3[.]5[.]5_45966[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3.5.5_45966.exe
Size

2.0MB
MD5

87f147fc342f46cded30d1c621b3553e
SHA1

435ae0f6069ef6ae4c8eaa0e7e065ef2c40c89e3
SHA256

df4ba1ac8433f415c6b461b39c1a398e6d741442eb3ee0b9614f34a1c133781f
SHA512

5a362339daeabe3d2728d8b283fe914235a61f4104924a2e1fcd8750d41074fcdcf680e62c01d4921d6763716bd09e2511d727036f89602dbdd7b55ca1f25afc
SSDEEP

49152:kfEkaV6VKxHeIXA709AuF9g394irdPDJ1zlbQea7PCbSv:eazT9AgI4g7ziea76bSv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Device/HarddiskVolume8/Santhosh/AppData/Roaming/uTorrent/updates/3.5.5_45966.exe	upx

Files

3.5.5_45966.exe
.zip

Password: India@2023@@
Device/HarddiskVolume8/Santhosh/AppData/Roaming/uTorrent/updates/3.5.5_45966.exe
.exe windows:5 windows x86 arch:x86

Code Sign

6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/10/2019, 00:00

Not After

16/12/2022, 23:59

Subject

CN=BitTorrent Inc,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:17:88:47:d7:e9:67:18:95:26:8a:d8:22:6d:3c:94:12:d8:64:3f:59:1a:24:3d:6a:e2:2b:a9:67:46:6f:f7
Signer

Actual PE Digest

77:17:88:47:d7:e9:67:18:95:26:8a:d8:22:6d:3c:94:12:d8:64:3f:59:1a:24:3d:6a:e2:2b:a9:67:46:6f:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: India@2023@@

Code Sign

6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

77:17:88:47:d7:e9:67:18:95:26:8a:d8:22:6d:3c:94:12:d8:64:3f:59:1a:24:3d:6a:e2:2b:a9:67:46:6f:f7Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.4MB

UPX1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 124KB - Virtual size: 124KB

6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

77:17:88:47:d7:e9:67:18:95:26:8a:d8:22:6d:3c:94:12:d8:64:3f:59:1a:24:3d:6a:e2:2b:a9:67:46:6f:f7
Signer

UPX0
Size: - Virtual size: 3.4MB

UPX1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 124KB - Virtual size: 124KB