugettext@TMoFile
@$xp$21Gnugettext@EGGIOError
@$xp$22Gnugettext@EGnuGettext
@$xp$22Gnugettext@TExecutable
@$xp$22Gnugettext@TTranslator
@$xp$23Gnugettext@TDebugLogger
@$xp$23Gnugettext@TOnDebugLine
@$xp$25Gnugettext@TGetPluralForm
@$xp$28Gnugettext@EGGComponentError
@$xp$30Gnugettext@EGGProgrammingError
@$xp$30Gnugettext@TGnuGettextInstance
@$xp$32Gnugettext@EGGAnsi2WideConvError
@@Unit1@Finalize
@@Unit1@Initialize
@Gnugettext@AddDomainForResourceString$qqrx20System@UnicodeString
@Gnugettext@DefaultInstance
@Gnugettext@EGGAnsi2WideConvError@
@Gnugettext@EGGComponentError@
@Gnugettext@EGGIOError@
@Gnugettext@EGGProgrammingError@
@Gnugettext@EGnuGettext@
@Gnugettext@ExecutableFilename
@Gnugettext@Finalization$qqrv
@Gnugettext@GetCurrentLanguage$qqrv
@Gnugettext@GetTranslatorNameAndEmail$qqrv
@Gnugettext@HookIntoResourceStrings$qqroo
@Gnugettext@LoadResString$qqrp20System@TResStringRec
@Gnugettext@LoadResStringW$qqrp20System@TResStringRec
@Gnugettext@RemoveDomainForResourceString$qqrx20System@UnicodeString
@Gnugettext@RetranslateComponent$qqrp25System@Classes@TComponentx20System@UnicodeString
@Gnugettext@TDomain@
@Gnugettext@TDomain@$bctr$qqrv
@Gnugettext@TDomain@$bdtr$qqrv
@Gnugettext@TDomain@CloseMoFile$qqrv
@Gnugettext@TDomain@GetListOfLanguages$qqrp23System@Classes@TStrings
@Gnugettext@TDomain@GetTranslationProperty$qqr20System@UnicodeString
@Gnugettext@TDomain@OpenMoFile$qqrv
@Gnugettext@TDomain@SetFilename$qqrx20System@UnicodeString
@Gnugettext@TDomain@SetLanguageCode$qqrx20System@UnicodeString
@Gnugettext@TDomain@gettext$qqrx31System@%AnsiStringT$us$i65535$%
@Gnugettext@TDomain@setDirectory$qqrx20System@UnicodeString
@Gnugettext@TExecutable@
@Gnugettext@TExecutable@Execute$qqrv
@Gnugettext@TGnuGettextInstance@
@Gnugettext@TGnuGettextInstance@$bctr$qqrv
@Gnugettext@TGnuGettextInstance@$bdtr$qqrv
@Gnugettext@TGnuGettextInstance@DebugLogPause$qqro
@Gnugettext@TGnuGettextInstance@DebugLogToFile$qqrx20System@UnicodeStringo
@Gnugettext@TGnuGettextInstance@FreeTP_ClassHandlingItems$qqrv
@Gnugettext@TGnuGettextInstance@GetCurrentLanguage$qqrv
@Gnugettext@TGnuGettextInstance@GetListOfLanguages$qqrx20System@UnicodeStringp23System@Classes@TStrings
@Gnugettext@TGnuGettextInstance@GetTranslationProperty$qqrx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@GetTranslatorNameAndEmail$qqrv
@Gnugettext@TGnuGettextInstance@Getdomain$qqrx20System@UnicodeStringt1t1
@Gnugettext@TGnuGettextInstance@LoadResString$qqrp20System@TResStringRec
@Gnugettext@TGnuGettextInstance@RetranslateComponent$qqrp25System@Classes@TComponentx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TP_CreateRetranslator$qqrv
@Gnugettext@TGnuGettextInstance@TP_GlobalHandleClass$qqrp17System@TMetaClassynpqqrp14System@TObject$v
@Gnugettext@TGnuGettextInstance@TP_GlobalIgnoreClass$qqrp17System@TMetaClass
@Gnugettext@TGnuGettextInstance@TP_GlobalIgnoreClassProperty$qqrp17System@TMetaClass20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TP_Ignore$qqrp14System@TObjectx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TP_IgnoreClass$qqrp17System@TMetaClass
@Gnugettext@TGnuGettextInstance@TP_IgnoreClassProperty$qqrp17System@TMetaClass20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TranslateComponent$qqrp25System@Classes@TComponentx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TranslateProperties$qqrp14System@TObject20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TranslateProperty$qqrp14System@TObjectp24System@Typinfo@TPropInfop23System@Classes@TStringsx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@TranslateStrings$qqrp23System@Classes@TStringsx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@UseLanguage$qqr20System@UnicodeString
@Gnugettext@TGnuGettextInstance@WhenNewDomain$qqrx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@WhenNewDomainDirectory$qqrx20System@UnicodeStringt1
@Gnugettext@TGnuGettextInstance@WhenNewLanguage$qqrx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@bindtextdomain$qqrx20System@UnicodeStringt1
@Gnugettext@TGnuGettextInstance@bindtextdomainToFile$qqrx20System@UnicodeStringt1
@Gnugettext@TGnuGettextInstance@dgettext$qqrx20System@UnicodeStringt1
@Gnugettext@TGnuGettextInstance@dngettext$qqrx20System@UnicodeStringt1t1i
@Gnugettext@TGnuGettextInstance@getcurrenttextdomain$qqrv
@Gnugettext@TGnuGettextInstance@gettext$qqrx20System@UnicodeString
@Gnugettext@TGnuGettextInstance@ngettext$qqrx20System@UnicodeStringt1i
@Gnugettext@TGnuGettextInstance@textdomain$qqrx20System@UnicodeString
@Gnugettext@TMoFile@
@Gnugettext@TMoFile@$bctr$qqr20System@UnicodeStringjj
@Gnugettext@TMoFile@$bdtr$qqrv
@Gnugettext@TMoFile@CardinalInMem$qqrpcui
@Gnugettext@TMoFile@autoswap32$qqrui
@Gnugettext@TMoFile@gettext$qqrx31System@%AnsiStringT$us$i65535$%ro
@Gnugettext@TP_GlobalHandleClass$qqrp17System@TMetaClassynpqqrp14System@TObject$v
@Gnugettext@TP_GlobalIgnoreClass$qqrp17System@TMetaClass
@Gnugettext@TP_GlobalIgnoreClassProperty$qqrp17System@TMetaClassx20System@UnicodeString
@Gnugettext@TP_Ignore$qqrp14System@TObjectx20System@UnicodeString
@Gnugettext@TP_IgnoreClass$qqrp17System@TMetaClass
@Gnugettext@TP_IgnoreClassProperty$qqrp17System@TMetaClassx20System@UnicodeString
@Gnugettext@TranslateComponent$qqrp25System@Classes@TComponentx20System@UnicodeString
@Gnugettext@UseLanguage$qqr20System@UnicodeString
@Gnugettext@_$qqrx20System@UnicodeString
@Gnugettext@bindtextdomain$qqrx20System@UnicodeStringt1
@Gnugettext@dgettext$qqrx20System@UnicodeStringt1
@Gnugettext@dngettext$qqrx20System@UnicodeStringt1t1i
@Gnugettext@getcurrenttextdomain$qqrv
@Gnugettext@gettext$qqrx20System@UnicodeString
@Gnugettext@initialization$qqrv
@Gnugettext@ngettext$qqrx20System@UnicodeStringt1i
@Gnugettext@textdomain$qqrx20System@UnicodeString
_MainForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 591KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:68:e1:d3:69:fe:2a:5f:2a:a4:8e:ac:33:61:5a:0bCertificate

Extended Key Usages

Key Usages

08:23:e5:b8:b6:b3:87:84:d3:85:4c:92:51:98:55:0fCertificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

0a:04:df:21:74:5d:4d:2b:8c:ea:33:72:05:00:50:e9Certificate

Extended Key Usages

Key Usages

ed:62:6a:ec:6a:f9:3a:07:cd:f5:60:0d:30:c6:32:11:4e:fe:a8:a4Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 945KB - Virtual size: 948KB

.rsrc Size: 592KB - Virtual size: 592KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 83KB - Virtual size: 204KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 14KB - Virtual size: 16KB

.didata Size: 2KB - Virtual size: 4KB

.edata Size: 7KB - Virtual size: 8KB

.rsrc Size: 591KB - Virtual size: 592KB

.reloc Size: 225KB - Virtual size: 228KB

04:68:e1:d3:69:fe:2a:5f:2a:a4:8e:ac:33:61:5a:0b
Certificate

08:23:e5:b8:b6:b3:87:84:d3:85:4c:92:51:98:55:0f
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

0a:04:df:21:74:5d:4d:2b:8c:ea:33:72:05:00:50:e9
Certificate

ed:62:6a:ec:6a:f9:3a:07:cd:f5:60:0d:30:c6:32:11:4e:fe:a8:a4
Signer

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 945KB - Virtual size: 948KB

.rsrc
Size: 592KB - Virtual size: 592KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 83KB - Virtual size: 204KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 14KB - Virtual size: 16KB

.didata
Size: 2KB - Virtual size: 4KB

.edata
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 591KB - Virtual size: 592KB

.reloc
Size: 225KB - Virtual size: 228KB