dopus[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dopus.exe
Size

11.4MB
MD5

e38d0b833f14a4e62545db2aaf2b3de4
SHA1

1ee636e43961d34b975ea13f3a772f31ae54c3ac
SHA256

b257e90e564d6ea9ce461b6f874683ec0abdecc2dd4cefd37775a637485b7179
SHA512

ef7d6437fa6d85a34d8ee3b520d2d411ee2af059fa16ca85bf2137927e04fe677ffdd5667e6f9fd5a2378dd7c70698b9767ff825bc4c54309f338abbbd2edc48
SSDEEP

196608:Tkm3610Y6Z8CEYPqMT8oEsDsfUa3Xilj2jScND1vcK5JBr/6J1DDCpcH/APLw:TkAY6Z1EYhHDoiXctFcK5z204V

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

dopus.exe
.exe windows x64

Code Sign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-09-2011 00:00

Not After

01-09-2014 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-09-2011 00:00

Not After

01-09-2014 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:f6:c1:80:bb:ae:21:6a:11:37:c0:1e:7b:97:a8:f6:8b:91:90:29:c7:fd:b1:32:1c:bc:5f:69:b7:df:9b:2a
Signer

Actual PE Digest

2f:f6:c1:80:bb:ae:21:6a:11:37:c0:1e:7b:97:a8:f6:8b:91:90:29:c7:fd:b1:32:1c:bc:5f:69:b7:df:9b:2a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

24-11-2022 14:54
Valid: false

0f:46:8d:69:f1:ee:7a:1d:14:d4:28:16:0c:5d:c7:2f:ed:32:82:d4
Signer

Actual PE Digest

0f:46:8d:69:f1:ee:7a:1d:14:d4:28:16:0c:5d:c7:2f:ed:32:82:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

24-11-2022 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

AddDialogResizerCtl
AddFunctionFileChangeA
AddFunctionFileChangeW
AllocPatternMatch
BumpFileNameA
BumpFileNameW
CalcCRC32
CheckGlobalFilter
CreateBusyIndicator
CreateButtonIcons
CreateDIBitmapWrapper
CreateDialogResizer
CreateLangDlg
CreateLangDlgEx
DOLoadImage
DOpusChooseFontA
DOpusChooseFontW
DOpusColorPicker
DoPatternMatch
DpiAwareAddIconsToImageList
DpiDivide
DpiScale
DrawGlyph
DrawPictureFrameInDIB
DummyExeFunction1ToAvoidSymbolConfusion
DummyExeFunction2ToAvoidSymbolConfusion
FilterFunctionFileA
FilterFunctionFileExA
FilterFunctionFileExW
FilterFunctionFileW
FreeDialogResizer
FreePatternMatch
GetAndFilterDialogTemplate
GetArchiveCreationData
GetConfigPathA
GetConfigPathW
GetDIBitsWrapper
GetFunctionWildcardNameArgs
GetFunctionWindow
GetFunctionWindowEx
GetGlyphSize
GetInlineProgressType
GetLangDlg
GetLangDlgEx
GetPluginElevator
GetProgramDirA
GetProgramDirW
GetSetWallpaperFile
GetString
GetThumbnailPrefs
GetWildNewNameA
GetWildNewNameW
HandleDialogResizerMsg
HashChunk
HashEnd
HashFree
HashInit
HideBusyIndicator
HideInlineProgress
HttpHelpEnabled
IsHighDpi
IsListerThread
IsOpusLight
IsUSBInstall
LangDlgBox
LangDlgBoxEx
LoadOrSaveConfigA
LoadOrSaveConfigW
MapWallpaperStyleNameToId
NumToStrBytesizeW
NumToStrDWordLongW
NumToStrDWordW
NumToStrDoubleW
NumToStrIntW
NumToStrTimeSecsW
OPENSSL_Applink
OpusCoFreeUnusedLibraries
OpusGetDateFormatW
OpusGetTimeFormatW
OpusRegCheckElevation
OpusRegCloseKey
OpusRegCreateKeyW
OpusRegDeleteKeyW
OpusRegDeleteValueW
OpusRegOpenKeyW
OpusRegQueryValueW
OpusRegSetValueW
PluginFixAllVistaCombos
PluginFixVistaCombo
PluginFixVistaComboHandleMeasureAndDraw
QueryPasswordPromptSuppression
RemoveBusyIndicator
SetDIBitsToDeviceWrapper
SetDIBitsWrapper
SetInlineProgressMarquee
SetInlineProgressText
SetInlineProgressValues
SetOpusWindowIcon
SetWallpaperImage
ShowBitmapExpandScroll
ShowBusyIndicator
ShowErrorDlgA
ShowErrorDlgW
ShowFunctionDeleteDlgA
ShowFunctionDeleteDlgW
ShowFunctionErrorDlgA
ShowFunctionErrorDlgW
ShowFunctionInitialDeleteDlgA
ShowFunctionInitialDeleteDlgW
ShowFunctionNewNameDlgA
ShowFunctionNewNameDlgW
ShowFunctionReplaceDlgA
ShowFunctionReplaceDlgW
ShowInlineProgress
ShowPluginHelp
ShowRequestDlgA
ShowRequestDlgW
ShowWarningIfProblemCausedByWindowBlinds
StretchDIBitsWrapper
ThumbnailCacheControl
UpdateBusyIndicator
UpdateFunctionProgressBar
XMLAddChildNodeA
XMLAddChildNodeW
XMLCreateFile
XMLDeleteAllChildNodes
XMLDeleteAllNodeAttributes
XMLDeleteChild
XMLDeleteNodeAttributeA
XMLDeleteNodeAttributeW
XMLEnumChildNodesA
XMLEnumChildNodesW
XMLFindChildNodeA
XMLFindChildNodeW
XMLFirstChildNode
XMLFreeFile
XMLGetNodeAttributeA
XMLGetNodeAttributeW
XMLGetNodeBinaryValue
XMLGetNodeBoolAttributeA
XMLGetNodeBoolAttributeW
XMLGetNodeBoolValue
XMLGetNodeDWORDAttributeA
XMLGetNodeDWORDAttributeW
XMLGetNodeDWORDLONGAttributeA
XMLGetNodeDWORDLONGAttributeW
XMLGetNodeDWORDLONGValue
XMLGetNodeDWORDValue
XMLGetNodeIntAttributeA
XMLGetNodeIntAttributeW
XMLGetNodeIntValue
XMLGetNodeLOGFONTValueA
XMLGetNodeLOGFONTValueExA
XMLGetNodeLOGFONTValueExW
XMLGetNodeLOGFONTValueW
XMLGetNodeNameA
XMLGetNodeNameW
XMLGetNodeValueA
XMLGetNodeValueW
XMLLoadData
XMLLoadFileA
XMLLoadFileW
XMLNextNode
XMLSaveData
XMLSaveFileA
XMLSaveFileW
XMLSetNodeAttributeA
XMLSetNodeAttributeW
XMLSetNodeBinaryValue
XMLSetNodeBoolAttributeA
XMLSetNodeBoolAttributeW
XMLSetNodeBoolValue
XMLSetNodeDWORDAttributeA
XMLSetNodeDWORDAttributeW
XMLSetNodeDWORDLONGAttributeA
XMLSetNodeDWORDLONGAttributeW
XMLSetNodeDWORDLONGValue
XMLSetNodeDWORDValue
XMLSetNodeIntAttributeA
XMLSetNodeIntAttributeW
XMLSetNodeIntValue
XMLSetNodeLOGFONTValueA
XMLSetNodeLOGFONTValueW
XMLSetNodeNameA
XMLSetNodeNameW
XMLSetNodeValueA
XMLSetNodeValueW

Sections

UPX0
Size: - Virtual size: 17.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2f:f6:c1:80:bb:ae:21:6a:11:37:c0:1e:7b:97:a8:f6:8b:91:90:29:c7:fd:b1:32:1c:bc:5f:69:b7:df:9b:2aSigner

Signature Validations

Verification

24-11-2022 14:54 Valid: false

0f:46:8d:69:f1:ee:7a:1d:14:d4:28:16:0c:5d:c7:2f:ed:32:82:d4Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 17.6MB

UPX1 Size: 6.8MB - Virtual size: 6.8MB

.rsrc Size: 4.6MB - Virtual size: 4.6MB

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2f:f6:c1:80:bb:ae:21:6a:11:37:c0:1e:7b:97:a8:f6:8b:91:90:29:c7:fd:b1:32:1c:bc:5f:69:b7:df:9b:2a
Signer

24-11-2022 14:54
Valid: false

0f:46:8d:69:f1:ee:7a:1d:14:d4:28:16:0c:5d:c7:2f:ed:32:82:d4
Signer

24-11-2022 14:54
Valid: false

UPX0
Size: - Virtual size: 17.6MB

UPX1
Size: 6.8MB - Virtual size: 6.8MB

.rsrc
Size: 4.6MB - Virtual size: 4.6MB