100c1b6c850903083d5bf456261ed2e577f5ab1559f825323cf14a54bf8db33f

Sharing

Copy URL Twitter E-mail

General

Target

100c1b6c850903083d5bf456261ed2e577f5ab1559f825323cf14a54bf8db33f
Size

532KB
MD5

1cc561d57c910df15d3f0549e9245a1d
SHA1

6d8a01893ca1588cb2a5ed7f8e3651ea862965e7
SHA256

100c1b6c850903083d5bf456261ed2e577f5ab1559f825323cf14a54bf8db33f
SHA512

c5eaf5ddf100f29ff3d82301fffaf98d04c243cc783f5bf613064bc0864102dd33a17b209e873661109583447345d469086fd0db834577e65c4393a37cf201f1
SSDEEP

12288:j2KOYjMs4+GgTJKpiFtzfeiQ5Ki5oh3KYGcu0ga:q8Qs4+GgTsEfeoh3Flga

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

100c1b6c850903083d5bf456261ed2e577f5ab1559f825323cf14a54bf8db33f
.exe windows:4 windows x86 arch:x86

Code Sign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:00:99:66:0b:8c:49:f9:95:73:6b:5f:20:8f:4d:46
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

28/04/2023, 18:16

Not After

27/04/2025, 18:16

Subject

SERIALNUMBER=2060656,CN=Quantum Intech\, Inc.,OU=Engineering,O=HeartMath (Quantum Intech\, Inc.),L=Boulder Creek,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:8b:6e:4c:d1:1f:4a:60:00:7f:4c:1a:14:03:08:d6:b5:b8:27:37:40:0f:54:81:e8:11:95:d5:b1:75:a6:09
Signer

Actual PE Digest

10:8b:6e:4c:d1:1f:4a:60:00:7f:4c:1a:14:03:08:d6:b5:b8:27:37:40:0f:54:81:e8:11:95:d5:b1:75:a6:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 447KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 916KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

6a:00:99:66:0b:8c:49:f9:95:73:6b:5f:20:8f:4d:46Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

10:8b:6e:4c:d1:1f:4a:60:00:7f:4c:1a:14:03:08:d6:b5:b8:27:37:40:0f:54:81:e8:11:95:d5:b1:75:a6:09Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 852KB

UPX1 Size: 447KB - Virtual size: 448KB

.rsrc Size: 75KB - Virtual size: 76KB

Headers

File Characteristics

Sections

.text Size: 916KB - Virtual size: 914KB

.rdata Size: 164KB - Virtual size: 160KB

.data Size: 84KB - Virtual size: 99KB

.rsrc Size: 104KB - Virtual size: 100KB

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

6a:00:99:66:0b:8c:49:f9:95:73:6b:5f:20:8f:4d:46
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

10:8b:6e:4c:d1:1f:4a:60:00:7f:4c:1a:14:03:08:d6:b5:b8:27:37:40:0f:54:81:e8:11:95:d5:b1:75:a6:09
Signer

UPX0
Size: - Virtual size: 852KB

UPX1
Size: 447KB - Virtual size: 448KB

.rsrc
Size: 75KB - Virtual size: 76KB

.text
Size: 916KB - Virtual size: 914KB

.rdata
Size: 164KB - Virtual size: 160KB

.data
Size: 84KB - Virtual size: 99KB

.rsrc
Size: 104KB - Virtual size: 100KB