g2a_rs_installer_midwestbiodiversityinst[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

g2a_rs_installer_midwestbiodiversityinst.exe
Size

3.6MB
MD5

7cf18189deafdde67c324aa11603307c
SHA1

dac0cd57d07bb09facb82b750835dfe6f8ca88c0
SHA256

0f9ad8045e458c16df4455c4e7642c8cfa981104c10a428ac2b3e6e1c20b6a5a
SHA512

79f9c505a8455a289593a95af581c95e938dc2385d7f281119afb0898cc24a1f6dbc57458b496dffd260f208f18f77ed8bb85359eadef71b7a9b9e26fea59fef
SSDEEP

98304:vYALeS5AqZ5gdpvObCQ8xjQlnzys9VltGT:vB3Z5gdpmbCQ8NyzysvQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

g2a_rs_installer_midwestbiodiversityinst.exe
.exe windows x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:ad:9c:d6:fa:79:f4:59:90:91:3f:f5:4f:e9:25:6e:cf:8c:b6:fc:8b:b6:f0:33:d6:c6:b7:59:9a:8e:53:ac
Signer

Actual PE Digest

7d:ad:9c:d6:fa:79:f4:59:90:91:3f:f5:4f:e9:25:6e:cf:8c:b6:fc:8b:b6:f0:33:d6:c6:b7:59:9a:8e:53:ac

Digest Algorithm

sha256

PE Digest Matches

true

a0:b5:8c:b4:41:1c:e6:7b:54:74:c3:fb:1e:5b:5e:45:cd:8c:39:b9
Signer

Actual PE Digest

a0:b5:8c:b4:41:1c:e6:7b:54:74:c3:fb:1e:5b:5e:45:cd:8c:39:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 26.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7d:ad:9c:d6:fa:79:f4:59:90:91:3f:f5:4f:e9:25:6e:cf:8c:b6:fc:8b:b6:f0:33:d6:c6:b7:59:9a:8e:53:acSigner

a0:b5:8c:b4:41:1c:e6:7b:54:74:c3:fb:1e:5b:5e:45:cd:8c:39:b9Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 26.8MB

UPX1 Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 294KB - Virtual size: 296KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7d:ad:9c:d6:fa:79:f4:59:90:91:3f:f5:4f:e9:25:6e:cf:8c:b6:fc:8b:b6:f0:33:d6:c6:b7:59:9a:8e:53:ac
Signer

a0:b5:8c:b4:41:1c:e6:7b:54:74:c3:fb:1e:5b:5e:45:cd:8c:39:b9
Signer

UPX0
Size: - Virtual size: 26.8MB

UPX1
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 294KB - Virtual size: 296KB