5606120233eb65e084aaea06b4b9ef70N

Sharing

Copy URL Twitter E-mail

General

Target

5606120233eb65e084aaea06b4b9ef70N
Size

9.1MB
MD5

5606120233eb65e084aaea06b4b9ef70
SHA1

51dbbf34a8fd616eb0353cfdc7681e6d1c831d2e
SHA256

80e511b003265fe7974ce3c3aa6fcfe4a83911fd1dc4ae502649058026b69fce
SHA512

27a0fd0f389d3a96301052af18523fde00ae1cffb75a66c80aebfe0ad8ca8dd97fb48548b56b73fb586230a7b100750e76bf4281a6bce694084e6590bc573f16
SSDEEP

196608:gHGS7S0WxsXt8ivgUnCRQSzcZ3Asb9r6BOR44:SYxsXtVvYRjS3AZB8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

5606120233eb65e084aaea06b4b9ef70N
.exe windows:4 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:4c:40:1c:8b:ab:87:27:28:10:54:a8:2e:d6:46:de
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/07/2021, 00:00

Not After

18/07/2024, 23:59

Subject

SERIALNUMBER=91460000MA5T8M9381,CN=海南驰豹科技有限公司,O=海南驰豹科技有限公司,L=澄迈县,ST=海南省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b5b7e58d97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:7b:9f:25:1e:51:bc:40:37:dd:3c:15:fa:d5:25:46:31:a2:23:60:a8:a0:23:ce:ac:4e:c1:86:e1:a6:f1:df
Signer

Actual PE Digest

8d:7b:9f:25:1e:51:bc:40:37:dd:3c:15:fa:d5:25:46:31:a2:23:60:a8:a0:23:ce:ac:4e:c1:86:e1:a6:f1:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 604KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 365KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@ABU012@@Z
??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxThreadBase@VLocker@kbase@@@kbase@@QAE@XZ
??0ReportHelper@business_publish@@AAE@XZ
??1?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAE@XZ
??1?$kxThreadBase@VLocker@kbase@@@kbase@@UAE@XZ
??1ReportHelper@business_publish@@UAE@XZ
??4?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEAAU012@ABU012@@Z
??_7?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxThreadBase@VLocker@kbase@@@kbase@@6B@
??_7ReportHelper@business_publish@@6B?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
??_7ReportHelper@business_publish@@6B?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AfterThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXH@Z
?AfterThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXH@Z
?BeginThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXXZ
?BeginThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXXZ
?GetHandle@?$kxThreadBase@VLocker@kbase@@@kbase@@QBEPAXXZ
?GetInstance@ReportHelper@business_publish@@SAPAV12@XZ
?Init@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXPAU?$_CallBack@VKSimpleDirectInfoc@@@12@K@Z
?Initialzie@ReportHelper@business_publish@@QAE_NW4ReportType@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Insert@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE_NABVKSimpleDirectInfoc@@@Z
?IsRunning@?$kxThreadBase@VLocker@kbase@@@kbase@@QAE_NXZ
?KCreateThread@?$kxThreadBase@VLocker@kbase@@@kbase@@SAPAXHP6GKPAX@Z0PAK0II@Z
?Kill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHXZ
?Kill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHXZ
?QueueThreadCallback@ReportHelper@business_publish@@MAEHKAAVKSimpleDirectInfoc@@@Z
?Report@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?ReportDirect@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?SetPriority@?$kxThreadBase@VLocker@kbase@@@kbase@@QAEHH@Z
?SetTimeOut@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXK@Z
?Start@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEHXZ
?StartThread@?$kxThreadBase@VLocker@kbase@@@kbase@@IAEHPAX@Z
?Thread@?$kxThreadBase@VLocker@kbase@@@kbase@@AAEIPAX@Z
?Uninitialize@ReportHelper@business_publish@@QAEXXZ
?WaitKill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHK@Z
?WaitKill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHK@Z
?size@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEIXZ
?threadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@CGIPAX@Z
?threadFunImpl@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEHKPAX@Z

Sections

.text
Size: 652KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:4c:40:1c:8b:ab:87:27:28:10:54:a8:2e:d6:46:deCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

8d:7b:9f:25:1e:51:bc:40:37:dd:3c:15:fa:d5:25:46:31:a2:23:60:a8:a0:23:ce:ac:4e:c1:86:e1:a6:f1:dfSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 604KB

UPX1 Size: 365KB - Virtual size: 368KB

.rsrc Size: 125KB - Virtual size: 128KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 652KB - Virtual size: 650KB

.rdata Size: 148KB - Virtual size: 145KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 124KB - Virtual size: 123KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:4c:40:1c:8b:ab:87:27:28:10:54:a8:2e:d6:46:de
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

8d:7b:9f:25:1e:51:bc:40:37:dd:3c:15:fa:d5:25:46:31:a2:23:60:a8:a0:23:ce:ac:4e:c1:86:e1:a6:f1:df
Signer

UPX0
Size: - Virtual size: 604KB

UPX1
Size: 365KB - Virtual size: 368KB

.rsrc
Size: 125KB - Virtual size: 128KB

.text
Size: 652KB - Virtual size: 650KB

.rdata
Size: 148KB - Virtual size: 145KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 124KB - Virtual size: 123KB