1c6828d9c7299c4a905d9e9e411e1ec0477e42b07f0797d606f7755f1cf2799eN

Sharing

Copy URL Twitter E-mail

General

Target

1c6828d9c7299c4a905d9e9e411e1ec0477e42b07f0797d606f7755f1cf2799eN
Size

567KB
MD5

b539c3d1d61d5319493cc505e31a8780
SHA1

3e4927e47d5ca265af6b2542aca2bdf1fe90b9bf
SHA256

1c6828d9c7299c4a905d9e9e411e1ec0477e42b07f0797d606f7755f1cf2799e
SHA512

a3ddbc426df8cc94e12305b34ae892b471d0b5f8f5d9c7ea35cdd2e2ab495511027d92d1b10e06e3426bfa351498748025a2c236eb8e02d6cb8d8c22673c2b88
SSDEEP

12288:OHDtavFLQQsaYEbW2wteWx22+79k60cQorMSwZyMA:OHD8v1JZadteWJH60horMsMA

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1c6828d9c7299c4a905d9e9e411e1ec0477e42b07f0797d606f7755f1cf2799eN
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:14:d3:8f:1f:7b:02:a5:c9:86:47:fe:97:2e:e4:72:f2
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

26/12/2014, 05:59

Not After

27/12/2015, 05:59

Subject

CN=深圳市星策网络科技有限公司,O=深圳市星策网络科技有限公司,L=深圳,ST=广东,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 824KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 509KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

11:21:14:d3:8f:1f:7b:02:a5:c9:86:47:fe:97:2e:e4:72:f2Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 824KB

UPX1 Size: 509KB - Virtual size: 512KB

.rsrc Size: 52KB - Virtual size: 56KB

Headers

File Characteristics

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 20KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 56KB - Virtual size: 56KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

11:21:14:d3:8f:1f:7b:02:a5:c9:86:47:fe:97:2e:e4:72:f2
Certificate

UPX0
Size: - Virtual size: 824KB

UPX1
Size: 509KB - Virtual size: 512KB

.rsrc
Size: 52KB - Virtual size: 56KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 20KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 56KB - Virtual size: 56KB