hwi_7425[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

hwi_7425.zip
Size

9.8MB
MD5

972258cf9e58cc9428b9f49561ef2647
SHA1

0ca8ddc86d0f0f31b632319751494297e0f00058
SHA256

7d9f0897bc80909d132c85c2cb02d3f6c232613d367dfca97c405c350fb8806a
SHA512

4a17527021841fb7f5fc19b74c0fe182422de95e4ed19a723fc651aaa63d85713f7e04897633ccc71fe1049a868c3e1366e30f6a1bbae13a9576896130ce9f4e
SSDEEP

196608:enBD3PL8SLr9YevplOUPpqyTlbOb6zt9NvCJ0faKJ7nkZVM/WbVfhW:od3jr9XpbqyJbOMtfvCJ0faa/WbVfY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HWiNFO32.exe	upx
static1/unpack001/HWiNFO64.exe	upx

Files

hwi_7425.zip
.zip
HWiNFO32.exe
.exe windows x86

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

13/08/2021, 00:00

Not After

12/08/2024, 00:00

Subject

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:f1:bf:63:e3:cb:fc:d5:73:2f:ca:e6:8f:cb:0c:05:68:b7:8b:3a:31:4d:48:78:4b:f0:3d:40:08:7b:ac:8d
Signer

Actual PE Digest

c2:f1:bf:63:e3:cb:fc:d5:73:2f:ca:e6:8f:cb:0c:05:68:b7:8b:3a:31:4d:48:78:4b:f0:3d:40:08:7b:ac:8d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

30/03/2023, 06:58
Valid: true

Chain 1

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWiNFO64.exe
.exe windows x64

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

13/08/2021, 00:00

Not After

12/08/2024, 00:00

Subject

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:d5:41:dd:9e:a1:22:9a:e3:0a:83:f1:73:54:c9:fd:c4:b7:e4:59:d6:dc:16:98:b9:ce:2d:a7:34:6d:00:7d
Signer

Actual PE Digest

f2:d5:41:dd:9e:a1:22:9a:e3:0a:83:f1:73:54:c9:fd:c4:b7:e4:59:d6:dc:16:98:b9:ce:2d:a7:34:6d:00:7d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

30/03/2023, 06:58
Valid: true

Chain 1

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 12.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c2:f1:bf:63:e3:cb:fc:d5:73:2f:ca:e6:8f:cb:0c:05:68:b7:8b:3a:31:4d:48:78:4b:f0:3d:40:08:7b:ac:8dSigner

Signature Validations

Verification

30/03/2023, 06:58 Valid: true

Chain 1

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.6MB

UPX1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 84KB - Virtual size: 88KB

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f2:d5:41:dd:9e:a1:22:9a:e3:0a:83:f1:73:54:c9:fd:c4:b7:e4:59:d6:dc:16:98:b9:ce:2d:a7:34:6d:00:7dSigner

Signature Validations

Verification

30/03/2023, 06:58 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 12.7MB

UPX1 Size: 7.0MB - Virtual size: 7.0MB

.rsrc Size: 120KB - Virtual size: 120KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c2:f1:bf:63:e3:cb:fc:d5:73:2f:ca:e6:8f:cb:0c:05:68:b7:8b:3a:31:4d:48:78:4b:f0:3d:40:08:7b:ac:8d
Signer

30/03/2023, 06:58
Valid: true

UPX0
Size: - Virtual size: 6.6MB

UPX1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 84KB - Virtual size: 88KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f2:d5:41:dd:9e:a1:22:9a:e3:0a:83:f1:73:54:c9:fd:c4:b7:e4:59:d6:dc:16:98:b9:ce:2d:a7:34:6d:00:7d
Signer

30/03/2023, 06:58
Valid: true

UPX0
Size: - Virtual size: 12.7MB

UPX1
Size: 7.0MB - Virtual size: 7.0MB

.rsrc
Size: 120KB - Virtual size: 120KB