OInstall[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OInstall.exe
Size

8.7MB
MD5

73e212aeeadb34208c86f79c17db82bd
SHA1

bd7e5e76f58799d3aab82da1b85a53b752d02b09
SHA256

bedd05fc986975c6eb07c05bba116de6d65e4db2a32f832e8c90efcb958655ae
SHA512

f62977063363286fa242592c447d34e0b2ac28b939a7dde68d22d21d871e8094efae6b28079cd4b14e3810e0ab46232b3996d5483d741d76e692cd76ac8ce812
SSDEEP

196608:AVp6uA/aD3Xb0iKeAyht5BT6Sw2u1CrZZRqMvOWDl2f01CzhRPcc:AVhnoi7/ht5BeSw2r5qMvNp2f0czhdcc

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Device/HarddiskVolume4/WINDOWS/OInstall.exe	aspack_v212_v242

Files

OInstall.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/WINDOWS/OInstall.exe
.exe windows x86

Password: S@ndb0x!2023@@

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb
Signer

Actual PE Digest

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZTeam

16/11/2018, 07:24
Valid: false

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15
Signer

Actual PE Digest

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WZTeam

16/11/2018, 07:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 36KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 273KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8.3MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msfree
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:ebSigner

Signature Validations

Verification

16/11/2018, 07:24 Valid: false

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15Signer

Signature Validations

Verification

16/11/2018, 07:24 Valid: false

Headers

File Characteristics

Sections

.code Size: 36KB - Virtual size: 192KB

.text Size: 273KB - Virtual size: 596KB

.rdata Size: 34KB - Virtual size: 116KB

.data Size: 8.3MB - Virtual size: 16.7MB

.rsrc Size: 1024B - Virtual size: 84KB

.modplug Size: - Virtual size: 20KB

.msfree Size: 88KB - Virtual size: 88KB

.adata Size: - Virtual size: 4KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb
Signer

16/11/2018, 07:24
Valid: false

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15
Signer

16/11/2018, 07:24
Valid: false

.code
Size: 36KB - Virtual size: 192KB

.text
Size: 273KB - Virtual size: 596KB

.rdata
Size: 34KB - Virtual size: 116KB

.data
Size: 8.3MB - Virtual size: 16.7MB

.rsrc
Size: 1024B - Virtual size: 84KB

.modplug
Size: - Virtual size: 20KB

.msfree
Size: 88KB - Virtual size: 88KB

.adata
Size: - Virtual size: 4KB