irsetup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

irsetup.exe
Size

1.3MB
MD5

e801c5847f5f9d207db53aaaf5c6f3a2
SHA1

8e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256

196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512

303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3
SSDEEP

24576:JBIWcmjuRli1R/zBUhmgI2TIhXlqLUxocktXo4SHS1CQAHgxs/r6da:jIWcmKRklqdTAqwxSXo4SHS1Fsl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

irsetup.exe
.exe windows x86

Code Sign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

Issuer

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

23/12/2022, 07:13

Not After

02/02/2026, 07:12

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06/02/2018, 12:21

Not After

21/08/2042, 18:21

Subject

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

Issuer

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Not Before

10/08/2022, 10:55

Not After

06/11/2033, 16:55

Subject

CN=Viking Cloud TWG Timestamping Responder 2022,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

10/08/2022, 10:18

Not After

10/08/2037, 10:18

Subject

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

Issuer

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

23/12/2022, 07:13

Not After

02/02/2026, 07:12

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06/02/2018, 12:21

Not After

21/08/2042, 18:21

Subject

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

Issuer

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Not Before

10/08/2022, 10:55

Not After

06/11/2033, 16:55

Subject

CN=Viking Cloud TWG Timestamping Responder 2022,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

10/08/2022, 10:18

Not After

10/08/2037, 10:18

Subject

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:c3:0e:83:0e:02:eb:e4:25:d9:86:0e:3d:38:aa:0b:cd:41:ce:92:e4:5a:fa:00:f5:a4:c3:5d:ca:01:80:c1
Signer

Actual PE Digest

98:c3:0e:83:0e:02:eb:e4:25:d9:86:0e:3d:38:aa:0b:cd:41:ce:92:e4:5a:fa:00:f5:a4:c3:5d:ca:01:80:c1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

12/01/2023, 00:54
Valid: true

Chain 1

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

0b:64:f4:4b:5b:d4:02:08:11:86:1c:c4:eb:99:96:e0:69:07:ad:e7
Signer

Actual PE Digest

0b:64:f4:4b:5b:d4:02:08:11:86:1c:c4:eb:99:96:e0:69:07:ad:e7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

12/01/2023, 00:54
Valid: true

Chain 1

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73Certificate

Extended Key Usages

Key Usages

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2aCertificate

Extended Key Usages

Key Usages

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9Certificate

Extended Key Usages

Key Usages

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73Certificate

Extended Key Usages

Key Usages

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2aCertificate

Extended Key Usages

Key Usages

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9Certificate

Extended Key Usages

Key Usages

98:c3:0e:83:0e:02:eb:e4:25:d9:86:0e:3d:38:aa:0b:cd:41:ce:92:e4:5a:fa:00:f5:a4:c3:5d:ca:01:80:c1Signer

Signature Validations

Verification

12/01/2023, 00:54 Valid: true

Chain 1

0b:64:f4:4b:5b:d4:02:08:11:86:1c:c4:eb:99:96:e0:69:07:ad:e7Signer

Signature Validations

Verification

12/01/2023, 00:54 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.6MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 687KB - Virtual size: 686KB

.data Size: 49KB - Virtual size: 154KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 289KB - Virtual size: 289KB

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

98:c3:0e:83:0e:02:eb:e4:25:d9:86:0e:3d:38:aa:0b:cd:41:ce:92:e4:5a:fa:00:f5:a4:c3:5d:ca:01:80:c1
Signer

12/01/2023, 00:54
Valid: true

0b:64:f4:4b:5b:d4:02:08:11:86:1c:c4:eb:99:96:e0:69:07:ad:e7
Signer

12/01/2023, 00:54
Valid: true

UPX0
Size: - Virtual size: 2.6MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 687KB - Virtual size: 686KB

.data
Size: 49KB - Virtual size: 154KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 289KB - Virtual size: 289KB