d49997877451b110adc8e09d9c04c2b6[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

d49997877451b110adc8e09d9c04c2b6.bin
Size

1.5MB
MD5

d6a4aacf3e4ff514318b82c7d8ccef98
SHA1

65332a72edbccac48de27d1c8f2e73ccfaf88085
SHA256

5cdb9c207ee596235c10d2d0544a2475528cd87fb36b2d31c0c06196c5b69002
SHA512

8968aa44a246bc05b7ae27b24f0e9116dc420509c227667a0f1bc626b5cbd2f9048ae3e7d37fc2c6e8b6e3135ae6a572ca2ea1f5afa8fb0f1e3972260ffeb865
SSDEEP

24576:rhpntuOW1sNtEemi9wj21XiL+o1ZxqyOOd2ODCWw64DSJJkKpWJ3G+EnIAgo:rvtO1W4iWjT9BqyOTOmSJJFpWFG+Enco

Score

N/A

Malware Config

Signatures

Files

d49997877451b110adc8e09d9c04c2b6.bin
.zip

Password: infected
bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708.exe
.exe windows x86

Password: infected

46f2e276c634d5362ea91b37e3398f9e

Code Sign

dd:57:5f:84:af:be:e7:7c
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

12-04-2022 02:48

Not After

12-04-2023 02:48

Subject

CN=devlearn.com

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:c4:17:c6:d5:70:18:d7:9e:84:27:2f:fe:3d:74:ad:f3:74:9a:e8:c5:4f:7c:23:f9:27:b3:0a:b4:17:bf:85
Signer

Actual PE Digest

7a:c4:17:c6:d5:70:18:d7:9e:84:27:2f:fe:3d:74:ad:f3:74:9a:e8:c5:4f:7c:23:f9:27:b3:0a:b4:17:bf:85

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=devlearn.com

25-10-2022 23:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
SetConsoleTitleW
GetLastError
Sleep
VirtualAlloc
ResetWriteWatch
ResetEvent
HeapDestroy
ZombifyActCtx
SetTapeParameters
SwitchToThread
DeleteFileW
SetThreadLocale
AcquireSRWLockShared
FreeLibrary
CloseHandle
GetCommState
GetConsoleTitleW
SetConsoleActiveScreenBuffer
FindClose
GetErrorMode
GetPrivateProfileIntW
GlobalAddAtomW
GetProcessHandleCount
GetLocalTime
CancelWaitableTimer
CreateWaitableTimerW
TlsGetValue
FreeResource
SizeofResource
LockResource
LoadResource
LockFile
LocalUnlock
HeapWalk
GetLongPathNameW
CompareFileTime
QueryPerformanceFrequency
GetProcessHeap
SetEndOfFile
WriteConsoleW
GlobalDeleteAtom
GetProcAddress
LoadLibraryW
GetConsoleAliasesLengthW
LocalAlloc
HeapReAlloc
HeapAlloc
GetModuleHandleW
ExitProcess
GetStartupInfoW
GetModuleHandleA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ReadFile
DeleteCriticalSection
HeapCreate
VirtualFree
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
RaiseException
HeapSize
GetLocaleInfoA
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP

user32

ReleaseDC
GetSysColor
GetSysColorBrush
CloseClipboard
GetDC

gdi32

GetPixel
DeleteObject

comdlg32

PrintDlgW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

46f2e276c634d5362ea91b37e3398f9e

Code Sign

dd:57:5f:84:af:be:e7:7cCertificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

7a:c4:17:c6:d5:70:18:d7:9e:84:27:2f:fe:3d:74:ad:f3:74:9a:e8:c5:4f:7c:23:f9:27:b3:0a:b4:17:bf:85Signer

Signature Validations

Verification

25-10-2022 23:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 145KB - Virtual size: 144KB

dd:57:5f:84:af:be:e7:7c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

7a:c4:17:c6:d5:70:18:d7:9e:84:27:2f:fe:3d:74:ad:f3:74:9a:e8:c5:4f:7c:23:f9:27:b3:0a:b4:17:bf:85
Signer

25-10-2022 23:15
Valid: false

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 145KB - Virtual size: 144KB