General

Malware Config

Signatures

Files

• L22_File.zip.virus

  .zip
• Install.exe

  .exe windows x86

  
  

  Code Sign

  33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-05-2022 20:46

  Not After

  11-05-2023 20:46

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d6:0f:29:c0:2c:3c:2b:ed:1d:72:75:1a:cf:d5:fa:9c:fd:19:12:00:d4:34:27:8d:f1:a6:14:60:91:8e:06:2e

  Signer

  Actual PE Digest

  d6:0f:29:c0:2c:3c:2b:ed:1d:72:75:1a:cf:d5:fa:9c:fd:19:12:00:d4:34:27:8d:f1:a6:14:60:91:8e:06:2e

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  26-08-2022 16:50

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 847KB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 74KB - Virtual size: 168KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 4KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 28KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .vm_sec

  Size: 128KB - Virtual size: 128KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .themida

  Size: - Virtual size: 4.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 3.2MB - Virtual size: 3.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

• Readme.txt
• fonts/Alakob.ttf
• fonts/AlaskanNights.ttf
• fonts/Arggotsc.ttf
• fonts/Army Condensed.ttf
• fonts/Army Thin.ttf
• fonts/BELL.TTF
• fonts/BELLB.TTF
• fonts/BELLI.TTF
• fonts/BOD_BI.TTF
• fonts/BOD_BLAI.TTF
• fonts/BOD_I.TTF
• fonts/CALISTB.TTF
• fonts/CALISTBI.TTF
• fonts/CENTAUR.TTF
• fonts/Cabana-Regular.ttf
• fonts/baby_csp.ttf
• fonts/black.ttf
• fonts/bold_0.ttf
• fonts/browa.ttf
• fonts/browau.ttf
• fonts/browauz.ttf
• fonts/browaz.ttf
• fonts/deathrattlebb_reg.ttf
• langs/Arabic.ini
• langs/Belarusian.ini
• langs/Bulgarian.ini
• langs/Croatian.ini
• langs/Czech.ini
• langs/Danish.ini
• langs/English.ini
• langs/Farsi.ini
• langs/Finnish.ini
• langs/Hebrew.ini
• langs/Hindi.ini
• langs/Hungarian.ini

  .ps1
• langs/Indonesian.ini
• langs/Japanese.ini
• langs/Kazakh.ini
• langs/Korean.ini

  .ps1
• langs/Kurdish.ini
• langs/Lithuanian.ini
• langs/Norwegian.ini
• langs/Russian.ini
• langs/SimpChinese.ini
• langs/Sinhala.ini
• langs/Slovak.ini
• langs/Swedish.ini
• langs/Thai.ini
• langs/TradChinese.ini
• langs/Ukrainian.ini
• langs/Uyghur.ini
• langs/UyghurLatin.ini
• langs/Uzbek.ini
• langs/Vietnamese.ini