General

Malware Config

Signatures

Files

• SCANED_AH4506.7z

  .7z

  Password: infected

• SCANED_AH4506.img

  .iso
• SCANED_AH4506.lnk

  .lnk
• YouNewRules/Invoice.fw

  .dll windows x86

  
  

  Code Sign

  12:80:74:e8:70:dc:2e:89:41:8c:29:6f:6c:64:c8:42

  Certificate

  Issuer

  CN=BQJWHQQILVMMSUTWKQ

  Not Before

  12-12-2022 06:08

  Not After

  31-12-2039 23:59

  Subject

  CN=BQJWHQQILVMMSUTWKQ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  11-05-2022 00:00

  Not After

  10-08-2033 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  8a:70:c5:7c:e1:56:52:51:3f:19:42:a3:dd:9f:f4:47:c0:cc:0f:96

  Signer

  Actual PE Digest

  8a:70:c5:7c:e1:56:52:51:3f:19:42:a3:dd:9f:f4:47:c0:cc:0f:96

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=BQJWHQQILVMMSUTWKQ

  01-12-2022 14:34

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 746KB - Virtual size: 746KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 3KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 56KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 374KB - Virtual size: 374KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• YouNewRules/YouNewRules.cmd