derka[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

derka.exe
Size

445KB
MD5

0fafabbbe5a6a1dae88df02e453ac23b
SHA1

2e0118d3f51c320d759006ef80f2aecd4f9184ab
SHA256

8fb481dadb1d763ba6e666ea1f5d89bc66e23a09e8e1c8705dc6c2f8ae891ee9
SHA512

27b35c404f8e9f2beedce1af87d5e8c2cad3bf248c604082f263ed14512ece1fa978e89e9582bc1ad29fa4c17cefb65997b448f73c763ac2184ac123465f8213
SSDEEP

12288:nOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPijggFE:nq5TfcdHj4fmbqFE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/out.upx

resource
unpack001/out.upx

Files

derka.exe
.exe windows:5 windows x86 arch:x86

Code Sign

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29-04-2021 19:15

Not After

28-04-2022 19:15

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:d1:5e:54:a3:d7:82:d5:7f:78:3c:61:22:fc:c0:fd:16:71:a7:97:f0:3e:3c:69:b1:11:ba:7c:4e:34:ef:15
Signer

Actual PE Digest

fe:d1:5e:54:a3:d7:82:d5:7f:78:3c:61:22:fc:c0:fd:16:71:a7:97:f0:3e:3c:69:b1:11:ba:7c:4e:34:ef:15

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 336KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

fe:d1:5e:54:a3:d7:82:d5:7f:78:3c:61:22:fc:c0:fd:16:71:a7:97:f0:3e:3c:69:b1:11:ba:7c:4e:34:ef:15Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 616KB

UPX1 Size: 336KB - Virtual size: 340KB

.rsrc Size: 91KB - Virtual size: 92KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 41KB - Virtual size: 41KB

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

fe:d1:5e:54:a3:d7:82:d5:7f:78:3c:61:22:fc:c0:fd:16:71:a7:97:f0:3e:3c:69:b1:11:ba:7c:4e:34:ef:15
Signer

UPX0
Size: - Virtual size: 616KB

UPX1
Size: 336KB - Virtual size: 340KB

.rsrc
Size: 91KB - Virtual size: 92KB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 41KB - Virtual size: 41KB