OInstall[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

OInstall.exe
Size

11.6MB
MD5

405c0627a9dc679297862d62c712b05a
SHA1

66b33f9e5e9b517be3ae85d9a423129f272dc25a
SHA256

698aeb2888d4ed207eefb231937dfe3e9bbf8ceb0db6a961fe9010a2fddb8eb9
SHA512

bca6a39378cddd35e4ebe59c03d4ddb04826d1475d686e3e85350a18f6efc602d93548116f77e38cf3a998459d371e2241edc044836b585d87998b61c98fdf46
SSDEEP

196608:w3mifxMAExNyGUV9KhMqzFdhA1wREOVp5LpL2OcmmQ1L/sJ7GcI37lWhbX/PE56w:w3ffyH4V9KhMqzFdhyZOVp+OKe/+GR7R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

OInstall.exe
.exe windows x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49
Signer

Actual PE Digest

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZTeam

21-04-2023 09:05
Valid: false

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8e
Signer

Actual PE Digest

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZTeam

21-04-2023 09:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.5MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20.8MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49Signer

Signature Validations

Verification

21-04-2023 09:05 Valid: false

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8eSigner

Signature Validations

Verification

21-04-2023 09:05 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.7MB

UPX1 Size: 11.5MB - Virtual size: 11.6MB

.rsrc Size: 84KB - Virtual size: 88KB

Headers

File Characteristics

Sections

.code Size: 254KB - Virtual size: 254KB

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 20.8MB - Virtual size: 21.2MB

.rsrc Size: 83KB - Virtual size: 82KB

.modplug Size: - Virtual size: 20KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e7:e5:d5:09:4f:84:3b:17:74:28:56:87:a7:04:05:43:73:bc:5c:f9:23:ad:dd:32:fe:fb:2d:92:3f:14:e5:49
Signer

21-04-2023 09:05
Valid: false

34:37:30:ef:11:65:51:c2:40:fc:6a:99:bd:ba:2c:bb:01:f2:24:8e
Signer

21-04-2023 09:05
Valid: false

UPX0
Size: - Virtual size: 10.7MB

UPX1
Size: 11.5MB - Virtual size: 11.6MB

.rsrc
Size: 84KB - Virtual size: 88KB

.code
Size: 254KB - Virtual size: 254KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 20.8MB - Virtual size: 21.2MB

.rsrc
Size: 83KB - Virtual size: 82KB

.modplug
Size: - Virtual size: 20KB