General

Malware Config

Signatures

Files

• 7434786167.zip

  .zip

  Password: infected

• e8e2bb2f97a2b91d63daf078062df3a7b664bfef6c6ed5643f42269a14653b80

  .zip
• setup/AISetup-Crack.exe

  .exe windows x86

  f34d45c822fc4d85617799444787f54d

  
  

  Code Sign

  48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  21:c9:a6:da:ff:94:2f:2d:b6:a0:61:4d

  Certificate

  Issuer

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  14-05-2018 10:58

  Not After

  14-05-2021 10:58

  Subject

  SERIALNUMBER=529991119,CN=Ledger SAS,O=Ledger SAS,STREET=1 rue du Mail,L=Paris,ST=Ile de France,C=FR,1.2.840.113549.1.9.1=#0c0f696e667261406c65646765722e6672,1.3.6.1.4.1.311.60.2.1.3=#13024652,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  cb:d6:9e:51:1a:28:12:2f:f2:05:1c:a6:d2:80:cc:7d:a0:c9:2c:33:20:6c:bb:8d:d3:fe:3c:1c:81:b7:00:45

  Signer

  Actual PE Digest

  cb:d6:9e:51:1a:28:12:2f:f2:05:1c:a6:d2:80:cc:7d:a0:c9:2c:33:20:6c:bb:8d:d3:fe:3c:1c:81:b7:00:45

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=529991119,CN=Ledger SAS,O=Ledger SAS,STREET=1 rue du Mail,L=Paris,ST=Ile de France,C=FR,1.2.840.113549.1.9.1=#0c0f696e667261406c65646765722e6672,1.3.6.1.4.1.311.60.2.1.3=#13024652,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  28-04-2021 13:51

  Valid: true

  Chain 1

  SERIALNUMBER=529991119,CN=Ledger SAS,O=Ledger SAS,STREET=1 rue du Mail,L=Paris,ST=Ile de France,C=FR,1.2.840.113549.1.9.1=#0c0f696e667261406c65646765722e6672,1.3.6.1.4.1.311.60.2.1.3=#13024652,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  user32

  GetDC

  advapi32

  RegisterEventSourceA

  mscoree

  _CorExeMain

  comctl32

  DSA_Create

  shell32

  SHGetIconOverlayIndexA

  Sections

  .bss

  Size: - Virtual size: 216KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: 101KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• setup/Pre-Activated-Setup.exe

  .exe windows x86

  b50665161448a937d5652262f21b07af

  
  

  Code Sign

  01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  16-05-2017 00:00

  Not After

  24-06-2020 12:00

  Subject

  CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  16-05-2017 00:00

  Not After

  24-06-2020 12:00

  Subject

  CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  04-01-2017 00:00

  Not After

  18-01-2028 00:00

  Subject

  CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:69:86:7c:6a:b7:4b:be:fd:33:1b:b2:01:f5:51:09:d0:53:61:85:86:22:d3:59:9f:32:bc:be:72:4d:64:59

  Signer

  Actual PE Digest

  05:69:86:7c:6a:b7:4b:be:fd:33:1b:b2:01:f5:51:09:d0:53:61:85:86:22:d3:59:9f:32:bc:be:72:4d:64:59

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

  03-09-2019 14:44

  Valid: true

  Chain 1

  CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  d8:72:8d:e7:ff:12:3d:3b:9e:14:0d:f9:cd:22:e3:7a:5b:5a:c6:d8

  Signer

  Actual PE Digest

  d8:72:8d:e7:ff:12:3d:3b:9e:14:0d:f9:cd:22:e3:7a:5b:5a:c6:d8

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

  03-09-2019 14:44

  Valid: true

  Chain 1

  CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  user32

  UpdateWindow

  advapi32

  RegCloseKey

  shell32

  SHGetDiskFreeSpaceA

  comctl32

  InitCommonControls

  gdiplus

  GdipSaveImageToFile

  Sections

  .didata

  Size: - Virtual size: 5.2MB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .voltbl/

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.4MB - Virtual size: 2.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 101KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE