hwi_806[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hwi_806.zip
Size

11.9MB
MD5

a2b38729336cb891a6d476a46d6ab48a
SHA1

59726810921834583942d61338e2eb58788629d2
SHA256

3b39950dac6f7381acf848cfcdc2320b93e7797242a906563e8e6f0d5dfca40e
SHA512

4fb182b35ba1bc916dab0bbeab144a41fc70fa2fffeb22643f012172cd56cd3f7a43aafdfd17eb6d4e86beb4883250578e066fdefd88187beffdb191ca36c279
SSDEEP

196608:SBjJU+UWuxylXlVwnUft9+YChNkqrrhzCl3/7ADOy+i+/TW/aux3t/VlCmcNe:4jS+UWAylXLwnif+9hNk4FzCl3TAOyx1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HWiNFO32.exe	upx
static1/unpack001/HWiNFO64.exe	upx

Files

hwi_806.zip
.zip

Password: 9876543210
HWiNFO32.exe
.exe windows:4 windows x86 arch:x86

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

13/08/2021, 00:00

Not After

12/08/2024, 00:00

Subject

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:be:03:1c:00:75:88:30:5f:e7:80:14:4f:28:09:6b:9c:74:17:b8:0a:3b:20:6a:96:6b:cc:36:9a:58:86:78
Signer

Actual PE Digest

ae:be:03:1c:00:75:88:30:5f:e7:80:14:4f:28:09:6b:9c:74:17:b8:0a:3b:20:6a:96:6b:cc:36:9a:58:86:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWiNFO64.exe
.exe windows:6 windows x64 arch:x64

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

13/08/2021, 00:00

Not After

12/08/2024, 00:00

Subject

SERIALNUMBER=35437570,CN=Martin Malik - REALiX,O=Martin Malik - REALiX,POSTALCODE=90101,STREET=Boženy Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:86:05:52:21:9e:f8:70:f0:6d:22:cf:2d:03:40:f4:ea:85:a4:35:5a:e8:ef:ba:a1:09:17:e1:89:9d:34:d2
Signer

Actual PE Digest

31:86:05:52:21:9e:f8:70:f0:6d:22:cf:2d:03:40:f4:ea:85:a4:35:5a:e8:ef:ba:a1:09:17:e1:89:9d:34:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 18.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 9876543210

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ae:be:03:1c:00:75:88:30:5f:e7:80:14:4f:28:09:6b:9c:74:17:b8:0a:3b:20:6a:96:6b:cc:36:9a:58:86:78Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 8.0MB

UPX1 Size: 3.0MB - Virtual size: 3.0MB

.rsrc Size: 95KB - Virtual size: 96KB

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

31:86:05:52:21:9e:f8:70:f0:6d:22:cf:2d:03:40:f4:ea:85:a4:35:5a:e8:ef:ba:a1:09:17:e1:89:9d:34:d2Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 18.5MB

UPX1 Size: 8.9MB - Virtual size: 8.9MB

.rsrc Size: 110KB - Virtual size: 112KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ae:be:03:1c:00:75:88:30:5f:e7:80:14:4f:28:09:6b:9c:74:17:b8:0a:3b:20:6a:96:6b:cc:36:9a:58:86:78
Signer

UPX0
Size: - Virtual size: 8.0MB

UPX1
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 95KB - Virtual size: 96KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

73:7b:9b:c1:a2:3b:f2:e9:9d:ae:af:4b:20:35:ac:26
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

31:86:05:52:21:9e:f8:70:f0:6d:22:cf:2d:03:40:f4:ea:85:a4:35:5a:e8:ef:ba:a1:09:17:e1:89:9d:34:d2
Signer

UPX0
Size: - Virtual size: 18.5MB

UPX1
Size: 8.9MB - Virtual size: 8.9MB

.rsrc
Size: 110KB - Virtual size: 112KB