c0cddef82ae95e993161eb4940235f3734b3e7269d5d21e7852104e70d99098fN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c0cddef82ae95e993161eb4940235f3734b3e7269d5d21e7852104e70d99098fN.exe
Size

1.1MB
MD5

5949b1306ae9f6fc2f59a78b9890ad60
SHA1

b1469de08d996551a42ef6214751a0a24b46c952
SHA256

c0cddef82ae95e993161eb4940235f3734b3e7269d5d21e7852104e70d99098f
SHA512

a881d4174ca493f5d650d7423e43cb797df677aa54274c1e4be04aac2c31467dade0798107c2d128618331473699364d6880a52ed0cab7b041a6439f5acb2de1
SSDEEP

24576:pPq7meZynVYEBu3OtBI9w1RWdPDLW+HJAFMrEH7L:pCSeZyVYE03OMeAJyH

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c0cddef82ae95e993161eb4940235f3734b3e7269d5d21e7852104e70d99098fN.exe
.dll windows:4 windows x86 arch:x86

577b7298b422298c03c83e7269517b5c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:eb:98:08:f9:4a:36:6f:2c:44:5d:4a:d6:62:85:1b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24-06-2024 00:00

Not After

22-06-2025 23:59

Subject

SERIALNUMBER=110111-1138985,CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:d1:bc:f7:89:b0:d1:6b:91:0e:77:7c:e9:b2:e9:9e:cb:38:17:06:ca:8b:e4:fd:da:d1:3b:2c:a7:d0:6f:e0
Signer

Actual PE Digest

c5:d1:bc:f7:89:b0:d1:6b:91:0e:77:7c:e9:b2:e9:9e:cb:38:17:06:ca:8b:e4:fd:da:d1:3b:2c:a7:d0:6f:e0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
DuplicateHandle
GetProcessId
GetProcAddress
GetModuleHandleA
VirtualAlloc
CompareStringW
GetThreadLocale
GlobalGetAtomNameW
GetModuleFileNameW
CompareStringA
GlobalGetAtomNameA
InterlockedExchange
GetThreadContext
CloseHandle
OpenProcess
GetSystemWindowsDirectoryW
GetTempPathW
GetFileAttributesW
LocalFree
GetCommandLineW
GetFileSize
GetSystemTimeAsFileTime
GetFileInformationByHandle
CreateFileW
Sleep
DeviceIoControl
CreateEventW
CancelIo
ReadFile
WriteFile
SetFilePointer
InterlockedIncrement
DeleteFileW
MoveFileW
SetFileAttributesW
GetFileTime
WaitForSingleObject
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
OutputDebugStringW
OutputDebugStringA
GetLocalTime
WideCharToMultiByte
ReleaseMutex
SetEvent
InterlockedDecrement
CreateMutexW
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
SetNamedPipeHandleState
WaitNamedPipeW
VirtualProtectEx
InitializeCriticalSectionAndSpinCount
GetComputerNameA
VerSetConditionMask
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
FlushFileBuffers
GetCurrentThreadId
GetTickCount
MultiByteToWideChar
SetLastError
GetModuleHandleW
GetEnvironmentVariableW
GetLastError
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
VirtualProtect
ResumeThread
FlushInstructionCache
SetThreadContext
SuspendThread
GetCurrentThread
VirtualQueryEx
LoadLibraryExW
LoadLibraryExA
RtlUnwind
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleInformation

advapi32

IsTextUnicode
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

GetWindowThreadProcessId
GetSystemMetrics
ToUnicode

ws2_32

inet_ntoa
getsockopt
WSASetLastError
htons

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

oleaut32

SysFreeString
SysAllocString

shell32

CommandLineToArgvW

ole32

StringFromGUID2
CoTaskMemFree
StringFromCLSID

shlwapi

PathIsNetworkPathW

Exports

Exports

1

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

577b7298b422298c03c83e7269517b5c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:eb:98:08:f9:4a:36:6f:2c:44:5d:4a:d6:62:85:1bCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c5:d1:bc:f7:89:b0:d1:6b:91:0e:77:7c:e9:b2:e9:9e:cb:38:17:06:ca:8b:e4:fd:da:d1:3b:2c:a7:d0:6f:e0Signer

Headers

File Characteristics

Imports

kernel32

psapi

advapi32

user32

ws2_32

version

oleaut32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 231KB - Virtual size: 231KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 91KB - Virtual size: 106KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.UPX0 Size: 659KB - Virtual size: 659KB

.reloc Size: 13KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:eb:98:08:f9:4a:36:6f:2c:44:5d:4a:d6:62:85:1b
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c5:d1:bc:f7:89:b0:d1:6b:91:0e:77:7c:e9:b2:e9:9e:cb:38:17:06:ca:8b:e4:fd:da:d1:3b:2c:a7:d0:6f:e0
Signer

.text
Size: 231KB - Virtual size: 231KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 91KB - Virtual size: 106KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.UPX0
Size: 659KB - Virtual size: 659KB

.reloc
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB