OInstallLite_x64[.]exe

Resubmissions

13/02/2024, 05:00

240213-fmyrasce2w 1

13/02/2024, 04:59

240213-fmqqpaea28 1

13/02/2024, 04:58

240213-fl54zscc9s 1

Sharing

Copy URL Twitter E-mail

General

Target

OInstallLite_x64.exe
Size

13.8MB
MD5

8ac6e3e2059145eeec60f7d5ff3abb0b
SHA1

69df4f0157432616e9e0019b46ed1a285034fa9e
SHA256

0289ed449236c270afb004af5a3e483b2c8d778c7a001b07181951ec12e50a68
SHA512

d43437080447b1f07e659ee84a4c61db3a4a7454eb568ba4ba73ae8157781e19141578a8bbf4f4bb48fbb78154b2a7dc48535988407037533512511548994afd
SSDEEP

196608:+hzeqFWPCFJybY7+AkZGvkhfO/7QyOU7XGW/F/P9w9xiXGqXCdUjdLV:ECqFTywoCkhfO/zFXGW/F/P9wXiXzThV

Score

1^/10

Malware Config

Signatures

Files

OInstallLite_x64.exe
.exe windows:5 windows x64 arch:x64

475c329e40a79c00306ca485af8d11b6

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:df:93:11:cf:7f:ba:a7:b2:fb:f2:a7:2f:a3:db:8d:6e:cb:78:04:30:d6:ea:fa:33:77:17:18:59:64:72:d8
Signer

Actual PE Digest

43:df:93:11:cf:7f:ba:a7:b2:fb:f2:a7:2f:a3:db:8d:6e:cb:78:04:30:d6:ea:fa:33:77:17:18:59:64:72:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
setlocale
__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
wcsncpy
wcslen
memcmp
memmove
memcpy
strncmp
isdigit
malloc
free
wcscpy
wcscat
wcscmp
sprintf
_wstat
_wcsdup
strcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
log
pow
rand
fwrite
strncpy
powf
floor
cos
sin
log10
_wfopen
fseek
fclose
fread
longjmp
setjmp
_wcsnicmp
_wcsicmp
wcsncmp
_snwprintf
tolower
_localtime64
_mktime64
_itow
_wtoi
_gmtime64
sqrtf
abs
fmodf
ftell
wcsstr
swscanf
_close
calloc
_errno
_lseeki64
realloc
_snprintf
abort
_wopen
_setmode
wcschr
_open_osfhandle
_strdup
strrchr
wctomb
_get_osfhandle
_open
toupper
mbstowcs
strchr
frexp
modf
fopen
strerror
atof
fflush
_vsnwprintf
sinf
cosf
ceil

kernel32

GetShortPathNameW
GetEnvironmentVariableW
Sleep
GetCurrentThreadId
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
CreateProcessW
GetExitCodeThread
GetCurrentProcessId
OpenProcess
Process32FirstW
Process32NextW
GetModuleHandleW
HeapCreate
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
HeapDestroy
ExitProcess
GetStartupInfoA
CreateThread
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
TerminateThread
DeleteCriticalSection
TryEnterCriticalSection
HeapFree
HeapAlloc
MultiByteToWideChar
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
GetExitCodeProcess
GetModuleFileNameW
GetCommandLineW
ReadFile
SetEnvironmentVariableW
HeapReAlloc
CreateFileW
GetFileSize
DeleteFileW
WriteFile
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpynA
LoadLibraryExW
GetProcAddress
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetVersionExW
SetLastError
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
SetCurrentDirectoryW
CopyFileW
GetCurrentDirectoryW
GetTempPathW
GetLongPathNameW
SetFilePointer
MulDiv
GetLocalTime
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetTickCount
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

OemToCharW
GetSysColor
GetDlgCtrlID
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
FindWindowW
SetForegroundWindow
GetKeyState
BeginPaint
EndPaint
UpdateWindow
SendMessageW
GetCursorPos
WindowFromPoint
CallNextHookEx
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindowEnabled
RedrawWindow
SetClassLongPtrW
GetClassLongPtrW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
DefWindowProcW
GetAsyncKeyState
KillTimer
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowExW
DrawFrameControl
GetWindowTextW
PostMessageW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnableWindow
EnumWindows
wsprintfA
LoadIconW
RegisterClassExW
CreateWindowExW
GetWindowTextLengthW
GetSystemMetrics
GetSysColorBrush
SetRect
GetWindowLongW
SetPropW
GetPropW
RemovePropW
SetWindowTextW
ShowWindow
GetIconInfo
DrawStateW
GetFocus
DrawFocusRect
ValidateRect
DestroyWindow
MoveWindow
ReleaseCapture
SetCapture
ClientToScreen
LoadCursorW
IntersectRect
SetFocus
GetUpdateRect
SetScrollPos
GetWindowDC
SetCursor
GetMessagePos
SystemParametersInfoW
GetScrollPos
EnumPropsExW
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
SetActiveWindow
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
DestroyIcon
GetMenu
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreatePen
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateFontIndirectW
CreateDCW
CreateDIBSection
GetClipRgn
ExtSelectClipRgn
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
SetStretchBltMode
StretchDIBits
StretchBlt
SetROP2
ExtFloodFill
SetTextAlign
GetTextMetricsW
GdiGetBatchLimit
GdiSetBatchLimit
CreateBitmap
SetPixel
CreateFontW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation

shlwapi

PathMatchSpecW

winmm

timeBeginPeriod

msimg32

AlphaBlend

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.1MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_l
Size: 512B - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 512B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

475c329e40a79c00306ca485af8d11b6

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

43:df:93:11:cf:7f:ba:a7:b2:fb:f2:a7:2f:a3:db:8d:6e:cb:78:04:30:d6:ea:fa:33:77:17:18:59:64:72:d8Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

shlwapi

winmm

msimg32

gdiplus

uxtheme

comctl32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 231KB - Virtual size: 231KB

.pdata Size: 42KB - Virtual size: 42KB

.data Size: 12.1MB - Virtual size: 12.6MB

.rsrc Size: 86KB - Virtual size: 85KB

.debug_l Size: 512B - Virtual size: 123B

.debug_i Size: 512B - Virtual size: 46B

.debug_a Size: 512B - Virtual size: 20B

.debug_a Size: 512B - Virtual size: 48B

.debug_s Size: 512B - Virtual size: 155B

.debug_f Size: 512B - Virtual size: 72B

.modplug Size: - Virtual size: 20KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

43:df:93:11:cf:7f:ba:a7:b2:fb:f2:a7:2f:a3:db:8d:6e:cb:78:04:30:d6:ea:fa:33:77:17:18:59:64:72:d8
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 231KB - Virtual size: 231KB

.pdata
Size: 42KB - Virtual size: 42KB

.data
Size: 12.1MB - Virtual size: 12.6MB

.rsrc
Size: 86KB - Virtual size: 85KB

.debug_l
Size: 512B - Virtual size: 123B

.debug_i
Size: 512B - Virtual size: 46B

.debug_a
Size: 512B - Virtual size: 20B

.debug_a
Size: 512B - Virtual size: 48B

.debug_s
Size: 512B - Virtual size: 155B

.debug_f
Size: 512B - Virtual size: 72B

.modplug
Size: - Virtual size: 20KB