b4266e0e77db85dca5049f660e922be9[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

b4266e0e77db85dca5049f660e922be9.bin
Size

16.5MB
MD5

bb72ea83eee0da876cf7172a2e9589cb
SHA1

1d72c6322fb167584f86719d1c9fb47995073ddd
SHA256

f0108ae93c3ee3cf31cc34e08b27b1824e3a65d141ae50f12b5b41ee6e9fdb6b
SHA512

086809b6ea7dd42412ffaada0e7bb2b3d4f0fd261d5fc06e40afd96c2833a0878a9abae2e3ed4a54744928fba791b328794dd4cf4e38907d1a104a897fc92e24
SSDEEP

393216:ssGfG0iZljNd7aijIVHL2tzv4nv/j2pAz2BpKwiYlrN9fT:cdiZdNd794Lmv4/aprNZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bb4b88da25e06b8daf7cd814f772849f0e28a1c8eba92b67477a31bce5636309.exe	upx

Files

b4266e0e77db85dca5049f660e922be9.bin
.zip

Password: infected
bb4b88da25e06b8daf7cd814f772849f0e28a1c8eba92b67477a31bce5636309.exe
.exe windows x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:b0:e5:90:6a:fe:ad:7b:95:69:37:97:4d:80:16:ef
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18-08-2020 00:00

Not After

18-08-2022 23:59

Subject

CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:7a:f4:f5:6d:1d:87:a1:71:73:b9:eb:60:41:14:56:23:7d:da:16:b6:f6:f1:d5:24:94:b3:6b:98:b8:96:de
Signer

Actual PE Digest

1f:7a:f4:f5:6d:1d:87:a1:71:73:b9:eb:60:41:14:56:23:7d:da:16:b6:f6:f1:d5:24:94:b3:6b:98:b8:96:de

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

06-02-2022 15:38
Valid: true

Chain 1

CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Remote Utilities LLC,O=Remote Utilities LLC,POSTALCODE=119331,STREET=d. 29 E 12 pom. I K 5 RM 5\, prospekt Vernadskogo,L=Moscow,ST=Moskovskaya oblast,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 20.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.4MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

aa:b0:e5:90:6a:fe:ad:7b:95:69:37:97:4d:80:16:efCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

1f:7a:f4:f5:6d:1d:87:a1:71:73:b9:eb:60:41:14:56:23:7d:da:16:b6:f6:f1:d5:24:94:b3:6b:98:b8:96:deSigner

Signature Validations

Verification

06-02-2022 15:38 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 20.1MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 15.4MB - Virtual size: 15.4MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

aa:b0:e5:90:6a:fe:ad:7b:95:69:37:97:4d:80:16:ef
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

1f:7a:f4:f5:6d:1d:87:a1:71:73:b9:eb:60:41:14:56:23:7d:da:16:b6:f6:f1:d5:24:94:b3:6b:98:b8:96:de
Signer

06-02-2022 15:38
Valid: true

UPX0
Size: - Virtual size: 20.1MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 15.4MB - Virtual size: 15.4MB