OInstall[.]exe

Resubmissions

04/09/2023, 04:28

230904-e336aadf5x 7

03/09/2023, 19:48

230903-yjcnrsbg9t 7

Sharing

Copy URL Twitter E-mail

General

Target

OInstall.exe
Size

8.7MB
MD5

5a64b77962036551c41c089adec9a36c
SHA1

edffdd11f0408d9358f8b95aa1617f2b69d6a497
SHA256

026a6677cff9c9765aa7b161b90fbcfd84b974d18614332ccb8a9737c5853583
SHA512

72b4b27243c6398fa0efa9c206ea9804430a1d5e2538a84381c75308532b036fb7b605064a32b4ef07d4dc72cac9e3bbc3cca0af700eb704d18ea4282ae362bc
SSDEEP

196608:PW1uuxYzxd0vFgNfZXLFCNSfsCfhpeooJ/6aPsfhAOtvzHJRSRP:RFFdcuLFsCqooJyrnjLQP

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Device/HarddiskVolume4/Windows/OInstall.exe	aspack_v212_v242

Files

OInstall.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Windows/OInstall.exe
.exe windows x86

Password: S@ndb0x!2023@@

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb
Signer

Actual PE Digest

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb

Digest Algorithm

sha256

PE Digest Matches

true

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15
Signer

Actual PE Digest

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 36KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 273KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8.3MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msfree
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:ebSigner

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15Signer

Headers

File Characteristics

Sections

.code Size: 36KB - Virtual size: 192KB

.text Size: 273KB - Virtual size: 596KB

.rdata Size: 34KB - Virtual size: 116KB

.data Size: 8.3MB - Virtual size: 16.7MB

.rsrc Size: 1024B - Virtual size: 84KB

.modplug Size: - Virtual size: 20KB

.msfree Size: 88KB - Virtual size: 88KB

.adata Size: - Virtual size: 4KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

9a:dd:54:ef:30:2b:62:32:73:93:73:92:44:ec:a6:c9:b2:e5:1f:1e:b7:7d:7a:38:97:22:13:b5:4c:df:61:eb
Signer

79:36:96:fc:86:79:49:5d:63:65:02:27:41:c0:e3:73:04:ea:2d:15
Signer

.code
Size: 36KB - Virtual size: 192KB

.text
Size: 273KB - Virtual size: 596KB

.rdata
Size: 34KB - Virtual size: 116KB

.data
Size: 8.3MB - Virtual size: 16.7MB

.rsrc
Size: 1024B - Virtual size: 84KB

.modplug
Size: - Virtual size: 20KB

.msfree
Size: 88KB - Virtual size: 88KB

.adata
Size: - Virtual size: 4KB