General

Malware Config

Signatures

Files

• 8e695c65d33baf186d962e98456626d03365147519584d5448a479341ad50c6c

  .zip
• 8e695c65d33baf186d962e98456626d03365147519584d5448a479341ad50c6c

  .dll windows x86

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1f:8f:51:90:91:c7:04:ff:22:0b:6b:18:97:f8:7a:bc

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  10-02-2022 00:00

  Not After

  10-02-2023 23:59

  Subject

  CN=BUM NOTE LIMITED,O=BUM NOTE LIMITED,ST=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7f:d8:f4:da:08:85:11:be:44:9c:bc:99:aa:5b:36:3e:26:09:7a:78:3e:59:c3:52:f9:36:87:fa:83:8f:63:dc

  Signer

  Actual PE Digest

  7f:d8:f4:da:08:85:11:be:44:9c:bc:99:aa:5b:36:3e:26:09:7a:78:3e:59:c3:52:f9:36:87:fa:83:8f:63:dc

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=BUM NOTE LIMITED,O=BUM NOTE LIMITED,ST=London,C=GB

  23-06-2022 17:32

  Valid: true

  Chain 1

  CN=BUM NOTE LIMITED,O=BUM NOTE LIMITED,ST=London,C=GB

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 402KB - Virtual size: 401KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 3KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 29KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 238KB - Virtual size: 238KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ