efea9a72bea3292b1885229603c6d5fb8bd6a99a6262ccfb0574afd3d7d68296

Sharing

Copy URL Twitter E-mail

General

Target

efea9a72bea3292b1885229603c6d5fb8bd6a99a6262ccfb0574afd3d7d68296
Size

20KB
MD5

a24e98f50f6bcec682e6c64031e46101
SHA1

5c228bc9ac8c6b4a0a2962a9aeb789e4b068b2e0
SHA256

efea9a72bea3292b1885229603c6d5fb8bd6a99a6262ccfb0574afd3d7d68296
SHA512

7bb8a9dbbea17dad66c5491b23bb26e08e9fdb13e55c86fcef1cf5beedd21ad02e86f71449b88c06e62a02179fc11b111f99eb69fd748fdedd49dd28c413f6d5
SSDEEP

384:o33oWHbGIT48zbXRUWpWgQ1DakpUHeMtj:oIW7GITVzbX2dgQ12kk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

efea9a72bea3292b1885229603c6d5fb8bd6a99a6262ccfb0574afd3d7d68296
.dll windows:6 windows x64 arch:x64

Code Sign

70:d2:0d:b4:73:8e:4e:29
Certificate

Issuer

CN=RudeWells Windows CA - G1,OU=RudeWells Team,O=RudeWells Team,L=Waalre,ST=Noord-Brabant,C=US,1.2.840.113549.1.9.1=#0c1a7275646577656c6c3535364070726f746f6e6d61696c2e636f6d

Not Before

01/01/1980, 07:21

Not After

01/01/2080, 07:21

Subject

CN=RudeWells TimeStamping - G2,OU=RudeWells Team,O=RudeWells Team,L=Waalre,ST=Noord-Brabant,C=US,1.2.840.113549.1.9.1=#0c1a7275646577656c6c3535364070726f746f6e6d61696c2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:4b:28:69:b2:99:2e:93:ef:11:2f:1c:65:67:47:59:47:9d:13:ab
Signer

Actual PE Digest

b7:4b:28:69:b2:99:2e:93:ef:11:2f:1c:65:67:47:59:47:9d:13:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

g_module_build_path
g_module_close
g_module_error
g_module_error_quark
g_module_make_resident
g_module_name
g_module_name_utf8
g_module_open
g_module_open_full
g_module_open_utf8
g_module_supported
g_module_symbol

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

70:d2:0d:b4:73:8e:4e:29Certificate

Extended Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b7:4b:28:69:b2:99:2e:93:ef:11:2f:1c:65:67:47:59:47:9d:13:abSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 11KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 648B

.pdata Size: 1024B - Virtual size: 828B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 80B

70:d2:0d:b4:73:8e:4e:29
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b7:4b:28:69:b2:99:2e:93:ef:11:2f:1c:65:67:47:59:47:9d:13:ab
Signer

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 648B

.pdata
Size: 1024B - Virtual size: 828B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 80B