ExeFile (200)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ExeFile (200).exe
Size

777KB
MD5

f5d9021bf02680122ef5de324eb173b2
SHA1

e69e5676df042c1c54d9167d43646d5a89e4384c
SHA256

4df448b9c01fb42bdf6482f214bdb005a27396206c8b81a40bc63782c2404eca
SHA512

2245761ffeffbf90d321b74684a25bf75c73e16594806c14b81a2afb9605e358f5b3a5d7ddd177fb5deb207cc29e065381a4cb15bb95b798ef48b5d321693450
SSDEEP

24576:fEifyPr6VykH1rBM6B8pfrCeG01qPx1q90i8dcE3b:f5y8JpBQ+eWyocI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

ExeFile (200).exe
.exe windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01-09-2020 00:00

Not After

01-09-2023 23:59

Subject

CN=Global Microtrading PTE. LTD,OU=IT,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01-09-2020 00:00

Not After

01-09-2023 23:59

Subject

CN=Global Microtrading PTE. LTD,OU=IT,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:b5:fc:7a:5c:fa:36:23:a3:6a:cb:b1:bb:af:14:8b:80:ec:73:cc:29:89:5f:34:12:93:0b:c9:57:10:3e:4f
Signer

Actual PE Digest

cc:b5:fc:7a:5c:fa:36:23:a3:6a:cb:b1:bb:af:14:8b:80:ec:73:cc:29:89:5f:34:12:93:0b:c9:57:10:3e:4f

Digest Algorithm

sha256

PE Digest Matches

true

d5:fa:85:72:8a:54:92:a5:33:a8:8e:8a:99:2e:3b:2f:e2:5b:cb:a3
Signer

Actual PE Digest

d5:fa:85:72:8a:54:92:a5:33:a8:8e:8a:99:2e:3b:2f:e2:5b:cb:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1008KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 349KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 414KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51Certificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

cc:b5:fc:7a:5c:fa:36:23:a3:6a:cb:b1:bb:af:14:8b:80:ec:73:cc:29:89:5f:34:12:93:0b:c9:57:10:3e:4fSigner

d5:fa:85:72:8a:54:92:a5:33:a8:8e:8a:99:2e:3b:2f:e2:5b:cb:a3Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1008KB

UPX1 Size: 349KB - Virtual size: 352KB

.rsrc Size: 414KB - Virtual size: 416KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 707KB - Virtual size: 706KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 414KB - Virtual size: 413KB

.reloc Size: 42KB - Virtual size: 42KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

cc:b5:fc:7a:5c:fa:36:23:a3:6a:cb:b1:bb:af:14:8b:80:ec:73:cc:29:89:5f:34:12:93:0b:c9:57:10:3e:4f
Signer

d5:fa:85:72:8a:54:92:a5:33:a8:8e:8a:99:2e:3b:2f:e2:5b:cb:a3
Signer

UPX0
Size: - Virtual size: 1008KB

UPX1
Size: 349KB - Virtual size: 352KB

.rsrc
Size: 414KB - Virtual size: 416KB

.text
Size: 707KB - Virtual size: 706KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 414KB - Virtual size: 413KB

.reloc
Size: 42KB - Virtual size: 42KB