AActPortablev4[.]3[.]1[.]n[.]taiwebs[.]com[.]zip

Resubmissions

21/04/2024, 19:03

240421-xqf44ahf24 7

Sharing

Copy URL Twitter E-mail

General

Target

AActPortablev4.3.1.n.taiwebs.com.zip
Size

3.0MB
MD5

95899d91aae4c5991961fe06a838a96e
SHA1

560875416cd584e92265c8e3cdfcbe295f44a059
SHA256

a2d19e1e9eef791b315f7699bd9e8e9fc3be740e3168a104bcb257442e3cc5c1
SHA512

42d3c3b6462b57a60dcab56a2036acaa50be13537ed6c7c4cac73aed4fe617c3f1f1b3f4ee1dafd26b3388965232101fddf1822eb7ba7aa69242b41d51cd2733
SSDEEP

98304:erKkqbVUjdTzkP4ZFW6zwokJW1Mes5OHTI+3taO:kKkqbEkuF8xcMe9HF9z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AAct Portable v4.3.1/AAct.exe	upx
static1/unpack001/AAct Portable v4.3.1/AAct_x64.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx

Files

AActPortablev4.3.1.n.taiwebs.com.zip
.zip

Password: taiwebs.com
AAct Portable v4.3.1/AAct.exe
.exe windows:4 windows x86 arch:x86

Password: taiwebs.com

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38
Signer

Actual PE Digest

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38

Digest Algorithm

sha256

PE Digest Matches

true

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29
Signer

Actual PE Digest

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AAct Portable v4.3.1/AAct_x64.exe
.exe windows:5 windows x64 arch:x64

Password: taiwebs.com

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8
Signer

Actual PE Digest

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8

Digest Algorithm

sha256

PE Digest Matches

true

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0c
Signer

Actual PE Digest

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AAct Portable v4.3.1/readme_en.txt
AAct Portable v4.3.1/readme_ru.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: taiwebs.com

Password: taiwebs.com

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38Signer

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 69KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 157KB - Virtual size: 157KB

.text Size: 489KB - Virtual size: 488KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 68KB - Virtual size: 68KB

Password: taiwebs.com

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8Signer

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0cSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 70KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 260KB - Virtual size: 259KB

.text Size: 578KB - Virtual size: 577KB

.rdata Size: 160KB - Virtual size: 160KB

.pdata Size: 27KB - Virtual size: 26KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 68KB - Virtual size: 68KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38
Signer

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 69KB - Virtual size: 72KB

.code
Size: 157KB - Virtual size: 157KB

.text
Size: 489KB - Virtual size: 488KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 68KB - Virtual size: 68KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8
Signer

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0c
Signer

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 70KB - Virtual size: 72KB

.code
Size: 260KB - Virtual size: 259KB

.text
Size: 578KB - Virtual size: 577KB

.rdata
Size: 160KB - Virtual size: 160KB

.pdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 68KB - Virtual size: 68KB