a75db0b1259d2a1771ba368252bd5f9f6e7b129fcd8e70bac5f3a643b78dae8d

Sharing

Copy URL Twitter E-mail

General

Target

a75db0b1259d2a1771ba368252bd5f9f6e7b129fcd8e70bac5f3a643b78dae8d
Size

15.2MB
MD5

27ea40d5811cdb14d56cc4607faf4023
SHA1

239c676b9657272b74311206e07539d8d9658bcb
SHA256

a75db0b1259d2a1771ba368252bd5f9f6e7b129fcd8e70bac5f3a643b78dae8d
SHA512

8e38ba5001cfc4f8914cdb5a2b1065c0d9da59f5ec5767b12e26f9cc53321e3f5fb03fb3e88f34bed5e670a2a4caa452fc65aa48b7934251db9fad57adde8843
SSDEEP

196608:wwj6ppmnaRHkBnJbnacwyKcWoykig9WAvJU8pLSisFY3wbJWeWImj+eXpn2f+Zv2:/6pdWBnJwypD9WKJUqS0eyXpn2f+x2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

a75db0b1259d2a1771ba368252bd5f9f6e7b129fcd8e70bac5f3a643b78dae8d
.exe windows:4 windows x86 arch:x86

Code Sign

21:61:21:73:34:fc:eb:7c:ba:c1:ec:73:6a:9d:2f:fb
Certificate

Issuer

CN=Wangji Technology Co.\, Ltd.,1.2.840.113549.1.9.1=#1300

Not Before

31/12/2002, 16:00

Not After

30/12/2099, 16:00

Subject

CN=Wangji Technology Co.\, Ltd.,1.2.840.113549.1.9.1=#1300

Extended Key Usages

ExtKeyUsageCodeSigning

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:a3:c8:54:98:fc:50:7b:0d:4e:18:5a:5e:d8:cc:04:ee:1b:80:30:af:9e:a2:e5:54:3c:ea:3d:6e:09:07:83
Signer

Actual PE Digest

59:a3:c8:54:98:fc:50:7b:0d:4e:18:5a:5e:d8:cc:04:ee:1b:80:30:af:9e:a2:e5:54:3c:ea:3d:6e:09:07:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

21:61:21:73:34:fc:eb:7c:ba:c1:ec:73:6a:9d:2f:fbCertificate

Extended Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

59:a3:c8:54:98:fc:50:7b:0d:4e:18:5a:5e:d8:cc:04:ee:1b:80:30:af:9e:a2:e5:54:3c:ea:3d:6e:09:07:83Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 16.3MB

UPX1 Size: 237KB - Virtual size: 240KB

.rsrc Size: 15.0MB - Virtual size: 15.0MB

Headers

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: - Virtual size: 24KB

.rsrc Size: 15.0MB - Virtual size: 15.0MB

21:61:21:73:34:fc:eb:7c:ba:c1:ec:73:6a:9d:2f:fb
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

59:a3:c8:54:98:fc:50:7b:0d:4e:18:5a:5e:d8:cc:04:ee:1b:80:30:af:9e:a2:e5:54:3c:ea:3d:6e:09:07:83
Signer

UPX0
Size: - Virtual size: 16.3MB

UPX1
Size: 237KB - Virtual size: 240KB

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 15.0MB - Virtual size: 15.0MB