electrum-4[.]3[.]3-portable[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

electrum-4.3.3-portable.exe
Size

43.6MB
MD5

90200d4ecebb737309b38489a16b801a
SHA1

210ab4399232b60adc5388a005e1389b65bd48c4
SHA256

b56d08726bc1c7935f6dc802ab5332e24d7ac2a53c2d311da422abf5b7bdf64f
SHA512

22f0817dd19f5edf8374c737e4e3976e3a95d925205778cd3120b7a9aff7f13981afb49f33045f77e167e9af247a83fd8bb29bd6ff070c677e4b3c1b721acaca
SSDEEP

786432:JPMU0UaGF8WWxUd9FhkcJyRabyePFphQ0QWGlso5EYW15AfSwM96IdiGkVUEeuV7:6U0AF8WWxU9p3by4FphqZd5EnAMsIdix

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Files

electrum-4.3.3-portable.exe
.exe windows x86

ad5401e60517cd743fa34f26a18e558c

Code Sign

0f:d8:54:3a:f7:a2:21:c5:1c:f9:06:16:5b:1c:c0:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/05/2022, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Electrum Technologies GmbH,O=Electrum Technologies GmbH,L=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2f:6c:4c:5a:57:df:f2:63:f4:89:48:a0:ed:24:4c:d1:42:f6:6a:1c:84:43:4f:02:62:92:94:fb:ed:f2:8a:78
Signer

Actual PE Digest

2f:6c:4c:5a:57:df:f2:63:f4:89:48:a0:ed:24:4c:d1:42:f6:6a:1c:84:43:4f:02:62:92:94:fb:ed:f2:8a:78

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Electrum Technologies GmbH,O=Electrum Technologies GmbH,L=Berlin,C=DE

03/01/2023, 10:28
Valid: true

Chain 1

CN=Electrum Technologies GmbH,O=Electrum Technologies GmbH,L=Berlin,C=DE

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Electrum Technologies GmbH,O=Electrum Technologies GmbH,L=Berlin,C=DE

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken

comctl32

LoadIconMetric

gdi32

CreateFontIndirectW
DeleteObject
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetTempPathW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalFree
MulDiv
MultiByteToWideChar
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argc
__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_filelengthi64
_fileno
_findclose
_get_osfhandle
_initterm
_iob
_lock
_onexit
_setmode
_snwprintf
fwprintf
_unlock
_wcsdup
_wfopen
_wfullpath
_wputenv_s
_wremove
_wrmdir
_wtempnam
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fprintf
fputc
fputwc
fread
free
fsetpos
fwrite
iswctype
localeconv
malloc
mbstowcs
memcmp
memcpy
memset
perror
realloc
setbuf
setlocale
signal
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strtok
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcstombs
_wstat
_wfindnext
_wfindfirst
_stat
_wcsdup
_strdup
_getpid
_fileno

user32

CreateWindowExW
DestroyIcon
DialogBoxIndirectParamW
DrawTextW
EndDialog
GetClientRect
GetDC
GetDialogBaseUnits
GetWindowLongW
InvalidateRect
MessageBoxA
MessageBoxW
MoveWindow
ReleaseDC
SendMessageW
SetWindowLongW
SystemParametersInfoW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad5401e60517cd743fa34f26a18e558c

Code Sign

0f:d8:54:3a:f7:a2:21:c5:1c:f9:06:16:5b:1c:c0:e4Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

2f:6c:4c:5a:57:df:f2:63:f4:89:48:a0:ed:24:4c:d1:42:f6:6a:1c:84:43:4f:02:62:92:94:fb:ed:f2:8a:78Signer

Signature Validations

Verification

03/01/2023, 10:28 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 89KB - Virtual size: 89KB

.data Size: 512B - Virtual size: 120B

.rdata Size: 25KB - Virtual size: 25KB

/4 Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 59KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 64KB - Virtual size: 68KB

0f:d8:54:3a:f7:a2:21:c5:1c:f9:06:16:5b:1c:c0:e4
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

2f:6c:4c:5a:57:df:f2:63:f4:89:48:a0:ed:24:4c:d1:42:f6:6a:1c:84:43:4f:02:62:92:94:fb:ed:f2:8a:78
Signer

03/01/2023, 10:28
Valid: true

.text
Size: 89KB - Virtual size: 89KB

.data
Size: 512B - Virtual size: 120B

.rdata
Size: 25KB - Virtual size: 25KB

/4
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 59KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 64KB - Virtual size: 68KB