tl-uninstall[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

tl-uninstall.exe
Size

1.2MB
MD5

d795ef2a7b1d60d78cf3d4d083346a7c
SHA1

68a623b6b821476e543ea8dadb02ee3a78c55762
SHA256

c367e0f3b55b16ff6f167f19a3885b9dc7e9e34c0ccdf1df06af5ce7656bd61a
SHA512

bbc4161586240074989c56c9abed3bb36cc68516f03a741438a07633c21343a2a3c2ce43d741f83096e28a541ffb58e56c348cf8ebaa3dc91ae8953bb72c1666
SSDEEP

24576:/S/FpqUzjJFXAHR3+/NJBcrsr5/OrUbmIz4CsQsF/jYSuEOuzs:qjJKHU/NJB2sr5Ciz4CsQ0/jYJE7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

tl-uninstall.exe
.exe windows:5 windows x86 arch:x86

Code Sign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

Issuer

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

23-12-2022 07:13

Not After

02-02-2026 07:12

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06-02-2018 12:21

Not After

21-08-2042 18:21

Subject

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

Issuer

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Not Before

10-08-2022 10:55

Not After

06-11-2033 16:55

Subject

CN=Viking Cloud TWG Timestamping Responder 2022,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

10-08-2022 10:18

Not After

10-08-2037 10:18

Subject

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

Issuer

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

23-12-2022 07:13

Not After

02-02-2026 07:12

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06-02-2018 12:21

Not After

21-08-2042 18:21

Subject

CN=Trustwave Global Code Signing CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

Issuer

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Not Before

10-08-2022 10:55

Not After

06-11-2033 16:55

Subject

CN=Viking Cloud TWG Timestamping Responder 2022,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

10-08-2022 10:18

Not After

10-08-2037 10:18

Subject

CN=Viking Cloud TWG Timestamping CA\, Level 1,O=Viking Cloud\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

54:b3:d8:9c:6a:59:a4:9d:a2:b8:e1:35:06:3e:91:e3:72:a3:cd:38:a3:e4:58:ba:27:d7:b8:4d:d8:f0:55:a0
Signer

Actual PE Digest

54:b3:d8:9c:6a:59:a4:9d:a2:b8:e1:35:06:3e:91:e3:72:a3:cd:38:a3:e4:58:ba:27:d7:b8:4d:d8:f0:55:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73Certificate

Extended Key Usages

Key Usages

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2aCertificate

Extended Key Usages

Key Usages

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9Certificate

Extended Key Usages

Key Usages

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73Certificate

Extended Key Usages

Key Usages

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2aCertificate

Extended Key Usages

Key Usages

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9Certificate

Extended Key Usages

Key Usages

Signer

54:b3:d8:9c:6a:59:a4:9d:a2:b8:e1:35:06:3e:91:e3:72:a3:cd:38:a3:e4:58:ba:27:d7:b8:4d:d8:f0:55:a0Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.7MB

UPX1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 32KB - Virtual size: 32KB

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

07:7f:22:38:be:42:10:bc:dd:a8:7c:d5:bd:db:90:61:80:9f:32
Certificate

06:ce:82:d9:b3:d4:98:74:56:05:d6:66:6b:6d:6d:99:7b:cb:73
Certificate

07:71:c2:62:80:b4:da:77:02:03:13:ab:bc:fa:a3:ff:ed:8b:2a
Certificate

07:71:c1:bc:fc:08:5f:97:f1:8c:6a:6a:23:c8:d3:7f:08:7d:f9
Certificate

54:b3:d8:9c:6a:59:a4:9d:a2:b8:e1:35:06:3e:91:e3:72:a3:cd:38:a3:e4:58:ba:27:d7:b8:4d:d8:f0:55:a0
Signer

UPX0
Size: - Virtual size: 2.7MB

UPX1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 32KB - Virtual size: 32KB