SecuriteInfo[.]com[.]Malicious_Behavior[.]SB[.]16895[.]17425[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Malicious_Behavior.SB.16895.17425.exe
Size

4.1MB
MD5

1deaff8ccb5b9a0ce857650f9df9a0c1
SHA1

0b56953509a79ea960b5a42ada3f699058030779
SHA256

db9fc1f7419d9bfb5144d57677b5101825c97a27b04c074318cf726bfc312954
SHA512

509e6e78828dfcf1c1ac34b4621f8631cdbe516c562429c75d73b24c7c37cd120822e7820261ea64c94a3910b507a1a876624e6c1ef8e97131afed9e29e2867c
SSDEEP

98304:JMnzz9jK7mk9nrpao6EzIzGePewXbw5Dz99d3ZVUh2Wy:2z9UmwP6+YGePPLa99d3/UoWy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

SecuriteInfo.com.Malicious_Behavior.SB.16895.17425.exe
.exe windows:5 windows x86 arch:x86

Code Sign

58:c6:26:0a:b3:90:e4:f0:24:f1:12:9a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

25/05/2021, 02:42

Not After

25/05/2024, 02:42

Subject

SERIALNUMBER=131111-0337335,CN=Midassoft Corporation Limited,O=Midassoft Corporation Limited,STREET=9-22\, Pangyo-ro 255beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:c6:26:0a:b3:90:e4:f0:24:f1:12:9a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

25/05/2021, 02:42

Not After

25/05/2024, 02:42

Subject

SERIALNUMBER=131111-0337335,CN=Midassoft Corporation Limited,O=Midassoft Corporation Limited,STREET=9-22\, Pangyo-ro 255beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:15:84:cc:81:f5:ae:12:b8:66:a7:1a:b2:64:d5:1c:34:97:a9:46:86:8a:6a:b2:69:0b:b2:0b:eb:3f:e6:7d
Signer

Actual PE Digest

5b:15:84:cc:81:f5:ae:12:b8:66:a7:1a:b2:64:d5:1c:34:97:a9:46:86:8a:6a:b2:69:0b:b2:0b:eb:3f:e6:7d

Digest Algorithm

sha256

PE Digest Matches

true

97:36:53:87:5e:54:6a:66:60:59:23:26:b4:83:6d:0e:5e:c8:bf:48
Signer

Actual PE Digest

97:36:53:87:5e:54:6a:66:60:59:23:26:b4:83:6d:0e:5e:c8:bf:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

58:c6:26:0a:b3:90:e4:f0:24:f1:12:9aCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

58:c6:26:0a:b3:90:e4:f0:24:f1:12:9aCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

5b:15:84:cc:81:f5:ae:12:b8:66:a7:1a:b2:64:d5:1c:34:97:a9:46:86:8a:6a:b2:69:0b:b2:0b:eb:3f:e6:7dSigner

97:36:53:87:5e:54:6a:66:60:59:23:26:b4:83:6d:0e:5e:c8:bf:48Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 112KB

UPX1 Size: 62KB - Virtual size: 64KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 7KB - Virtual size: 6KB

58:c6:26:0a:b3:90:e4:f0:24:f1:12:9a
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

58:c6:26:0a:b3:90:e4:f0:24:f1:12:9a
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

5b:15:84:cc:81:f5:ae:12:b8:66:a7:1a:b2:64:d5:1c:34:97:a9:46:86:8a:6a:b2:69:0b:b2:0b:eb:3f:e6:7d
Signer

97:36:53:87:5e:54:6a:66:60:59:23:26:b4:83:6d:0e:5e:c8:bf:48
Signer

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 62KB - Virtual size: 64KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 7KB - Virtual size: 6KB