dgsetup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dgsetup.exe
Size

83.0MB
MD5

3c95d235493a70d1b93e9451c3708cf1
SHA1

6f09e7781cb3042bec2bb920f8c0419618c0e02d
SHA256

e7d51658aad1077e8c281d66cf2b702a7c8e1def9868260354b3f70496fc57ed
SHA512

a75ac4c63118ae99355ae01f13b68881dc7a0165409d3ca17bbe36d2973827548d776827e5f03c97b01c833a1d0c19dc09c0ded05b83deed9f5030545250ddad
SSDEEP

1572864:7QPHx3APkS7VSmnbxpyUuK7q49oSGk9Lq8X58Riqwca9zZ2uY3xZVZU/K5Ao:7QvVAsCVSmnbjq49ckwOmRiqSEuqbZU+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

dgsetup.exe
.exe windows:4 windows x86 arch:x86

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/04/2021, 00:00

Not After

20/04/2022, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:f4:e3:ee:e6:99:ed:27:39:f1:97:44:0d:2e:4f:24:ab:82:72:9b:49:61:75:50:d6:cb:88:c3:05:8e:d6:b7
Signer

Actual PE Digest

a7:f4:e3:ee:e6:99:ed:27:39:f1:97:44:0d:2e:4f:24:ab:82:72:9b:49:61:75:50:d6:cb:88:c3:05:8e:d6:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 524KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:ebCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a7:f4:e3:ee:e6:99:ed:27:39:f1:97:44:0d:2e:4f:24:ab:82:72:9b:49:61:75:50:d6:cb:88:c3:05:8e:d6:b7Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 524KB

UPX1 Size: 319KB - Virtual size: 320KB

.rsrc Size: 81KB - Virtual size: 84KB

Headers

File Characteristics

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 148KB - Virtual size: 146KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a7:f4:e3:ee:e6:99:ed:27:39:f1:97:44:0d:2e:4f:24:ab:82:72:9b:49:61:75:50:d6:cb:88:c3:05:8e:d6:b7
Signer

UPX0
Size: - Virtual size: 524KB

UPX1
Size: 319KB - Virtual size: 320KB

.rsrc
Size: 81KB - Virtual size: 84KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 148KB - Virtual size: 146KB