TyrlNickh587654[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TyrlNickh587654.exe
Size

581KB
MD5

d7ec236a4013e5b4b15ee12ac6149399
SHA1

a525e8f68c1fe7500ba776c1c08aaaef3296b2f2
SHA256

da8d9476336c3ae7eb1cb66a50fb0d63174969b230502cc22be8b571efb9e01d
SHA512

626302b7f3c1bf3a7a4d2788ea207bce2d2d954854dffdd8f2c261131200a4ec799d35eebe793867eeb48fa33b79dfef8b1c47f66a15e2d32203a0fbabae5cd6
SSDEEP

12288:0f8YB7n/V/55iPC6pUir8le+s3vZ66AJrhrTilB/S2k7b2G:0hB7nt/fiXFrge+s3vZiTilB6db2G

Score

N/A

Malware Config

Signatures

Files

TyrlNickh587654.exe
.exe windows x64

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/11/2021, 00:00

Not After

09/11/2024, 23:59

Subject

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:98:d1:22:cc:10:b6:8b:0a:d4:ea:91:26:f2:35:f4:06:57:92
Signer

Actual PE Digest

06:fd:98:d1:22:cc:10:b6:8b:0a:d4:ea:91:26:f2:35:f4:06:57:92

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

15/12/2022, 13:55
Valid: true

Chain 1

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

06:fd:98:d1:22:cc:10:b6:8b:0a:d4:ea:91:26:f2:35:f4:06:57:92Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 398KB - Virtual size: 397KB

.rsrc Size: 177KB - Virtual size: 177KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

06:fd:98:d1:22:cc:10:b6:8b:0a:d4:ea:91:26:f2:35:f4:06:57:92
Signer

15/12/2022, 13:55
Valid: true

.text
Size: 398KB - Virtual size: 397KB

.rsrc
Size: 177KB - Virtual size: 177KB