M301[.]iso | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

M301.iso
Size

1.3MB
MD5

dbbb3db66e43848f58728492e0dea5ca
SHA1

d662f718cf63717688a1f5a237d25cf3e8a2fffe
SHA256

f90681a3c5525abdc8c0c0ec190f001ac79786c72fc23d5cf2b6ba8e6579a538
SHA512

9c3acd4adc11f260ffdd64e2d43c4695828b3181cc832786cba2a62c493aec5a090db6909b86573fb9e19134864d18fe3443824048259548e122a5f5fdbd3bf3
SSDEEP

24576:btbXYkbOvnDF9dnJEd+5F6bRGiJzN8gvd4rmwd2eZL/v2mWG2mWYYtQO/8jZhOtF:iHnDF9dnJEd+5F6bR/JzN863q/v2mWGv

Score

N/A

Malware Config

Signatures

Files

M301.iso
.iso .vbs
XS.vbs
.vbs
data.txt
gray/hindmost.temp
.dll regsvr32 windows x86

1726357b6fc2d768227af59ffbcbdfa8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

26-10-2022 00:00

Not After

26-10-2023 23:59

Subject

CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

96:e0:15:a3:ef:d4:9c:92:aa:d3:04:ae:5e:de:c3:12:99:1e:d7:b3:77:46:5a:f6:17:48:c5:c2:ee:7a:9c:f8
Signer

Actual PE Digest

96:e0:15:a3:ef:d4:9c:92:aa:d3:04:ae:5e:de:c3:12:99:1e:d7:b3:77:46:5a:f6:17:48:c5:c2:ee:7a:9c:f8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

17-11-2022 13:14
Valid: true

Chain 1

CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
SetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
GetDriveTypeW
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetFullPathNameA
GetLogicalDriveStringsW
SetFileAttributesA
SetFileAttributesW
SetUnhandledExceptionFilter
SetErrorMode
QueryPerformanceCounter
QueryPerformanceFrequency
DeviceIoControl
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
FlushInstructionCache
GetSystemInfo
GetLocalTime
GetVersion
GetTickCount
GetSystemDirectoryA
GetSystemDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
VirtualProtect
CreateFileMappingW
VirtualLock
VirtualUnlock
FindResourceExW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
LoadResource
FindResourceW
LoadLibraryA
LoadLibraryW
GlobalAlloc
LocalAlloc
SetHandleCount
FileTimeToDosDateTime
lstrcmpA
lstrcmpiA
lstrlenA
lstrlenW
CreateFileMappingA
FindResourceA
ExpandEnvironmentStringsA
GlobalAddAtomW
GetPrivateProfileIntA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileSectionW
MoveFileA
MoveFileW
IsBadWritePtr
IsBadCodePtr
GetComputerNameW
SystemTimeToFileTime
GetConsoleCP
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetFilePointerEx
GetConsoleMode
WriteFile
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
CloseHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DecodePointer
MoveFileExW
LCMapStringW
MultiByteToWideChar
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsSetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEnvironmentVariableW
GetCommandLineA
SetStdHandle
VirtualAllocEx
GetStdHandle
VirtualAlloc
GetTickCount64
CreateThread
ExitThread
WaitForSingleObjectEx
FindResourceExA
ExitProcess
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwind
RaiseException
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime

user32

IsWindowVisible
DialogBoxParamA
EndDialog
SystemParametersInfoW
CreateIconIndirect
LoadIconW
LoadBitmapW
SetWindowsHookExW
GetWindow
GetWindowThreadProcessId
GetDesktopWindow
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
MessageBeep
MessageBoxW
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthW
GetPropW
SetPropW
RedrawWindow
GetDC
SetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemID
CheckMenuItem
CreatePopupMenu
SetCapture
MapVirtualKeyW
GetKeyState
GetFocus
GetActiveWindow
CharUpperW
GetDlgCtrlID
CheckDlgButton
GetDlgItemTextW
UnregisterClassA
RegisterWindowMessageW
FindWindowA
SetTimer
GetSystemMetrics

gdi32

CreateSolidBrush
CreateFontIndirectW
CreateBitmap
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegCloseKey
RegNotifyChangeKeyValue

ole32

CoCreateGuid
CoInitializeEx

shlwapi

PathFindSuffixArrayA
PathFindOnPathA
PathFileExistsA
ord155
StrToIntA
PathGetDriveNumberA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gray/polyhedral.txt

Sharing

General

Malware Config

Signatures

Files

1726357b6fc2d768227af59ffbcbdfa8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54Certificate

Extended Key Usages

Key Usages

96:e0:15:a3:ef:d4:9c:92:aa:d3:04:ae:5e:de:c3:12:99:1e:d7:b3:77:46:5a:f6:17:48:c5:c2:ee:7a:9c:f8Signer

Signature Validations

Verification

17-11-2022 13:14 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 501KB - Virtual size: 501KB

.data Size: 358KB - Virtual size: 358KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 38KB - Virtual size: 38KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54
Certificate

96:e0:15:a3:ef:d4:9c:92:aa:d3:04:ae:5e:de:c3:12:99:1e:d7:b3:77:46:5a:f6:17:48:c5:c2:ee:7a:9c:f8
Signer

17-11-2022 13:14
Valid: true

.text
Size: 501KB - Virtual size: 501KB

.data
Size: 358KB - Virtual size: 358KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 38KB - Virtual size: 38KB