304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c

Sharing

Copy URL

Twitter E-mail

General

Target

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
Size

321KB
MD5

6f6df11c0814860cc5a4fe7a9db87cc9
SHA1

539bbcc5ec63af4255a65e20ffb1352338cf41d2
SHA256

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
SHA512

82bf7779e05bd6a734e51747f8fa8f879853c9869f88ecc0f7bf6bf13aeacdd47e7c506b9dde688c955c1f688f2889f8a8c92d263fcb411ec8663a43fe6ce31c
SSDEEP

6144:Fy9xbRMPI1qIELTUbTvfjstzx6UqUxaUWEN:Fwi

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def

resource	yara_rule
sample	disable_win_def

Files

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:be:0a:02:42:6e:bd:20:c2:62:44:b5:ec:a6:52:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09-07-2018 00:00

Not After

10-07-2019 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:45:e9:21:65:21:3c:97:1f:5c:49:0a:ea:12:a5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-07-2018 00:00

Not After

09-07-2021 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:2d:23:cb:00:00:00:00:00:21
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:46

Not After

22-02-2021 19:56

Subject

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:f4:40:a2:c9:81:0e:50:18:ba:31:5e:68:46:24:5d:2e:6d:83:f8:9a:66:24:90:2b:67:83:88:31:ff:9f:b3
Signer

Actual PE Digest

44:f4:40:a2:c9:81:0e:50:18:ba:31:5e:68:46:24:5d:2e:6d:83:f8:9a:66:24:90:2b:67:83:88:31:ff:9f:b3

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

22-05-2019 21:57
Valid: true

Chain 1

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

eb:e7:ab:87:19:18:81:cd:2c:44:65:36:75:a2:0d:31:64:c0:2d:b0
Signer

Actual PE Digest

eb:e7:ab:87:19:18:81:cd:2c:44:65:36:75:a2:0d:31:64:c0:2d:b0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

22-05-2019 21:56
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

4f:be:0a:02:42:6e:bd:20:c2:62:44:b5:ec:a6:52:a3Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

62:e7:45:e9:21:65:21:3c:97:1f:5c:49:0a:ea:12:a5Certificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

61:2d:23:cb:00:00:00:00:00:21Certificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

44:f4:40:a2:c9:81:0e:50:18:ba:31:5e:68:46:24:5d:2e:6d:83:f8:9a:66:24:90:2b:67:83:88:31:ff:9f:b3Signer

Signature Validations

Verification

22-05-2019 21:57 Valid: true

Chain 1

eb:e7:ab:87:19:18:81:cd:2c:44:65:36:75:a2:0d:31:64:c0:2d:b0Signer

Signature Validations

Verification

22-05-2019 21:56 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 292KB - Virtual size: 291KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

4f:be:0a:02:42:6e:bd:20:c2:62:44:b5:ec:a6:52:a3
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

62:e7:45:e9:21:65:21:3c:97:1f:5c:49:0a:ea:12:a5
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

61:2d:23:cb:00:00:00:00:00:21
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

44:f4:40:a2:c9:81:0e:50:18:ba:31:5e:68:46:24:5d:2e:6d:83:f8:9a:66:24:90:2b:67:83:88:31:ff:9f:b3
Signer

22-05-2019 21:57
Valid: true

eb:e7:ab:87:19:18:81:cd:2c:44:65:36:75:a2:0d:31:64:c0:2d:b0
Signer

22-05-2019 21:56
Valid: false

.text
Size: 292KB - Virtual size: 291KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B