TXRTN_0620236[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

TXRTN_0620236.rar
Size

585KB
MD5

dcbca1c8b9139d940609cc399d9b939c
SHA1

bbb736abae07a5312d9dac4dc3dddc6035a7a01e
SHA256

77689dd8ac7abb2a72720d542047f60f1fbc7a32d66c0bbd3a68220b4dad9b4d
SHA512

eb08a3d18764e41969ce1a87b085506037004d33d016c42e69cac3cd801b068585f46ab898ab8d94c68f17a499b52a50f215e851a3160835afdfb530aee31e69
SSDEEP

12288:hU/Hj12amiFxexG7Izwxlt/tJC0rihsJlGvu73zD7oM+Etq+c4rOcRyPqdqK:sj12UexGIwbJCLyld7X7oM+Etw4qlPzK

Score

N/A

Malware Config

Signatures

Files

TXRTN_0620236.rar
.rar
TXRTN_0620236/102755.dll
.dll windows x86

Code Sign

0a:f5:84:40:6e:a7:0f:91:4f:81:9a:50:a8:c7:72:ce
Certificate

Issuer

CN=WKEABJMFVZDVIWLXKS

Not Before

08-07-2022 13:42

Not After

31-12-2039 23:59

Subject

CN=WKEABJMFVZDVIWLXKS

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:5f:e9:6f:79:fc:3b:e3:96:5f:e7:9a:40:54:98:24:93:40:84:0d
Signer

Actual PE Digest

59:5f:e9:6f:79:fc:3b:e3:96:5f:e7:9a:40:54:98:24:93:40:84:0d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WKEABJMFVZDVIWLXKS

07-07-2022 13:23
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TXRTN_0620236/TXRTN_0620236.lnk
.lnk
TXRTN_0620236/WindowsCodecs.dll
.dll regsvr32 windows x86

87a1f1c5766b04416c137412a6152760

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
OutputDebugStringA
GetEnvironmentVariableW
OutputDebugStringW
lstrcatW
CloseHandle
ExitProcess
CreateProcessW
IsWow64Process

user32

MessageBoxA

Exports

Exports

DllInstall
DllRegisterServer

Sections

.text
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXRTN_0620236/calc.exe
.exe windows x86

f93b5d76132f6e6068946ec238813ce1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellAboutW
ord165
ShellExecuteExW

shlwapi

ord225

gdiplus

GdipDrawLineI
GdipDrawArcI
GdipFillRectangleI
GdipCloneBrush
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPageUnit
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegCreateKeyExW
RegCloseKey
EventWrite
EventUnregister
EventRegister

oleaut32

SysAllocString
SysStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
VariantClear

uxtheme

IsThemeActive

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Add
ImageList_Create
ord413
CreatePropertySheetPageW
PropertySheetW
ord380
ord410
ord392

ntdll

WinSqmAddToStreamEx
WinSqmIncrementDWORD
WinSqmAddToStream
NtQueryLicenseValue
RtlInitUnicodeString

kernel32

lstrlenA
WideCharToMultiByte
GetStartupInfoA
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleW
GetSystemTime
SetEvent
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
ResetEvent
lstrcmpW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
MulDiv
GlobalFindAtomW
GetLastError
InterlockedDecrement
MultiByteToWideChar
GetLocalTime
GetLocaleInfoW
GetDateFormatW
InterlockedIncrement
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
GetLocaleInfoEx
GetProcAddress
LoadLibraryW
FreeLibrary
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExW
InterlockedExchange
FreeLibraryAndExitThread
GetFileAttributesW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
IsWow64Process
GetCurrentProcess
GetModuleFileNameW
LocalFree
LocalReAlloc
LocalAlloc
GetProfileStringW
lstrlenW
CompareStringW
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRecoveryCallback
RegisterApplicationRestart
CompareFileTime
SystemTimeToFileTime
GetTempFileNameW
FileTimeToSystemTime
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapSize
RaiseException

user32

GetSysColor
SetClassLongW
GetClassLongW
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
RemoveMenu
GetSubMenu
GetWindowLongW
InsertMenuItemW
SetWindowLongW
IsWindowEnabled
PostMessageW
CharNextA
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
GetMenuState
IsClipboardFormatAvailable
DefWindowProcW
InvalidateRect
PostQuitMessage
GetFocus
DispatchMessageW
TranslateMessage
GetMessageExtraInfo
TranslateAcceleratorW
GetMessageW
SetForegroundWindow
SetWindowPlacement
RegisterClassExW
DrawTextW
ReleaseDC
GetDC
GetSystemMetrics
EnumChildWindows
SetPropW
GetMenu
CheckRadioButton
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
GetDlgItemInt
SetDlgItemInt
CheckMenuItem
GetNextDlgTabItem
OffsetRect
GetMonitorInfoW
MonitorFromWindow
CopyRect
IntersectRect
EnumDisplayMonitors
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
GetProcessDefaultLayout
CreateDialogParamW
TrackPopupMenu
CreatePopupMenu
GetAncestor
FindWindowW
EndDialog
EnableMenuItem
DestroyWindow
MapWindowPoints
GetClassNameW
GetDlgItem
GetWindowRect
SetWindowPos
SendMessageW
LoadCursorW
SetCursor
GetKeyState
IsDialogMessageW
LoadAcceleratorsW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
SetFocus
LoadStringW
SetWindowTextW
GetParent
GetClientRect
ShowWindow
GetWindowPlacement
LoadImageW
UnregisterClassA
FillRect
CheckMenuRadioItem
CreateWindowExW
MessageBeep
SystemParametersInfoW
DialogBoxParamW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

winmm

timeGetTime

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

EqualRgn
CreateDIBSection
DeleteObject
DeleteDC
GetTextExtentPointW
CreateFontIndirectW
CreateCompatibleDC
GetDeviceCaps
GetRgnBox
CreateSolidBrush
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
LineTo
MoveToEx
ExtCreatePen
CreateCompatibleBitmap
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
SelectObject
CreatePatternBrush
SetTextColor
SetBkMode
GetStockObject
SetBkColor

msvcrt

wcsncmp
_wcsnicmp
iswdigit
_wcslwr_s
iswalpha
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
localeconv
memchr
strcspn
sprintf_s
_strtoi64
_strtoui64
_wcsdup
_i64tow_s
_wtoi64
wcsrchr
wcstoul
isalpha
time
difftime
memmove
_callnewh
__pctype_func
___lc_codepage_func
___lc_handle_func
_itow_s
___mb_cur_max_func
setlocale
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
tolower
isspace
abort
isalnum
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
__uncaught_exception
_except_handler4_common
_controlfp
_wtoi
_itoa
calloc
wcschr
_wcsicmp
_vsnwprintf
memcpy
wcscat_s
wcstol
wcscpy_s
exit
mbstowcs_s
toupper
isxdigit
isdigit
_ftol2_sse
memset
_ftol2
malloc
_purecall
free
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
__CxxFrameHandler3
_errno
_wcsrev

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0a:f5:84:40:6e:a7:0f:91:4f:81:9a:50:a8:c7:72:ceCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

59:5f:e9:6f:79:fc:3b:e3:96:5f:e7:9a:40:54:98:24:93:40:84:0dSigner

Signature Validations

Verification

07-07-2022 13:23 Valid: false

Headers

File Characteristics

Sections

CODE Size: 358KB - Virtual size: 357KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.reloc Size: 28KB - Virtual size: 27KB

.rsrc Size: 278KB - Virtual size: 278KB

87a1f1c5766b04416c137412a6152760

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 558B

.rdata Size: 1024B - Virtual size: 814B

.data Size: 512B - Virtual size: 323B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 76B

f93b5d76132f6e6068946ec238813ce1

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

gdiplus

advapi32

oleaut32

uxtheme

ole32

comctl32

ntdll

kernel32

user32

rpcrt4

winmm

version

gdi32

msvcrt

Sections

.text Size: 331KB - Virtual size: 331KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 394KB - Virtual size: 393KB

.reloc Size: 15KB - Virtual size: 14KB

0a:f5:84:40:6e:a7:0f:91:4f:81:9a:50:a8:c7:72:ce
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

59:5f:e9:6f:79:fc:3b:e3:96:5f:e7:9a:40:54:98:24:93:40:84:0d
Signer

07-07-2022 13:23
Valid: false

CODE
Size: 358KB - Virtual size: 357KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 278KB - Virtual size: 278KB

.text
Size: 1024B - Virtual size: 558B

.rdata
Size: 1024B - Virtual size: 814B

.data
Size: 512B - Virtual size: 323B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 76B

.text
Size: 331KB - Virtual size: 331KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 394KB - Virtual size: 393KB

.reloc
Size: 15KB - Virtual size: 14KB