b4c2bd339393e583c1440caa2b42e51c470c25a94602e9392a4178fc37eddc61

Sharing

Copy URL Twitter E-mail

General

Target

b4c2bd339393e583c1440caa2b42e51c470c25a94602e9392a4178fc37eddc61
Size

475KB
MD5

bac6366671286565c65aef4e2c670709
SHA1

aeaa4d66b5518e31763765ac72127220715c8d62
SHA256

b4c2bd339393e583c1440caa2b42e51c470c25a94602e9392a4178fc37eddc61
SHA512

cd5e895576047a1c8649935075b3c9dd1669e1590bb18519426e10daa20a34320fdd5856bbea5ca7eb9c39b36d1478e25e90f1c128a36917a13a510f8ebbf49e
SSDEEP

12288:HA/HnuckfnK0EPotc3zPv93Yb3RXeHS+ratLXnWmUImZaZYgGZh:oHMK1DN3m3p9kaxnWaGfvZh

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/社保缴费员工.bat	aspack_v212_v242

Files

b4c2bd339393e583c1440caa2b42e51c470c25a94602e9392a4178fc37eddc61
.eml
=?gb18030?B?yeexo73Jt9HUsbmkLnppcA==?=
.zip
社保缴费员工.bat
.exe windows x86

Code Sign

0e:3c:d2:68:4a:23:05:51:19:2a:b3:40:09:2d:1c:c0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/11/2021, 00:00

Not After

17/02/2023, 23:59

Subject

SERIALNUMBER=91440113MA59E8P44H,CN=广州虎牙信息科技有限公司,O=广州虎牙信息科技有限公司,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:ff:e5:46:af:2b:3a:55:71:d7:fd:4f:4e:55:6a:09:51:c4:84:31:bb:e7:81:8a:5a:19:0a:c2:5a:08:4f:45
Signer

Actual PE Digest

46:ff:e5:46:af:2b:3a:55:71:d7:fd:4f:4e:55:6a:09:51:c4:84:31:bb:e7:81:8a:5a:19:0a:c2:5a:08:4f:45

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=91440113MA59E8P44H,CN=广州虎牙信息科技有限公司,O=广州虎牙信息科技有限公司,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 275KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 26KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
email-html-2.txt
email-plain-1.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:3c:d2:68:4a:23:05:51:19:2a:b3:40:09:2d:1c:c0Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

46:ff:e5:46:af:2b:3a:55:71:d7:fd:4f:4e:55:6a:09:51:c4:84:31:bb:e7:81:8a:5a:19:0a:c2:5a:08:4f:45Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Sections

.text Size: 275KB - Virtual size: 616KB

.rdata Size: 24KB - Virtual size: 80KB

.data Size: 26KB - Virtual size: 248KB

.rsrc Size: 5KB - Virtual size: 16KB

.aspack Size: 10KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

0e:3c:d2:68:4a:23:05:51:19:2a:b3:40:09:2d:1c:c0
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

46:ff:e5:46:af:2b:3a:55:71:d7:fd:4f:4e:55:6a:09:51:c4:84:31:bb:e7:81:8a:5a:19:0a:c2:5a:08:4f:45
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 275KB - Virtual size: 616KB

.rdata
Size: 24KB - Virtual size: 80KB

.data
Size: 26KB - Virtual size: 248KB

.rsrc
Size: 5KB - Virtual size: 16KB

.aspack
Size: 10KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB