hwi_810[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hwi_810.zip
Size

17.3MB
MD5

81e963aa71265600414066172d10bc50
SHA1

fc577f3f88be9986d67d118b67472123e3b9e7ad
SHA256

cc770fbe023ebba1cf9f71f374a2594b4454ed2e28145d0902ee80e3cc3ced4e
SHA512

d829625d6a956e6b5d01f2b9eb417a42db0373d3d94ea1d6b856758647d4aa2e78084e55fc11c655f39a3b6acb0fd1180c3e10f999a8fa2e158c21bac465a614
SSDEEP

393216:x1CYxhN+69XXLUTwgwnQV6JeIVmSYb+0aqx7mZs9yNC5CqT:CIhN+OXLUcgwQV0LOVXmZsmPm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HWiNFO32.exe	upx
static1/unpack001/HWiNFO64.exe	upx

Files

hwi_810.zip
.zip
HWiNFO32.exe
.exe windows:4 windows x86 arch:x86

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:50:9d:70:93:dc:7b:90:7a:d4:29:0c:27:1d:3e:13
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

22/07/2024, 10:05

Not After

22/07/2027, 10:05

Subject

SERIALNUMBER=55326811,CN=REALiX\, s.r.o.,O=REALiX\, s.r.o.,POSTALCODE=901 01,STREET=Bozeny Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,1.3.6.1.4.1.311.60.2.1.1=#130a4272617469736c617661,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:c9:2a:0d:94:78:7d:ef:5b:c3:97:f7:3b:af:ae:f0:9a:11:38:3e:66:88:c7:fe:1c:36:3f:4c:4d:20:99:d8
Signer

Actual PE Digest

11:c9:2a:0d:94:78:7d:ef:5b:c3:97:f7:3b:af:ae:f0:9a:11:38:3e:66:88:c7:fe:1c:36:3f:4c:4d:20:99:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWiNFO64.exe
.exe windows:6 windows x64 arch:x64

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:50:9d:70:93:dc:7b:90:7a:d4:29:0c:27:1d:3e:13
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

22/07/2024, 10:05

Not After

22/07/2027, 10:05

Subject

SERIALNUMBER=55326811,CN=REALiX\, s.r.o.,O=REALiX\, s.r.o.,POSTALCODE=901 01,STREET=Bozeny Nemcovej 2291/28,L=Malacky,ST=Bratislavsky kraj,C=SK,1.3.6.1.4.1.311.60.2.1.1=#130a4272617469736c617661,1.3.6.1.4.1.311.60.2.1.2=#13114272617469736c6176736b79206b72616a,1.3.6.1.4.1.311.60.2.1.3=#1302534b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:eb:c9:ad:1b:50:e6:fa:94:b3:dd:66:04:51:fa:9c:3c:f7:c5:e3:24:3a:a8:30:bb:bc:57:db:48:83:b7:2f
Signer

Actual PE Digest

1c:eb:c9:ad:1b:50:e6:fa:94:b3:dd:66:04:51:fa:9c:3c:f7:c5:e3:24:3a:a8:30:bb:bc:57:db:48:83:b7:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 18.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWiNFO_ARM64.exe

Sharing

General

Malware Config

Signatures

Files

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

71:50:9d:70:93:dc:7b:90:7a:d4:29:0c:27:1d:3e:13Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

11:c9:2a:0d:94:78:7d:ef:5b:c3:97:f7:3b:af:ae:f0:9a:11:38:3e:66:88:c7:fe:1c:36:3f:4c:4d:20:99:d8Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 8.0MB

UPX1 Size: 3.0MB - Virtual size: 3.0MB

.rsrc Size: 95KB - Virtual size: 96KB

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

71:50:9d:70:93:dc:7b:90:7a:d4:29:0c:27:1d:3e:13Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1c:eb:c9:ad:1b:50:e6:fa:94:b3:dd:66:04:51:fa:9c:3c:f7:c5:e3:24:3a:a8:30:bb:bc:57:db:48:83:b7:2fSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 18.5MB

UPX1 Size: 8.9MB - Virtual size: 8.9MB

.rsrc Size: 110KB - Virtual size: 112KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

71:50:9d:70:93:dc:7b:90:7a:d4:29:0c:27:1d:3e:13
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

11:c9:2a:0d:94:78:7d:ef:5b:c3:97:f7:3b:af:ae:f0:9a:11:38:3e:66:88:c7:fe:1c:36:3f:4c:4d:20:99:d8
Signer

UPX0
Size: - Virtual size: 8.0MB

UPX1
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 95KB - Virtual size: 96KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

71:50:9d:70:93:dc:7b:90:7a:d4:29:0c:27:1d:3e:13
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1c:eb:c9:ad:1b:50:e6:fa:94:b3:dd:66:04:51:fa:9c:3c:f7:c5:e3:24:3a:a8:30:bb:bc:57:db:48:83:b7:2f
Signer

UPX0
Size: - Virtual size: 18.5MB

UPX1
Size: 8.9MB - Virtual size: 8.9MB

.rsrc
Size: 110KB - Virtual size: 112KB