tl-uninstall[.]exe

Resubmissions

08/07/2024, 09:40

240708-lnn65svhlg 7

08/07/2024, 09:28

240708-lfpgyaveme 7

Sharing

Copy URL Twitter E-mail

General

Target

tl-uninstall.exe
Size

1.3MB
MD5

1313bb5df6c6e0d5c358735044fbebef
SHA1

cac3e2e3ed63dc147318e18f202a9da849830a91
SHA256

7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d
SHA512

596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c
SSDEEP

24576:OBIWcmjuRli1R/zBUhmgI2TIhXlqLUxocktXo4SHS1CQAHgxs/r65i:EIWcmKRklqdTAqwxSXo4SHS1FsZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

tl-uninstall.exe
.exe windows:5 windows x86 arch:x86

Code Sign

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54
Certificate

Issuer

CN=SecureTrust CA,O=SecureTrust Corporation,C=US

Not Before

01/09/2016, 14:35

Not After

29/09/2024, 14:35

Subject

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:16:9b:8d:9c:b0:85:e5:27:53:79:2f:f9:f6:c5:6a:44:3a:10
Certificate

Issuer

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

Not Before

03/02/2020, 10:09

Not After

02/02/2023, 16:09

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,ST=Mahe,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:2d:84:7e:bc:eb:a2:7a:ab:57:70:f1:32:02:6b:eb:3d:12:b8
Certificate

Issuer

CN=Trustwave Global Timestamping CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

21/09/2020, 09:52

Not After

19/12/2031, 15:52

Subject

CN=SecureTrust TWG Timestamping Responder 2021,O=SecureTrust,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:c1:21:6e:dc:01:c3:d4:79:84:d7:1a:3c:25:8c:83
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06/02/2018, 12:21

Not After

21/08/2042, 18:21

Subject

CN=Trustwave Global Timestamping CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54
Certificate

Issuer

CN=SecureTrust CA,O=SecureTrust Corporation,C=US

Not Before

01/09/2016, 14:35

Not After

29/09/2024, 14:35

Subject

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:16:9b:8d:9c:b0:85:e5:27:53:79:2f:f9:f6:c5:6a:44:3a:10
Certificate

Issuer

CN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6d

Not Before

03/02/2020, 10:09

Not After

02/02/2023, 16:09

Subject

CN=TLauncher Inc.,O=TLauncher Inc.,L=Victoria,ST=Mahe,C=SC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:2d:84:7e:bc:eb:a2:7a:ab:57:70:f1:32:02:6b:eb:3d:12:b8
Certificate

Issuer

CN=Trustwave Global Timestamping CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

21/09/2020, 09:52

Not After

19/12/2031, 15:52

Subject

CN=SecureTrust TWG Timestamping Responder 2021,O=SecureTrust,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:ce:82:d9:c1:21:6e:dc:01:c3:d4:79:84:d7:1a:3c:25:8c:83
Certificate

Issuer

CN=Trustwave Global Certification Authority,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Not Before

06/02/2018, 12:21

Not After

21/08/2042, 18:21

Subject

CN=Trustwave Global Timestamping CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6
Signer

Actual PE Digest

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6

Digest Algorithm

sha256

PE Digest Matches

true

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5
Signer

Actual PE Digest

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Code Sign

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54Certificate

Extended Key Usages

Key Usages

07:16:9b:8d:9c:b0:85:e5:27:53:79:2f:f9:f6:c5:6a:44:3a:10Certificate

Extended Key Usages

Key Usages

07:2d:84:7e:bc:eb:a2:7a:ab:57:70:f1:32:02:6b:eb:3d:12:b8Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:c1:21:6e:dc:01:c3:d4:79:84:d7:1a:3c:25:8c:83Certificate

Extended Key Usages

Key Usages

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54Certificate

Extended Key Usages

Key Usages

07:16:9b:8d:9c:b0:85:e5:27:53:79:2f:f9:f6:c5:6a:44:3a:10Certificate

Extended Key Usages

Key Usages

07:2d:84:7e:bc:eb:a2:7a:ab:57:70:f1:32:02:6b:eb:3d:12:b8Certificate

Extended Key Usages

Key Usages

06:ce:82:d9:c1:21:6e:dc:01:c3:d4:79:84:d7:1a:3c:25:8c:83Certificate

Extended Key Usages

Key Usages

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6Signer

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.6MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 687KB - Virtual size: 686KB

.data Size: 49KB - Virtual size: 154KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 289KB - Virtual size: 289KB

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54
Certificate

07:16:9b:8d:9c:b0:85:e5:27:53:79:2f:f9:f6:c5:6a:44:3a:10
Certificate

07:2d:84:7e:bc:eb:a2:7a:ab:57:70:f1:32:02:6b:eb:3d:12:b8
Certificate

06:ce:82:d9:c1:21:6e:dc:01:c3:d4:79:84:d7:1a:3c:25:8c:83
Certificate

a4:23:c0:04:a9:c7:70:15:42:30:e5:d2:71:be:06:54
Certificate

07:16:9b:8d:9c:b0:85:e5:27:53:79:2f:f9:f6:c5:6a:44:3a:10
Certificate

07:2d:84:7e:bc:eb:a2:7a:ab:57:70:f1:32:02:6b:eb:3d:12:b8
Certificate

06:ce:82:d9:c1:21:6e:dc:01:c3:d4:79:84:d7:1a:3c:25:8c:83
Certificate

3d:55:99:81:18:5e:00:0b:9b:5d:07:f8:e2:76:76:0f:72:81:c0:af:81:6b:cf:de:20:50:75:31:e2:50:64:a6
Signer

c8:6e:2c:ac:e4:e8:b6:c7:0c:a2:06:48:8e:2e:5e:bb:39:fe:83:b5
Signer

UPX0
Size: - Virtual size: 2.6MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 687KB - Virtual size: 686KB

.data
Size: 49KB - Virtual size: 154KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 289KB - Virtual size: 289KB