irsetup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

irsetup.exe
Size

1.3MB
MD5

9ccf7ce8b92bdb4e94edace9bc52943b
SHA1

c2a58b4dee453876152d82238c2d74c8ec71c209
SHA256

999e88f074bb3f1dc316e52df5b9f9ac21b45533c70e178f089368067543d4c7
SHA512

dcc1f8b2b5e0c1a6cc156c3f5b26d8fbfa503fdb9a588c52bd4e28040dad005ebf1d02649022dace6e7c00c17fff1bf27eab18043c2226793add29ae0a527efa
SSDEEP

24576:vBIWcmjuRli1R/zBUhmgI2TIhXlqLUxocktXo4SHS1CQAHgxs/r65H:pIWcmKRklqdTAqwxSXo4SHS1FsM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

irsetup.exe
.exe windows x86

Code Sign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

Issuer

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

23/12/2022, 07:13

Not After

02/02/2026, 07:12

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06/02/2018, 12:21

Not After

21/08/2042, 18:21

Subject

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

Issuer

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Not Before

10/08/2022, 10:55

Not After

06/11/2033, 16:55

Subject

CN=Viking Cloud TWG Timestamping Responder 2022,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

10/08/2022, 10:18

Not After

10/08/2037, 10:18

Subject

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

Issuer

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

23/12/2022, 07:13

Not After

02/02/2026, 07:12

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06/02/2018, 12:21

Not After

21/08/2042, 18:21

Subject

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

Issuer

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Not Before

10/08/2022, 10:55

Not After

06/11/2033, 16:55

Subject

CN=Viking Cloud TWG Timestamping Responder 2022,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

10/08/2022, 10:18

Not After

10/08/2037, 10:18

Subject

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6
Signer

Actual PE Digest

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6

Digest Algorithm

sha256

PE Digest Matches

true

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5
Signer

Actual PE Digest

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73Certificate

Extended Key Usages

Key Usages

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2aCertificate

Extended Key Usages

Key Usages

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9Certificate

Extended Key Usages

Key Usages

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73Certificate

Extended Key Usages

Key Usages

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2aCertificate

Extended Key Usages

Key Usages

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9Certificate

Extended Key Usages

Key Usages

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6Signer

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.6MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 687KB - Virtual size: 686KB

.data Size: 49KB - Virtual size: 154KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 289KB - Virtual size: 289KB

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6
Signer

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5
Signer

UPX0
Size: - Virtual size: 2.6MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 687KB - Virtual size: 686KB

.data
Size: 49KB - Virtual size: 154KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 289KB - Virtual size: 289KB