OInstall[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OInstall.exe
Size

8.7MB
MD5

65098ab60b405b4c994a68bfb48180f4
SHA1

7b69263ae7352495fa46e6513fb3c6204d71fe28
SHA256

2195dfbeb5c1d568ff8e25b9106a53d0f6d27cb3519331fa9b2a17c90c795943
SHA512

195556e8e66ba083b6cd95d2de86bc3a5c4da9de189c3ca238a9d49c2ffb02bdd8ef72e093383dd5fe740475c96cdb3290854480f2b16fff58cdf32c75a88a72
SSDEEP

196608:CDb/y8WyUYsyvMSLYQLzjQwLkZtlzj3jhxApc:C3/JW9/yvMcnlkf9A6

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Device/HarddiskVolume4/Windows/OInstall.exe	aspack_v212_v242

Files

OInstall.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Windows/OInstall.exe
.exe windows x86

Password: S@ndb0x!2023@@

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb
Signer

Actual PE Digest

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb

Digest Algorithm

sha256

PE Digest Matches

true

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15
Signer

Actual PE Digest

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 36KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 273KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8.3MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msfree
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:ebSigner

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15Signer

Headers

File Characteristics

Sections

.code Size: 36KB - Virtual size: 192KB

.text Size: 273KB - Virtual size: 596KB

.rdata Size: 34KB - Virtual size: 116KB

.data Size: 8.3MB - Virtual size: 16.7MB

.rsrc Size: 1024B - Virtual size: 84KB

.modplug Size: - Virtual size: 20KB

.msfree Size: 88KB - Virtual size: 88KB

.adata Size: - Virtual size: 4KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb
Signer

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15
Signer

.code
Size: 36KB - Virtual size: 192KB

.text
Size: 273KB - Virtual size: 596KB

.rdata
Size: 34KB - Virtual size: 116KB

.data
Size: 8.3MB - Virtual size: 16.7MB

.rsrc
Size: 1024B - Virtual size: 84KB

.modplug
Size: - Virtual size: 20KB

.msfree
Size: 88KB - Virtual size: 88KB

.adata
Size: - Virtual size: 4KB