Adware[.]Delf8[.]44D[.]Trojan[.]Autorun[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Adware.Delf8.44D.Trojan.Autorun.exe
Size

1.7MB
MD5

407abfdd78d00235bb9c4d8b66ccefcc
SHA1

4c85f6d0f1dacbdb0f02fed0ab311438880e9ff5
SHA256

bd5956065e7b5793666afee9fd6024198a214c20a2ef769c8cc511c5c1686084
SHA512

0a85af858c80d2e5c32178848fbdedf02fc53b58c3dd176ef79f5d735b7fdb96de90ef6bf8aa5f02725f2b3ec82019b98f3dc4f01323e994c0eda415cfbd5476
SSDEEP

49152:nER6AISuS8xWlL7mgfig+GvjWFPVqYFHF:86V6sWlntig+GYF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

Adware.Delf8.44D.Trojan.Autorun.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2f:8b:90:ea:31:56:fe:05:ce:85:a1:b9:7a:2a:88:f9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

24/06/2014, 00:00

Not After

23/08/2015, 23:59

Subject

CN=SoftBridge Co.\,Ltd,O=SoftBridge Co.\,Ltd,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$8TEncrypt
@@_fmmessage@Finalize
@@_fmmessage@Initialize
@@_fmupdatemain@Finalize
@@_fmupdatemain@Initialize
@@_uencrypt@Finalize
@@_uencrypt@Initialize
@@_ulog@Finalize
@@_ulog@Initialize
@@_unetwork@Finalize
@@_unetwork@Initialize
@@_uparamlist@Finalize
@@_uparamlist@Initialize
@@_uservermethods@Finalize
@@_uservermethods@Initialize
@@_uupdate@Finalize
@@_uupdate@Initialize
@@_uupdateglobal@Finalize
@@_uupdateglobal@Initialize
@@_uwebmodule@Finalize
@@_uwebmodule@Initialize
@System@TObject@%GetInterface$25Datasnap@Midas@IAppServer%$qqrr53System@%DelphiInterface$t25Datasnap@Midas@IAppServer%$o
@TEncrypt@
@TEncrypt@$bctr$qqrv
@TEncrypt@$bdtr$qqrv
@TEncrypt@Decrypt$qqrrx20System@UnicodeStringus
@TEncrypt@Encrypt$qqrrx20System@UnicodeStringus
@TEncrypt@FCipher1
@TEncrypt@FCipher2
@TEncrypt@HexToValue$qqrrx20System@UnicodeString
@TEncrypt@SetCipher$qqrii
@TEncrypt@ValueToHex$qqrrx20System@UnicodeString
__GetExceptDLLinfo
___CPPdebugHook
_fmUpdateMain

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 544KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2f:8b:90:ea:31:56:fe:05:ce:85:a1:b9:7a:2a:88:f9Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.3MB

UPX1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.data Size: 98KB - Virtual size: 220KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 15KB - Virtual size: 16KB

.didata Size: 2KB - Virtual size: 4KB

.edata Size: 1KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 544KB - Virtual size: 548KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2f:8b:90:ea:31:56:fe:05:ce:85:a1:b9:7a:2a:88:f9
Certificate

UPX0
Size: - Virtual size: 5.3MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.data
Size: 98KB - Virtual size: 220KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 15KB - Virtual size: 16KB

.didata
Size: 2KB - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 544KB - Virtual size: 548KB