323343e00a4df462872f979b191c33f87dfff77950d042554bdfd1e7187af325

Sharing

Copy URL Twitter E-mail

General

Target

323343e00a4df462872f979b191c33f87dfff77950d042554bdfd1e7187af325
Size

991KB
MD5

7827534f0e79ccb0c3026196bf597f69
SHA1

f891641ab05449b09c76b4416921fc70a953f38b
SHA256

323343e00a4df462872f979b191c33f87dfff77950d042554bdfd1e7187af325
SHA512

0a9dffef2d66387852e045be845194aa1c7f4711d6e3533f2aef03add9961b6bd1e303e1fa14c8feade669ec85d32a3ed23ed8ac4628165abea6eea08e1bf682
SSDEEP

24576:CpcW/wmc+z7NbkBU+yiBixlr7alMUDbPrpMRB2g:COvB+z5bkeCgxlr1UbPeRB2g

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

323343e00a4df462872f979b191c33f87dfff77950d042554bdfd1e7187af325
.exe windows:5 windows x86 arch:x86

Code Sign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2013, 00:00

Not After

04/06/2014, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:2b:02:b9:80:9d:b5:09:be:28:17:19:4d:4a:65:a0
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/05/2012, 00:00

Not After

30/07/2014, 12:00

Subject

CN=Psiphon Inc.,O=Psiphon Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:9e:ec:46:28:91:ba:bb:8f:d9:f2:38:4a:31:0c:50:13:68:f2:5f
Signer

Actual PE Digest

87:9e:ec:46:28:91:ba:bb:8f:d9:f2:38:4a:31:0c:50:13:68:f2:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 963KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 879KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89Certificate

Extended Key Usages

Key Usages

0c:2b:02:b9:80:9d:b5:09:be:28:17:19:4d:4a:65:a0Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

87:9e:ec:46:28:91:ba:bb:8f:d9:f2:38:4a:31:0c:50:13:68:f2:5fSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 963KB - Virtual size: 964KB

.rsrc Size: 20KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 879KB - Virtual size: 879KB

.rdata Size: 333KB - Virtual size: 332KB

.data Size: 31KB - Virtual size: 47KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 98KB - Virtual size: 97KB

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

0c:2b:02:b9:80:9d:b5:09:be:28:17:19:4d:4a:65:a0
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

87:9e:ec:46:28:91:ba:bb:8f:d9:f2:38:4a:31:0c:50:13:68:f2:5f
Signer

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 963KB - Virtual size: 964KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 879KB - Virtual size: 879KB

.rdata
Size: 333KB - Virtual size: 332KB

.data
Size: 31KB - Virtual size: 47KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 98KB - Virtual size: 97KB