SecuriteInfo[.]com[.]BScope[.]TrojanDropper[.]Delf[.]11250[.]16787[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.BScope.TrojanDropper.Delf.11250.16787.exe
Size

899KB
MD5

aba5e6d69b6368c4a62505a69a74daa4
SHA1

13c6e182a7a81de2bfa29747d558cc516a765b35
SHA256

9219ffcd2d2d44161fbceb56bc05a6efde9c1b2be3bee6d1d110523e8b4f7b70
SHA512

500f313108663632365ff11d5d80e524bc5b04515d01572d70ff739dc03ffe069c3fdf1047009b31c65cda5d2fe822e674592784903783f73a1006b2860f0c6b
SSDEEP

24576:NuSMRieZHpfqcscpkHE+mJnOetpcxIGRRBvfFt:VQRpqncpkHE+mJn/tpLGRRF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

SecuriteInfo.com.BScope.TrojanDropper.Delf.11250.16787.exe
.exe windows:4 windows x86 arch:x86

Code Sign

96:30:57:ef:80:dd:7f:df:80:6f:26:a9:68:a0:fd:f0
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/12/2020, 00:00

Not After

14/12/2023, 23:59

Subject

CN=Aidex GmbH,O=Aidex GmbH,POSTALCODE=59555,STREET=Goethestr. 29,L=Lippstadt,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:28:e3:73:80:85:e5:7b:41:a6:61:bc:50:a7:62:35:99:6c:86:a3:f5:48:30:e4:86:88:d3:9a:9f:49:d5:1e
Signer

Actual PE Digest

3b:28:e3:73:80:85:e5:7b:41:a6:61:bc:50:a7:62:35:99:6c:86:a3:f5:48:30:e4:86:88:d3:9a:9f:49:d5:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

96:30:57:ef:80:dd:7f:df:80:6f:26:a9:68:a0:fd:f0Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3b:28:e3:73:80:85:e5:7b:41:a6:61:bc:50:a7:62:35:99:6c:86:a3:f5:48:30:e4:86:88:d3:9a:9f:49:d5:1eSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 356KB

UPX1 Size: 215KB - Virtual size: 216KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 453KB - Virtual size: 453KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 31KB - Virtual size: 30KB

.rsrc Size: 28KB - Virtual size: 28KB

96:30:57:ef:80:dd:7f:df:80:6f:26:a9:68:a0:fd:f0
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3b:28:e3:73:80:85:e5:7b:41:a6:61:bc:50:a7:62:35:99:6c:86:a3:f5:48:30:e4:86:88:d3:9a:9f:49:d5:1e
Signer

UPX0
Size: - Virtual size: 356KB

UPX1
Size: 215KB - Virtual size: 216KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 453KB - Virtual size: 453KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 28KB - Virtual size: 28KB