General

Malware Config

Signatures

Files

• tmp

  .exe windows x86

  
  

  Code Sign

  53:50:91:e6:ca:b1:3a:f3:93:b5:1e:ad:08:25:f6:27

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  11-05-2021 00:00

  Not After

  10-05-2024 23:59

  Subject

  CN=Advanced Micro Devices Inc.,O=Advanced Micro Devices Inc.,L=Santa Clara,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-07-2015 21:03

  Not After

  22-07-2025 21:03

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  29-03-2022 00:00

  Not After

  14-03-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  09-06-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc

  Certificate

  Issuer

  CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  10-03-2022 19:58

  Not After

  08-03-2023 19:58

  Subject

  CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0b:aa:c1:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  18-04-2012 23:48

  Not After

  18-04-2027 23:58

  Subject

  CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ae:fa:3a:93:46:c6:35:fe:a0:47:58:06:f5:a0:d6:be:fa:31:46:cc:5e:9f:e9:be:3f:e6:13:47:11:bc:78:b5

  Signer

  Actual PE Digest

  ae:fa:3a:93:46:c6:35:fe:a0:47:58:06:f5:a0:d6:be:fa:31:46:cc:5e:9f:e9:be:3f:e6:13:47:11:bc:78:b5

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  13-01-2023 12:38

  Valid: false

  ae:fa:3a:93:46:c6:35:fe:a0:47:58:06:f5:a0:d6:be:fa:31:46:cc:5e:9f:e9:be:3f:e6:13:47:11:bc:78:b5

  Signer

  Actual PE Digest

  ae:fa:3a:93:46:c6:35:fe:a0:47:58:06:f5:a0:d6:be:fa:31:46:cc:5e:9f:e9:be:3f:e6:13:47:11:bc:78:b5

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Advanced Micro Devices Inc.,O=Advanced Micro Devices Inc.,L=Santa Clara,ST=California,C=US

  29-07-2022 21:22

  Valid: true

  Chain 1

  CN=Advanced Micro Devices Inc.,O=Advanced Micro Devices Inc.,L=Santa Clara,ST=California,C=US

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 67KB - Virtual size: 160KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 469B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .idata

  Size: 512B - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .themida

  Size: - Virtual size: 5.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 3.1MB - Virtual size: 3.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ