OINSTALL[.]EXE

Sharing

Copy URL Twitter E-mail

General

Target

OINSTALL.EXE
Size

11.8MB
MD5

4737c01f56dbfec9fc3eeb17c7c446f3
SHA1

bee8e12d92e382bed5d7ce7bcc77142893454bc2
SHA256

86c165cc9d85f2dc7caea5a1da6f08074d3fd97c6e80ece4985f46a743121da9
SHA512

be40bb177460db318acc08412dbd4edadc8d0216f217a4826bdf550d85e6f3229e7b817722752bff24bc1cb52fbfb7b0ed6a1c11ac87393b89861fb7801fc8a9
SSDEEP

196608:HjeDDCU5q3d02eP96LLxCG9Ht1IE/BytNIdT41RgiCu5S2o+2vGMBmxyZlgH6Xnc:HyCU+d0200LxjHPj5yYdT476u5SZ9G9t

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

OINSTALL.EXE
.exe windows:4 windows x86 arch:x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:f1:f3:5e:fe:d6:93:03:81:81:12:85:83:7b:ef:04:e8:3d:11:c3:01:e3:45:e6:58:1a:93:6d:f5:7e:16:c4
Signer

Actual PE Digest

fd:f1:f3:5e:fe:d6:93:03:81:81:12:85:83:7b:ef:04:e8:3d:11:c3:01:e3:45:e6:58:1a:93:6d:f5:7e:16:c4

Digest Algorithm

sha256

PE Digest Matches

true

ae:95:f8:62:d5:d6:6a:bd:f8:07:0e:88:a5:8e:b3:95:c9:89:d7:ec
Signer

Actual PE Digest

ae:95:f8:62:d5:d6:6a:bd:f8:07:0e:88:a5:8e:b3:95:c9:89:d7:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21.0MB - Virtual size: 21.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

fd:f1:f3:5e:fe:d6:93:03:81:81:12:85:83:7b:ef:04:e8:3d:11:c3:01:e3:45:e6:58:1a:93:6d:f5:7e:16:c4Signer

ae:95:f8:62:d5:d6:6a:bd:f8:07:0e:88:a5:8e:b3:95:c9:89:d7:ecSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.8MB

UPX1 Size: 11.7MB - Virtual size: 11.7MB

.rsrc Size: 84KB - Virtual size: 88KB

Headers

File Characteristics

Sections

.code Size: 258KB - Virtual size: 258KB

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 21.0MB - Virtual size: 21.4MB

.rsrc Size: 83KB - Virtual size: 82KB

.modplug Size: - Virtual size: 20KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fd:f1:f3:5e:fe:d6:93:03:81:81:12:85:83:7b:ef:04:e8:3d:11:c3:01:e3:45:e6:58:1a:93:6d:f5:7e:16:c4
Signer

ae:95:f8:62:d5:d6:6a:bd:f8:07:0e:88:a5:8e:b3:95:c9:89:d7:ec
Signer

UPX0
Size: - Virtual size: 10.8MB

UPX1
Size: 11.7MB - Virtual size: 11.7MB

.rsrc
Size: 84KB - Virtual size: 88KB

.code
Size: 258KB - Virtual size: 258KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 21.0MB - Virtual size: 21.4MB

.rsrc
Size: 83KB - Virtual size: 82KB

.modplug
Size: - Virtual size: 20KB