Privateserver28[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Privateserver28.zip
Size

7.6MB
MD5

ae623a07616e6277e0eb35efc0eba4ea
SHA1

7f20456790b6ce058f8aec4907e4ea0c50fc8547
SHA256

1920ffd21ad595631f8fe24c23308f8bb042bf1216aed2490be1649f19d6b5dd
SHA512

d05f4f0a7cbc808f3669370ccdc3a45b95162b41c9be29cb3bfd361d2cc7a6a8be18d37db1303cf134cabc29754431077af38782e3605993e6376ec51f8522f6
SSDEEP

196608:WEGnSluJ+HEGFQh3BRjvZd03K3Of0Z0ki0GKMrTQoCUMf:WfSlO+kG0x/d034C0Zbi0irTQcMf

Score

N/A

Malware Config

Signatures

Files

Privateserver28.zip
.zip
Privateserver28.exe
.exe windows x86

0901266657d602fff9c7d9a865574642

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:38:c4:32:1a:74:e5:80:06:29:0a:99:73:27:8f:3f:86:10:09:54:b7:9c:95:76:fc:2a:9b:77:0f:d5:79:32
Signer

Actual PE Digest

e3:38:c4:32:1a:74:e5:80:06:29:0a:99:73:27:8f:3f:86:10:09:54:b7:9c:95:76:fc:2a:9b:77:0f:d5:79:32

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

23/03/2022, 23:20
Valid: true

Chain 1

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.+/-
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.a<)
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Dl|
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0901266657d602fff9c7d9a865574642

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:ddCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

e3:38:c4:32:1a:74:e5:80:06:29:0a:99:73:27:8f:3f:86:10:09:54:b7:9c:95:76:fc:2a:9b:77:0f:d5:79:32Signer

Signature Validations

Verification

23/03/2022, 23:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 39KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 3KB

.CRT Size: - Virtual size: 4B

.+/- Size: - Virtual size: 3.8MB

.a<) Size: 1024B - Virtual size: 872B

.Dl| Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 403KB - Virtual size: 402KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

e3:38:c4:32:1a:74:e5:80:06:29:0a:99:73:27:8f:3f:86:10:09:54:b7:9c:95:76:fc:2a:9b:77:0f:d5:79:32
Signer

23/03/2022, 23:20
Valid: true

.text
Size: - Virtual size: 39KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 3KB

.CRT
Size: - Virtual size: 4B

.+/-
Size: - Virtual size: 3.8MB

.a<)
Size: 1024B - Virtual size: 872B

.Dl|
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 403KB - Virtual size: 402KB