youUp[.]dat | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

youUp.dat
Size

335KB
MD5

124a1ecde0dc1b0fa212b2f5b1ac5943
SHA1

961063415b239e9fc6e2c88a0252ef22e4cd2b8c
SHA256

2f478b6d30f061323a35c4341799cd770feb8c588a7dad43f0ddfc311d34675a
SHA512

01d8348183b4b7d673698cb8536a695801dfde4860810a68001708280f79171713f5e81703b6d2d9f892e42cbdb2930cb41cac380ebe1a5d041dd96dcf32f527
SSDEEP

6144:gwsfRZPlPfUKafY3qO1nEdYNSvPGeUC3oMQvbrhJGEirDbZo9/SIaETWi10D8hDS:gwA/EKafY7O3UIoXvbrWEir3Aa2WWc0c

Score

N/A

Malware Config

Signatures

Files

youUp.dat
.dll regsvr32 windows x86

b2ea4d310b351c0e61231e20cf409ad7

Code Sign

1d:ee:a1:79:f5:75:7f:e5:29:04:35:77:76:24:19:df
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

21-02-2022 00:00

Not After

21-02-2023 23:59

Subject

CN=SPIRIT CONSULTING s. r. o.,O=SPIRIT CONSULTING s. r. o.,ST=Trnavský kraj,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:14:98:0a:12:8e:bb:f7:89:2c:90:b2:29:4e:92:23:bc:39:d0:37
Signer

Actual PE Digest

9a:14:98:0a:12:8e:bb:f7:89:2c:90:b2:29:4e:92:23:bc:39:d0:37

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SPIRIT CONSULTING s. r. o.,O=SPIRIT CONSULTING s. r. o.,ST=Trnavský kraj,C=SK

23-06-2022 17:33
Valid: true

Chain 1

CN=SPIRIT CONSULTING s. r. o.,O=SPIRIT CONSULTING s. r. o.,ST=Trnavský kraj,C=SK

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileSize
SetEndOfFile
WriteFile
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
HeapWalk
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
OpenThread
VirtualAlloc
MapViewOfFile
UnmapViewOfFile
GetProcAddress
CreateFileMappingA
LoadLibraryA
CreateActCtxA
ActivateActCtx

Exports

Exports

DllInstall
DllRegisterServer
HiefplnBaydof

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2ea4d310b351c0e61231e20cf409ad7

Code Sign

1d:ee:a1:79:f5:75:7f:e5:29:04:35:77:76:24:19:dfCertificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

9a:14:98:0a:12:8e:bb:f7:89:2c:90:b2:29:4e:92:23:bc:39:d0:37Signer

Signature Validations

Verification

23-06-2022 17:33 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 105KB - Virtual size: 105KB

.reloc Size: 1KB - Virtual size: 1KB

1d:ee:a1:79:f5:75:7f:e5:29:04:35:77:76:24:19:df
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

9a:14:98:0a:12:8e:bb:f7:89:2c:90:b2:29:4e:92:23:bc:39:d0:37
Signer

23-06-2022 17:33
Valid: true

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 105KB - Virtual size: 105KB

.reloc
Size: 1KB - Virtual size: 1KB