General

Malware Config

Signatures

Files

• b4266e0e77db85dca5049f660e922be9.bin

  .zip

  Password: infected

• bb4b88da25e06b8daf7cd814f772849f0e28a1c8eba92b67477a31bce5636309.exe

  .exe windows x86

  
  

  Code Sign

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  aa:b0:e5:90:6a:fe:ad:7b:95:69:37:97:4d:80:16:ef

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  18-08-2020 00:00

  Not After

  18-08-2022 23:59

  Subject

  CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1f:7a:f4:f5:6d:1d:87:a1:71:73:b9:eb:60:41:14:56:23:7d:da:16:b6:f6:f1:d5:24:94:b3:6b:98:b8:96:de

  Signer

  Actual PE Digest

  1f:7a:f4:f5:6d:1d:87:a1:71:73:b9:eb:60:41:14:56:23:7d:da:16:b6:f6:f1:d5:24:94:b3:6b:98:b8:96:de

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

  06-02-2022 15:38

  Valid: true

  Chain 1

  CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Chain 2

  CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  UPX0

  Size: - Virtual size: 20.1MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 15.4MB - Virtual size: 15.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE