dopus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dopus.exe
Size

11.4MB
MD5

1cd305a0fa2967758bd60367204da52d
SHA1

7d180e91e23f11b1c852ad94367c6a9f70e89924
SHA256

955d45c6a24840675c9098d5307692e416ad5a36040b88b901846cb3ce504b1d
SHA512

c9c8d82187ee577daa01b08f41dae3d9c9775d98f56c85316cbaa184fd13ddaeffeedc4636d0ac2a8a9c1f1d6fba6f6b0710d76576eca6ce38bc3de75c7f2615
SSDEEP

196608:NQb/vB4OCwNUJEKo2aC2Fx3qJupHZ9ZxgRv1uz6Zc8tgC+:N2/vB4OCK/qJup57xO9F9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

dopus.exe
.exe windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:d3:4b:e7:10:bf:b9:c1:91:02:24:7b:37:fd:14:c4
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

12/07/2017, 00:00

Not After

27/09/2020, 23:59

Subject

CN=GP Software,O=GP Software,L=Ashgrove,ST=Queensland,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:d3:4b:e7:10:bf:b9:c1:91:02:24:7b:37:fd:14:c4
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

12/07/2017, 00:00

Not After

27/09/2020, 23:59

Subject

CN=GP Software,O=GP Software,L=Ashgrove,ST=Queensland,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:21:93:49:fa:d6:b7:8d:45:d5:96:a4:3f:3f:06:55:d3:5d:06:46:fa:1f:d4:6d:59:aa:38:3c:33:91:52:bd
Signer

Actual PE Digest

10:21:93:49:fa:d6:b7:8d:45:d5:96:a4:3f:3f:06:55:d3:5d:06:46:fa:1f:d4:6d:59:aa:38:3c:33:91:52:bd

Digest Algorithm

sha256

PE Digest Matches

false

16:8c:c1:37:5d:46:2b:7b:11:ad:9e:ff:fc:ff:35:06:c6:32:58:07
Signer

Actual PE Digest

16:8c:c1:37:5d:46:2b:7b:11:ad:9e:ff:fc:ff:35:06:c6:32:58:07

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

AddDialogResizerCtl
AddFunctionFileChangeA
AddFunctionFileChangeW
AllocPatternMatch
BumpFileNameA
BumpFileNameW
CalcCRC32
CheckGlobalFilter
CreateBusyIndicator
CreateButtonIcons
CreateDIBitmapWrapper
CreateDialogResizer
CreateLangDlg
CreateLangDlgEx
DOLoadImage
DOpusChooseFontA
DOpusChooseFontW
DOpusColorPicker
DoPatternMatch
DpiAwareAddIconsToImageList
DpiDivide
DpiScale
DrawGlyph
DrawPictureFrameInDIB
DummyExeFunction1ToAvoidSymbolConfusion
DummyExeFunction2ToAvoidSymbolConfusion
FilterFunctionFileA
FilterFunctionFileExA
FilterFunctionFileExW
FilterFunctionFileW
FreeDialogResizer
FreePatternMatch
GetAndFilterDialogTemplate
GetArchiveCreationData
GetConfigPathA
GetConfigPathW
GetDIBitsWrapper
GetFunctionWildcardNameArgs
GetFunctionWindow
GetFunctionWindowEx
GetGlyphSize
GetInlineProgressType
GetLangDlg
GetLangDlgEx
GetPluginElevator
GetProgramDirA
GetProgramDirW
GetSetWallpaperFile
GetString
GetThumbnailPrefs
GetWildNewNameA
GetWildNewNameW
HandleDialogResizerMsg
HashChunk
HashEnd
HashFree
HashInit
HideBusyIndicator
HideInlineProgress
HttpHelpEnabled
IsHighDpi
IsListerThread
IsOpusLight
IsUSBInstall
LangDlgBox
LangDlgBoxEx
LoadOrSaveConfigA
LoadOrSaveConfigW
MapWallpaperStyleNameToId
NumToStrBytesizeW
NumToStrDWordLongW
NumToStrDWordW
NumToStrDoubleW
NumToStrIntW
NumToStrTimeSecsW
OPENSSL_Applink
OpusCoFreeUnusedLibraries
OpusGetDateFormatW
OpusGetTimeFormatW
OpusRegCheckElevation
OpusRegCloseKey
OpusRegCreateKeyW
OpusRegDeleteKeyW
OpusRegDeleteValueW
OpusRegOpenKeyW
OpusRegQueryValueW
OpusRegSetValueW
PluginFixAllVistaCombos
PluginFixVistaCombo
PluginFixVistaComboHandleMeasureAndDraw
QueryPasswordPromptSuppression
RemoveBusyIndicator
SetDIBitsToDeviceWrapper
SetDIBitsWrapper
SetInlineProgressMarquee
SetInlineProgressText
SetInlineProgressValues
SetOpusWindowIcon
SetWallpaperImage
ShowBitmapExpandScroll
ShowBusyIndicator
ShowErrorDlgA
ShowErrorDlgW
ShowFunctionDeleteDlgA
ShowFunctionDeleteDlgW
ShowFunctionErrorDlgA
ShowFunctionErrorDlgW
ShowFunctionInitialDeleteDlgA
ShowFunctionInitialDeleteDlgW
ShowFunctionNewNameDlgA
ShowFunctionNewNameDlgW
ShowFunctionReplaceDlgA
ShowFunctionReplaceDlgW
ShowInlineProgress
ShowPluginHelp
ShowRequestDlgA
ShowRequestDlgW
ShowWarningIfProblemCausedByWindowBlinds
StretchDIBitsWrapper
ThumbnailCacheControl
UpdateBusyIndicator
UpdateFunctionProgressBar
XMLAddChildNodeA
XMLAddChildNodeW
XMLCreateFile
XMLDeleteAllChildNodes
XMLDeleteAllNodeAttributes
XMLDeleteChild
XMLDeleteNodeAttributeA
XMLDeleteNodeAttributeW
XMLEnumChildNodesA
XMLEnumChildNodesW
XMLFindChildNodeA
XMLFindChildNodeW
XMLFirstChildNode
XMLFreeFile
XMLGetNodeAttributeA
XMLGetNodeAttributeW
XMLGetNodeBinaryValue
XMLGetNodeBoolAttributeA
XMLGetNodeBoolAttributeW
XMLGetNodeBoolValue
XMLGetNodeDWORDAttributeA
XMLGetNodeDWORDAttributeW
XMLGetNodeDWORDLONGAttributeA
XMLGetNodeDWORDLONGAttributeW
XMLGetNodeDWORDLONGValue
XMLGetNodeDWORDValue
XMLGetNodeIntAttributeA
XMLGetNodeIntAttributeW
XMLGetNodeIntValue
XMLGetNodeLOGFONTValueA
XMLGetNodeLOGFONTValueExA
XMLGetNodeLOGFONTValueExW
XMLGetNodeLOGFONTValueW
XMLGetNodeNameA
XMLGetNodeNameW
XMLGetNodeValueA
XMLGetNodeValueW
XMLLoadData
XMLLoadFileA
XMLLoadFileW
XMLNextNode
XMLSaveData
XMLSaveFileA
XMLSaveFileW
XMLSetNodeAttributeA
XMLSetNodeAttributeW
XMLSetNodeBinaryValue
XMLSetNodeBoolAttributeA
XMLSetNodeBoolAttributeW
XMLSetNodeBoolValue
XMLSetNodeDWORDAttributeA
XMLSetNodeDWORDAttributeW
XMLSetNodeDWORDLONGAttributeA
XMLSetNodeDWORDLONGAttributeW
XMLSetNodeDWORDLONGValue
XMLSetNodeDWORDValue
XMLSetNodeIntAttributeA
XMLSetNodeIntAttributeW
XMLSetNodeIntValue
XMLSetNodeLOGFONTValueA
XMLSetNodeLOGFONTValueW
XMLSetNodeNameA
XMLSetNodeNameW
XMLSetNodeValueA
XMLSetNodeValueW

Sections

UPX0
Size: - Virtual size: 18.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

36:d3:4b:e7:10:bf:b9:c1:91:02:24:7b:37:fd:14:c4Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

36:d3:4b:e7:10:bf:b9:c1:91:02:24:7b:37:fd:14:c4Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

10:21:93:49:fa:d6:b7:8d:45:d5:96:a4:3f:3f:06:55:d3:5d:06:46:fa:1f:d4:6d:59:aa:38:3c:33:91:52:bdSigner

16:8c:c1:37:5d:46:2b:7b:11:ad:9e:ff:fc:ff:35:06:c6:32:58:07Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 18.8MB

UPX1 Size: 6.7MB - Virtual size: 6.7MB

.rsrc Size: 4.6MB - Virtual size: 4.6MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

36:d3:4b:e7:10:bf:b9:c1:91:02:24:7b:37:fd:14:c4
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

36:d3:4b:e7:10:bf:b9:c1:91:02:24:7b:37:fd:14:c4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

10:21:93:49:fa:d6:b7:8d:45:d5:96:a4:3f:3f:06:55:d3:5d:06:46:fa:1f:d4:6d:59:aa:38:3c:33:91:52:bd
Signer

16:8c:c1:37:5d:46:2b:7b:11:ad:9e:ff:fc:ff:35:06:c6:32:58:07
Signer

UPX0
Size: - Virtual size: 18.8MB

UPX1
Size: 6.7MB - Virtual size: 6.7MB

.rsrc
Size: 4.6MB - Virtual size: 4.6MB