apart_ist_winpe[.]7z

Sharing

Copy URL Twitter E-mail

Reason

scan timeout

General

Target

apart_ist_winpe.7z
Size

729.0MB
MD5

bc503926262e7ff919fee0917d97297f
SHA1

f0fe065e3d6cf31fecabd6afca23131d01f05f00
SHA256

a150080893cb94499307a63e7ce18e8042cab85404a37acdcbf56bf7764917a0
SHA512

92a65509776312c89f98574cf67eebdeafbd82453e4c60c5e1f33422d7db5d8d8138bc49d304d572df54dd04103e85ae192f987fa749f5e4d94f2d379384e613
SSDEEP

12582912:sCPn7+LlDPrBBbDC4H/NPKaK0neoDDap2Hq/I0MkJui+zwgSEUWfmICWarUaArCJ:seurPC4ViarT3akHl0Mk15govICWaPAm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/rufus/rufus.exe	upx

Files

apart_ist_winpe.7z
.7z
PartAssist_WinPE.iso
.iso
EFI/Boot/bootx64.efi
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:21:02:9f:a0:33:52:6d:1d:cd:9e:87:ad:88:93:f9:b5:a0:89:87:c3:27:1b:8a:86:71:68:65:de:53:d9:58
Signer

Actual PE Digest

2b:21:02:9f:a0:33:52:6d:1d:cd:9e:87:ad:88:93:f9:b5:a0:89:87:c3:27:1b:8a:86:71:68:65:de:53:d9:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGER32R
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EFI/microsoft/boot/BCD
EFI/microsoft/boot/fonts/chs_boot.ttf
EFI/microsoft/boot/fonts/cht_boot.ttf
EFI/microsoft/boot/fonts/jpn_boot.ttf
EFI/microsoft/boot/fonts/kor_boot.ttf
EFI/microsoft/boot/fonts/malgun_boot.ttf
EFI/microsoft/boot/fonts/malgunn_boot.ttf
EFI/microsoft/boot/fonts/meiryo_boot.ttf
EFI/microsoft/boot/fonts/meiryon_boot.ttf
EFI/microsoft/boot/fonts/msjh_boot.ttf
EFI/microsoft/boot/fonts/msjhn_boot.ttf
EFI/microsoft/boot/fonts/msyh_boot.ttf
EFI/microsoft/boot/fonts/msyhn_boot.ttf
EFI/microsoft/boot/fonts/segmono_boot.ttf
EFI/microsoft/boot/fonts/segoe_slboot.ttf
EFI/microsoft/boot/fonts/segoen_slboot.ttf
EFI/microsoft/boot/fonts/wgl4_boot.ttf
boot/BCD
boot/boot.sdi
boot/efisys.bin
boot/etfsboot.com
boot/fonts/chs_boot.ttf
boot/fonts/cht_boot.ttf
boot/fonts/jpn_boot.ttf
boot/fonts/kor_boot.ttf
boot/fonts/malgun_boot.ttf
boot/fonts/malgunn_boot.ttf
boot/fonts/meiryo_boot.ttf
boot/fonts/meiryon_boot.ttf
boot/fonts/msjh_boot.ttf
boot/fonts/msjhn_boot.ttf
boot/fonts/msyh_boot.ttf
boot/fonts/msyhn_boot.ttf
boot/fonts/segmono_boot.ttf
boot/fonts/segoe_slboot.ttf
boot/fonts/segoen_slboot.ttf
boot/fonts/wgl4_boot.ttf
bootmgr
bootmgr.efi
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:63:a7:37:40:90:ee:fd:57:64:4e:db:da:46:fe:aa:98:7d:bb:ca:bb:9c:45:de:5d:78:d6:df:92:b0:cc:68
Signer

Actual PE Digest

35:63:a7:37:40:90:ee:fd:57:64:4e:db:da:46:fe:aa:98:7d:bb:ca:bb:9c:45:de:5d:78:d6:df:92:b0:cc:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

msrodata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sources/boot.wim
_Readme.txt
rufus/Rufus/rufus.log
rufus/rufus.exe
.exe windows:4 windows x86 arch:x86

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29/09/2021, 00:00

Not After

28/09/2024, 23:59

Subject

SERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:a6:98:0a:ef:92:30:05:fd:ce:de:2a:01:bb:f5:60:a8:f9:8b:75:99:87:37:e8:e9:bf:49:79:5c:fc:a8:32
Signer

Actual PE Digest

1f:a6:98:0a:ef:92:30:05:fd:ce:de:2a:01:bb:f5:60:a8:f9:8b:75:99:87:37:e8:e9:bf:49:79:5c:fc:a8:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rufus/rufus.ini

Sharing

Errors

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2b:21:02:9f:a0:33:52:6d:1d:cd:9e:87:ad:88:93:f9:b5:a0:89:87:c3:27:1b:8a:86:71:68:65:de:53:d9:58Signer

Headers

File Characteristics

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

PAGER32C Size: 15KB - Virtual size: 15KB

PAGE Size: 6KB - Virtual size: 5KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 18KB - Virtual size: 428KB

.pdata Size: 41KB - Virtual size: 41KB

PAGER32R Size: 512B - Virtual size: 256B

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 8KB - Virtual size: 8KB

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

35:63:a7:37:40:90:ee:fd:57:64:4e:db:da:46:fe:aa:98:7d:bb:ca:bb:9c:45:de:5d:78:d6:df:92:b0:cc:68Signer

Headers

File Characteristics

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

TRANSIT Size: 512B - Virtual size: 29B

.data Size: 3KB - Virtual size: 271KB

.pdata Size: 58KB - Virtual size: 57KB

msrodata Size: 512B - Virtual size: 464B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 5KB - Virtual size: 4KB

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

1f:a6:98:0a:ef:92:30:05:fd:ce:de:2a:01:bb:f5:60:a8:f9:8b:75:99:87:37:e8:e9:bf:49:79:5c:fc:a8:32Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.6MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 41KB - Virtual size: 44KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2b:21:02:9f:a0:33:52:6d:1d:cd:9e:87:ad:88:93:f9:b5:a0:89:87:c3:27:1b:8a:86:71:68:65:de:53:d9:58
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

PAGER32C
Size: 15KB - Virtual size: 15KB

PAGE
Size: 6KB - Virtual size: 5KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 18KB - Virtual size: 428KB

.pdata
Size: 41KB - Virtual size: 41KB

PAGER32R
Size: 512B - Virtual size: 256B

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 8KB - Virtual size: 8KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

35:63:a7:37:40:90:ee:fd:57:64:4e:db:da:46:fe:aa:98:7d:bb:ca:bb:9c:45:de:5d:78:d6:df:92:b0:cc:68
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

TRANSIT
Size: 512B - Virtual size: 29B

.data
Size: 3KB - Virtual size: 271KB

.pdata
Size: 58KB - Virtual size: 57KB

msrodata
Size: 512B - Virtual size: 464B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 5KB - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

1f:a6:98:0a:ef:92:30:05:fd:ce:de:2a:01:bb:f5:60:a8:f9:8b:75:99:87:37:e8:e9:bf:49:79:5c:fc:a8:32
Signer

UPX0
Size: - Virtual size: 2.6MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 41KB - Virtual size: 44KB