ypsx_cloud[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ypsx_cloud.zip
Size

13.7MB
MD5

3968f836c4a3dbe9830923dc26d8328c
SHA1

4367cabb205af58e3136d953ea1cf3dcfb7c412c
SHA256

2e5eaf29c2e386f0a0cfb7f5a6b31b818d2b69adf458c01ed5215b71b660d809
SHA512

0f910a1c9f757fc8a4cd14976bb53e3e321331a92af67dcbc2fc7da78e9e871100cb2f2344ef2c003dd46013cf0858af55431655fc31dbdac8eae4c1951c8d76
SSDEEP

393216:jy2jVWL39UT+bkzcCOgh1SxSTE6hvTLAHoAPw3E:+sw8+bkgCOySITE6hvYlPw0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ypsx_cloud/rhc.exe

Files

ypsx_cloud.zip
.zip

Password: infected
ypsx_cloud/WDCloud.exe
.exe windows x64

60155971d4feb74909c80fc08ffd9524

Code Sign

51:36:bf:27:26:88:15:b8:eb:b5:cc:ab:c5:0a:33:40:95:4e:8f:04
Certificate

Issuer

CN=GPSX Software

Not Before

16/05/2023, 18:09

Not After

13/05/2033, 18:09

Subject

CN=GPSX Software

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ac:bc:5f:1d:f9:c6:5b:fa:24:f6:17:8f:cb:bf:18:6c:ef:02:3c:05
Signer

Actual PE Digest

ac:bc:5f:1d:f9:c6:5b:fa:24:f6:17:8f:cb:bf:18:6c:ef:02:3c:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ypsx_cloud/apx.xpi
.zip
ypsx_cloud/dist/_locales/cs/messages.json
ypsx_cloud/dist/_locales/de/messages.json
ypsx_cloud/dist/_locales/el/messages.json
ypsx_cloud/dist/_locales/en/messages.json
ypsx_cloud/dist/_locales/es/messages.json
ypsx_cloud/dist/_locales/es_419/messages.json
ypsx_cloud/dist/_locales/fi/messages.json
ypsx_cloud/dist/_locales/fr/messages.json
ypsx_cloud/dist/_locales/hr/messages.json
ypsx_cloud/dist/_locales/hu/messages.json
ypsx_cloud/dist/_locales/id/messages.json
ypsx_cloud/dist/_locales/it/messages.json
ypsx_cloud/dist/_locales/ja/messages.json
ypsx_cloud/dist/_locales/ko/messages.json
ypsx_cloud/dist/_locales/nl/messages.json
ypsx_cloud/dist/_locales/pl/messages.json
ypsx_cloud/dist/_locales/pt_BR/messages.json
ypsx_cloud/dist/_locales/pt_PT/messages.json
ypsx_cloud/dist/_locales/ro/messages.json
ypsx_cloud/dist/_locales/ru/messages.json
ypsx_cloud/dist/_locales/sk/messages.json
ypsx_cloud/dist/_locales/sr/messages.json
ypsx_cloud/dist/_locales/tr/messages.json
ypsx_cloud/dist/_locales/uk/messages.json
ypsx_cloud/dist/_locales/vi/messages.json
ypsx_cloud/dist/_locales/zh_CN/messages.json
ypsx_cloud/dist/_locales/zh_TW/messages.json
ypsx_cloud/dist/background/index.js
.js
ypsx_cloud/dist/common-ui.js
.js
ypsx_cloud/dist/common.js
.js
ypsx_cloud/dist/confirm/index.html
.html
ypsx_cloud/dist/confirm/index.js
.js
ypsx_cloud/dist/injected-web.js
.js
ypsx_cloud/dist/injected.js
.js
ypsx_cloud/dist/manifest.json
ypsx_cloud/dist/options/index.html
.html
ypsx_cloud/dist/options/index.js
.js
ypsx_cloud/dist/popup/index.html
.html
ypsx_cloud/dist/popup/index.js
.js
ypsx_cloud/dist/public/images/icon128.png
.png
ypsx_cloud/dist/public/images/icon16.png
.png
ypsx_cloud/dist/public/images/icon16b.png
.png
ypsx_cloud/dist/public/images/icon16w.png
.png
ypsx_cloud/dist/public/images/icon19.png
.png
ypsx_cloud/dist/public/images/icon19b.png
.png
ypsx_cloud/dist/public/images/icon19w.png
.png
ypsx_cloud/dist/public/images/icon32.png
.png
ypsx_cloud/dist/public/images/icon32b.png
.png
ypsx_cloud/dist/public/images/icon32w.png
.png
ypsx_cloud/dist/public/images/icon38.png
.png
ypsx_cloud/dist/public/images/icon38b.png
.png
ypsx_cloud/dist/public/images/icon38w.png
.png
ypsx_cloud/dist/public/images/icon48.png
.png
ypsx_cloud/dist/public/lib/codemirror.js
.js
ypsx_cloud/dist/public/lib/tldjs.js
.js
ypsx_cloud/dist/public/lib/z-worker.js
.js
ypsx_cloud/dist/public/lib/zip-no-worker.min.js
.js
ypsx_cloud/dist/welcome.html
.html
ypsx_cloud/logs.log
ypsx_cloud/pref.json
ypsx_cloud/rhc.exe
.exe windows x86

0b9ca80ff295945b3cf5762a07ef3d50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
WaitForSingleObject
CreateProcessA
ExitProcess
GetCommandLineA

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

60155971d4feb74909c80fc08ffd9524

Code Sign

51:36:bf:27:26:88:15:b8:eb:b5:cc:ab:c5:0a:33:40:95:4e:8f:04Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

ac:bc:5f:1d:f9:c6:5b:fa:24:f6:17:8f:cb:bf:18:6c:ef:02:3c:05Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 67KB

.pdata Size: 5KB - Virtual size: 5KB

.gehcont Size: 512B - Virtual size: 16B

.rsrc Size: 12.7MB - Virtual size: 12.7MB

.reloc Size: 2KB - Virtual size: 1KB

0b9ca80ff295945b3cf5762a07ef3d50

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 1024B - Virtual size: 766B

51:36:bf:27:26:88:15:b8:eb:b5:cc:ab:c5:0a:33:40:95:4e:8f:04
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

ac:bc:5f:1d:f9:c6:5b:fa:24:f6:17:8f:cb:bf:18:6c:ef:02:3c:05
Signer

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 5KB - Virtual size: 5KB

.gehcont
Size: 512B - Virtual size: 16B

.rsrc
Size: 12.7MB - Virtual size: 12.7MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 766B