1ef8b49e8336bdaf13e438b89cb50fceacc5770ad31af49e4264555016747eaf

Sharing

Copy URL

Twitter E-mail

General

Target

1ef8b49e8336bdaf13e438b89cb50fceacc5770ad31af49e4264555016747eaf
Size

9.9MB
MD5

b96a2b7fd05215f9c8d2f7ba991043f3
SHA1

ef76540e4faf53d30315481ed6f881236587358d
SHA256

1ef8b49e8336bdaf13e438b89cb50fceacc5770ad31af49e4264555016747eaf
SHA512

ab1eebb2162a9e5bdf239e6b3873efc40ddfeb43bfee3ba1e5bef05f493866a9733f5eb8fa9d77a23738f1d2a9bcc9b3daba9edebc8d5a6cfdf57458f5df138d
SSDEEP

196608:FRoq+mornkDEFBhIOUxXuDkYdwm59JRmd0++I8OxdbHN41jC9SOXP8Vydq0Xyasw:FRoqGrnkwTQtYdrTX+0++I1xN8jIr0Vm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1ef8b49e8336bdaf13e438b89cb50fceacc5770ad31af49e4264555016747eaf
.exe windows:5 windows x86 arch:x86

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22-10-2008 12:07

Not After

31-12-2029 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17-04-2018 08:20

Not After

18-05-2027 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:87:bb:63:25:cf:0a:4e:d2:e0:bb:c1:86:9b:93:a8
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

04-08-2020 06:02

Not After

04-08-2021 06:02

Subject

CN=南阳多竹网络科技有限公司,O=南阳多竹网络科技有限公司,L=南阳市,ST=河南省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:85:a6:fc:43:ff:6b:f9:f7:b0:e7:b9:5a:6d:93:60:6f:58:6c:75:fe:3c:88:a7:f3:33:6e:58:f0:23:c9:42
Signer

Actual PE Digest

35:85:a6:fc:43:ff:6b:f9:f7:b0:e7:b9:5a:6d:93:60:6f:58:6c:75:fe:3c:88:a7:f3:33:6e:58:f0:23:c9:42

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:44:c0Certificate

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

20:87:bb:63:25:cf:0a:4e:d2:e0:bb:c1:86:9b:93:a8Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

35:85:a6:fc:43:ff:6b:f9:f7:b0:e7:b9:5a:6d:93:60:6f:58:6c:75:fe:3c:88:a7:f3:33:6e:58:f0:23:c9:42Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 9.8MB - Virtual size: 9.8MB

.rsrc Size: 57KB - Virtual size: 60KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 418KB - Virtual size: 418KB

.data Size: 25KB - Virtual size: 59KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 8.1MB - Virtual size: 8.1MB

.reloc Size: 133KB - Virtual size: 132KB

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

20:87:bb:63:25:cf:0a:4e:d2:e0:bb:c1:86:9b:93:a8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

35:85:a6:fc:43:ff:6b:f9:f7:b0:e7:b9:5a:6d:93:60:6f:58:6c:75:fe:3c:88:a7:f3:33:6e:58:f0:23:c9:42
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 9.8MB - Virtual size: 9.8MB

.rsrc
Size: 57KB - Virtual size: 60KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 418KB - Virtual size: 418KB

.data
Size: 25KB - Virtual size: 59KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

.reloc
Size: 133KB - Virtual size: 132KB