Static task
static1
Behavioral task
behavioral1
Sample
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe
Resource
win10v2004-20221111-en
General
-
Target
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
-
Size
2.0MB
-
MD5
9f6db8aa43ccb18c8252f57b5b0268cf
-
SHA1
01c573bede38b1aa8941399c8f9dc9a98ef875b0
-
SHA256
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
-
SHA512
30f86c857a0028739ef45ea68bf2af6e4cad9e8910e7fec3ad527bf70b3aab504575298643c2092cfb2038cb7237759c45265750af7d83332bdd5edddbfc8d4d
-
SSDEEP
24576:NTGaRYQw6hNNpH05r8tLYXFkHMpg4JW1xXeMWrJPQTnKapyODtimr:N/TkLkeg4w/XYP0nrftiw
Malware Config
Signatures
Files
-
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
39:ae:7f:ce:86:a3:e8:b8:4c:e2:9a:16:9f:17:0d:c0Certificate
IssuerCN=Booking.com SoftwareNot Before20-02-2021 13:29Not After21-02-2031 13:29SubjectCN=Booking.com Software8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before23-10-2020 00:00Not After22-01-2032 23:59SubjectCN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6d:4f:c8:52:28:7f:58:62:28:8d:ba:2a:63:af:d7:e2:05:e7:bd:17:5f:d1:57:c4:da:eb:57:ef:ff:30:09:5cSigner
Actual PE Digest6d:4f:c8:52:28:7f:58:62:28:8d:ba:2a:63:af:d7:e2:05:e7:bd:17:5f:d1:57:c4:da:eb:57:ef:ff:30:09:5cDigest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Booking.com Software20-01-2023 16:00 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 200KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ