reWASD[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

reWASD.rar
Size

59.5MB
MD5

e17cd184fb21d700939b3b8fa744ad61
SHA1

2302b1fc7ddd29698fa213b46b84aca9342d3e6f
SHA256

66bcf9783cc7b48162c7a4100d2dcc3e8b2e31de091914e378dde304bb2a1368
SHA512

753fb6389666ca0c2c1d34a2a873cbeea4ebfb34bf21a664fbab1c91627097bb0927b8f4b4508dfbb77ff79bb281da705c1300f652c6f7efc4a4e74ed7751db1
SSDEEP

1572864:JGYNXXOkMmkgsR6Ky5OtI7yE3ORD1MaBGeWhKEM:J/NukNkgWiOXE3OlqaBGeWhjM

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/reWASD.dll
unpack001/reWASDCommon.dll

Files

reWASD.rar
.rar

Password: test
reWASD.dll
.dll windows:4 windows x86 arch:x86

Password: test

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 21.0MB - Virtual size: 21.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 20.1MB - Virtual size: 20.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
reWASD700-8447.exe
.exe windows:4 windows x86 arch:x86

Password: test

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:bb:b5:26:4f:90:92:7c:71:bf:c4:13:54:09:36:c5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/03/2021, 00:00

Not After

14/06/2024, 23:59

Subject

CN=SIA AVB Disc Soft,O=SIA AVB Disc Soft,L=Jurmala,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:c5:31:a0:ac:88:21:69:28:71:56:31:f7:79:b2:7a:0e:a1:ce:b7:43:18:f2:4a:27:de:41:bc:72:93:5c:1d
Signer

Actual PE Digest

dd:c5:31:a0:ac:88:21:69:28:71:56:31:f7:79:b2:7a:0e:a1:ce:b7:43:18:f2:4a:27:de:41:bc:72:93:5c:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\rewasd-custom\setup\wpfinstaller\obj\Release\RewasdWpfInstaller.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50.5MB - Virtual size: 50.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reWASDCommon.dll
.dll windows:4 windows x86 arch:x86

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test

Password: test

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 21.0MB - Virtual size: 21.0MB

.data Size: 4KB - Virtual size: 163B

.reloc Size: 4KB - Virtual size: 1B

.text Size: 20.1MB - Virtual size: 20.1MB

Password: test

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:bb:b5:26:4f:90:92:7c:71:bf:c4:13:54:09:36:c5Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

dd:c5:31:a0:ac:88:21:69:28:71:56:31:f7:79:b2:7a:0e:a1:ce:b7:43:18:f2:4a:27:de:41:bc:72:93:5c:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 50.5MB - Virtual size: 50.5MB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 12B

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 21.0MB - Virtual size: 21.0MB

.data
Size: 4KB - Virtual size: 163B

.reloc
Size: 4KB - Virtual size: 1B

.text
Size: 20.1MB - Virtual size: 20.1MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:bb:b5:26:4f:90:92:7c:71:bf:c4:13:54:09:36:c5
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

dd:c5:31:a0:ac:88:21:69:28:71:56:31:f7:79:b2:7a:0e:a1:ce:b7:43:18:f2:4a:27:de:41:bc:72:93:5c:1d
Signer

.text
Size: 50.5MB - Virtual size: 50.5MB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B