WinFindr_Portable[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WinFindr_Portable.exe
Size

2.7MB
MD5

0a8c347dce200171277c4c6e4c24917a
SHA1

8aae51b6a7cad82f0d393169c2461ee260a8dd10
SHA256

dfe7613bfd56717d4635f8a57e60692dae01b66a654f2288a17937435d00677c
SHA512

18f02dff8a02e66aedbaecfcc9ba0764eb9dd900623f054055661da9d00d97d5116ff31d9b0a426dbdb0580a90edbf9eebd3365ce7860eeb7bf60a9e3f262eb0
SSDEEP

49152:060Z30fvm5tI5pKr3PugSRXOL3sTzh2yOiXcZbFv5xBqmGEl:/A0m5CzKjWgSRXKsTz02czJ3F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

WinFindr_Portable.exe
.exe windows:6 windows x86 arch:x86

Password: infected

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:1a:d4:ff:e8:61:4c:0d:38:04:30:a2:e4:f6:37:fd
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29/06/2022, 00:00

Not After

28/06/2025, 23:59

Subject

CN=Macecraft Software,O=Macecraft Software,ST=Satakunta,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

23:3e:f9:24:fe:41:a5:fa:45:4b:ae:18:42:cd:8d:14:01:d7:3b:86
Signer

Actual PE Digest

23:3e:f9:24:fe:41:a5:fa:45:4b:ae:18:42:cd:8d:14:01:d7:3b:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 8.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr
madTraceProcess

Sections

.text
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 496KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

99:1a:d4:ff:e8:61:4c:0d:38:04:30:a2:e4:f6:37:fdCertificate

Extended Key Usages

Key Usages

23:3e:f9:24:fe:41:a5:fa:45:4b:ae:18:42:cd:8d:14:01:d7:3b:86Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 8.1MB

UPX1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 114KB - Virtual size: 116KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 8.3MB - Virtual size: 8.3MB

.itext Size: 14KB - Virtual size: 13KB

.data Size: 478KB - Virtual size: 477KB

.bss Size: - Virtual size: 496KB

.idata Size: 18KB - Virtual size: 17KB

.didata Size: 24KB - Virtual size: 24KB

.edata Size: 512B - Virtual size: 139B

.tls Size: - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 547KB - Virtual size: 546KB

.rsrc Size: 511KB - Virtual size: 511KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

99:1a:d4:ff:e8:61:4c:0d:38:04:30:a2:e4:f6:37:fd
Certificate

23:3e:f9:24:fe:41:a5:fa:45:4b:ae:18:42:cd:8d:14:01:d7:3b:86
Signer

UPX0
Size: - Virtual size: 8.1MB

UPX1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 114KB - Virtual size: 116KB

.text
Size: 8.3MB - Virtual size: 8.3MB

.itext
Size: 14KB - Virtual size: 13KB

.data
Size: 478KB - Virtual size: 477KB

.bss
Size: - Virtual size: 496KB

.idata
Size: 18KB - Virtual size: 17KB

.didata
Size: 24KB - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 139B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 547KB - Virtual size: 546KB

.rsrc
Size: 511KB - Virtual size: 511KB