OInstall[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OInstall.exe
Size

11.7MB
MD5

0c56f6a26e937cb8a2b938f3501668b3
SHA1

bc428bce5c6839d7a265b26ebc1b578d98f583fe
SHA256

bb9316912ac3c5155d2ebb5fe1d8b569ee2913e342c6603acb72f10e3fc2aa71
SHA512

59e0a10fd39a482004a19b15ae1ccc28cb23ee85fb2fa0799d12781ebb17bcafb3368018ed1e09cb8e8d7ae76b49a34b8d1568a853364d93aec1f9fd90ea1606
SSDEEP

196608:lABlAZZ3G10nDMHElBX7jCwCRaIszdXaAgRZ44v7/PtqZRoLLxBmmMMyLyysFyYP:2H8Z3G10ttCAqAAZ44T/VqnMLxxyL2CK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

OInstall.exe
.exe windows:4 windows x86 arch:x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02/11/2016, 18:47

Not After

31/12/2039, 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:98:cf:2b:a9:47:d1:27:b1:53:2e:d2:1e:27:f1:4e:00:05:8d:1f:34:83:03:c9:f3:9b:55:1b:12:17:8d:43
Signer

Actual PE Digest

22:98:cf:2b:a9:47:d1:27:b1:53:2e:d2:1e:27:f1:4e:00:05:8d:1f:34:83:03:c9:f3:9b:55:1b:12:17:8d:43

Digest Algorithm

sha256

PE Digest Matches

true

4e:4d:e2:a5:30:ce:cd:c3:77:18:c8:4a:ef:cc:fa:54:d0:2c:58:44
Signer

Actual PE Digest

4e:4d:e2:a5:30:ce:cd:c3:77:18:c8:4a:ef:cc:fa:54:d0:2c:58:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20.8MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

22:98:cf:2b:a9:47:d1:27:b1:53:2e:d2:1e:27:f1:4e:00:05:8d:1f:34:83:03:c9:f3:9b:55:1b:12:17:8d:43Signer

4e:4d:e2:a5:30:ce:cd:c3:77:18:c8:4a:ef:cc:fa:54:d0:2c:58:44Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.8MB

UPX1 Size: 11.6MB - Virtual size: 11.6MB

.rsrc Size: 84KB - Virtual size: 88KB

Headers

File Characteristics

Sections

.code Size: 257KB - Virtual size: 256KB

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 20.8MB - Virtual size: 21.3MB

.rsrc Size: 83KB - Virtual size: 82KB

.modplug Size: - Virtual size: 20KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

22:98:cf:2b:a9:47:d1:27:b1:53:2e:d2:1e:27:f1:4e:00:05:8d:1f:34:83:03:c9:f3:9b:55:1b:12:17:8d:43
Signer

4e:4d:e2:a5:30:ce:cd:c3:77:18:c8:4a:ef:cc:fa:54:d0:2c:58:44
Signer

UPX0
Size: - Virtual size: 10.8MB

UPX1
Size: 11.6MB - Virtual size: 11.6MB

.rsrc
Size: 84KB - Virtual size: 88KB

.code
Size: 257KB - Virtual size: 256KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 20.8MB - Virtual size: 21.3MB

.rsrc
Size: 83KB - Virtual size: 82KB

.modplug
Size: - Virtual size: 20KB