036299a0a0641e02b671f28a0a97d8c43f24e3750913d3c43497e05dc8327979

Sharing

Copy URL Twitter E-mail

General

Target

036299a0a0641e02b671f28a0a97d8c43f24e3750913d3c43497e05dc8327979
Size

275KB
MD5

0a72145e1ca6fd43f68a95b91eb0e753
SHA1

bfb1136d6ec3ff3f3b5dec85897e75db5d9743f8
SHA256

036299a0a0641e02b671f28a0a97d8c43f24e3750913d3c43497e05dc8327979
SHA512

4566d62a516ad4986bf930d126fb1af340d37507d6e386b8d172bef5b16ae131aa7ec0e1f41de2ef3ed0236eb9a2a9780c540c4e9787042501fe109686112e77
SSDEEP

6144:sHNbpWjCv1m5UDRWh2bb2qwXFS29gqJAHkmMEn6UwVn9aP:+NtWWv0a9bwr9EHk3d8P

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

036299a0a0641e02b671f28a0a97d8c43f24e3750913d3c43497e05dc8327979
.exe windows:4 windows x86 arch:x86

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

12/01/2010, 00:00

Not After

11/01/2013, 23:59

Subject

CN=Shanghai Giant Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Giant Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fbCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 312KB

UPX1 Size: 248KB - Virtual size: 248KB

.rsrc Size: 22KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 152KB - Virtual size: 148KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

UPX0
Size: - Virtual size: 312KB

UPX1
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 22KB - Virtual size: 24KB

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 152KB - Virtual size: 148KB