44aadf7dc6e718c16b4449511f1a98ee1f9511afd0188881760b453ce41da7f4

Sharing

Copy URL Twitter E-mail

General

Target

44aadf7dc6e718c16b4449511f1a98ee1f9511afd0188881760b453ce41da7f4
Size

2.0MB
MD5

7a3815d2f2e1c0d4322be034f8485189
SHA1

77e3fbf350f030ca0c95ed1ed2f8629804864f42
SHA256

44aadf7dc6e718c16b4449511f1a98ee1f9511afd0188881760b453ce41da7f4
SHA512

7851079a530ec0550ed98618e6c0cc21ecc4cda5448b38ecc5f428106629741fcd657b7de6e3611af22dc3a7d5dd1e594b9e386d7ac1b9e68cced99404afe69b
SSDEEP

49152:88PofMSFsFobkJ+xnS758i0PXPvoU9QFWmW2gUXLV7AqkrGkTHe:8HfMSFuoIoNS758i0PfAU2WZ2fbCqkq/

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

44aadf7dc6e718c16b4449511f1a98ee1f9511afd0188881760b453ce41da7f4
.exe windows:5 windows x64 arch:x64

Code Sign

17:58:34:25:bc:99:0d:b4:4a:5a:03:09:8a:0d:77:d0
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/12/1999, 21:00

Not After

31/12/2098, 21:00

Subject

CN=ETAP Automation Inc,O=ETAP Automation Inc,L=Irvine,ST=California,C=US

ee:ce:a8:83:39:cc:7e:e1:50:55:9d:a0:38:59:9b:4a:a5:d3:9f:73:43:65:06:f1:96:2a:57:4b:85:2e:32:92
Signer

Actual PE Digest

ee:ce:a8:83:39:cc:7e:e1:50:55:9d:a0:38:59:9b:4a:a5:d3:9f:73:43:65:06:f1:96:2a:57:4b:85:2e:32:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

17:58:34:25:bc:99:0d:b4:4a:5a:03:09:8a:0d:77:d0Certificate

ee:ce:a8:83:39:cc:7e:e1:50:55:9d:a0:38:59:9b:4a:a5:d3:9f:73:43:65:06:f1:96:2a:57:4b:85:2e:32:92Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 76KB - Virtual size: 80KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 576B

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 512B - Virtual size: 12B

17:58:34:25:bc:99:0d:b4:4a:5a:03:09:8a:0d:77:d0
Certificate

ee:ce:a8:83:39:cc:7e:e1:50:55:9d:a0:38:59:9b:4a:a5:d3:9f:73:43:65:06:f1:96:2a:57:4b:85:2e:32:92
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 76KB - Virtual size: 80KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 576B

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 512B - Virtual size: 12B