478057d87e40aef6a71453c27eb77649[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

478057d87e40aef6a71453c27eb77649.bin
Size

278KB
MD5

0f0f97f5a6c7dcd33f58d377b60895e2
SHA1

91eb84af41821b60b819f7f54519628f12f9ecff
SHA256

f6c4cb6e5ac0a92ca592e42c3872389827374c36f1df13a957fd7b55b7fb95da
SHA512

8e6959c35815c9b9c686ea9cfaecfc46daf7119978a726e7b84736a4154086d191aa9ab940e5474425350753e27d2311ebfd221b0d8157333e05fda09c88e64a
SSDEEP

6144:WLjyRrrX905oin6oigT9N0ybRjpVYtjOzzyfB/Pq8mGAsA4xfY9:WLjywl6jQNPjEfevsAeY9

Score

N/A

Malware Config

Signatures

Files

478057d87e40aef6a71453c27eb77649.bin
.zip

Password: infected
7fa1fbd2c625269c408d515a7f7a2289e19f5f5d3cef46a96300212071215649.zip
.zip

Password: infected
Setup_Win_18-01-2023_17-44-13.exe
.exe windows x64

Password: infected

fbfcf00c38af43c32deb15a93d741895

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:44:fc:ed:d4:9f:22:f7:a2:8c:ec:c9:91:04:f6:1a
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

05-01-2023 12:56

Not After

05-01-2024 12:56

Subject

SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-07-2022 08:56

Not After

27-07-2033 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:59:20:9f:26:f7:46:3f:25:b9:4f:c0:c0:f0:c1:1c:fa:f0:3d:c9:c9:07:ef:87:e8:63:c8:40:7b:6e:64:ae
Signer

Actual PE Digest

35:59:20:9f:26:f7:46:3f:25:b9:4f:c0:c0:f0:c1:1c:fa:f0:3d:c9:c9:07:ef:87:e8:63:c8:40:7b:6e:64:ae

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

20-01-2023 16:07
Valid: true

Chain 1

SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

user32

BeginPaint
EnableWindow
SetTimer
KillTimer
SendDlgItemMessageA
PostQuitMessage
IsDlgButtonChecked
GetDlgItemInt
EndDialog
DefWindowProcA
DialogBoxParamA
CreateWindowExA
RegisterClassExA
LoadCursorA
PostMessageA
EndPaint
GetWindowLongPtrA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
MessageBoxA
MessageBoxW
GetDlgItem
ShowWindow
InvalidateRect
GetClientRect
SetDlgItemTextA
SetDlgItemInt
LoadIconA

gdi32

TextOutA
SetTextColor
SetBkMode
Ellipse
CreateSolidBrush
CreatePen
SelectObject
Rectangle

kernel32

SetFilePointerEx
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
HeapSize
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
IsValidCodePage
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xuH
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

fbfcf00c38af43c32deb15a93d741895

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

6e:44:fc:ed:d4:9f:22:f7:a2:8c:ec:c9:91:04:f6:1aCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

35:59:20:9f:26:f7:46:3f:25:b9:4f:c0:c0:f0:c1:1c:fa:f0:3d:c9:c9:07:ef:87:e8:63:c8:40:7b:6e:64:aeSigner

Signature Validations

Verification

20-01-2023 16:07 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

user32

gdi32

kernel32

Sections

.text Size: 163KB - Virtual size: 163KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 60KB - Virtual size: 59KB

.xuH Size: 116KB - Virtual size: 116KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

6e:44:fc:ed:d4:9f:22:f7:a2:8c:ec:c9:91:04:f6:1a
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

35:59:20:9f:26:f7:46:3f:25:b9:4f:c0:c0:f0:c1:1c:fa:f0:3d:c9:c9:07:ef:87:e8:63:c8:40:7b:6e:64:ae
Signer

20-01-2023 16:07
Valid: true

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 59KB

.xuH
Size: 116KB - Virtual size: 116KB