94a6093a131c6a9aac502bb5314fd1a9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

94a6093a131c6a9aac502bb5314fd1a9.bin
Size

1.3MB
MD5

16f1ef7887cbc6b90799d6fff5eb55ef
SHA1

803181d7b41dc2b286b7052b5417275803ae50c5
SHA256

7a16a743512e992ddcd7e0cf97460c2d13b4c69b0f7c3732076eb3b64d72ca39
SHA512

ab7f831b71e098975182968c17e4e078fb946241ec8456e09cc27bae0b1a1ab72af17fd0890e0c1294129550f6dd4190d56800257fb6aa31025eb439ae94fa58
SSDEEP

24576:zaHV2VHvO7JDQ/so1EPj/NL99vR7XMTKrbRw1aSxGdWBTO9eWNF7t/IF9r1TaWM:G1miJDEsFj/V99vRrfbRO/+LxE9r1OWM

Score

1^/10

Malware Config

Signatures

Files

94a6093a131c6a9aac502bb5314fd1a9.bin
.zip

Password: infected
dc999c9387fdf2312df82d98d0efdab722010a333b6bce2250b3433ba98d8469.exe
.exe windows x86

Password: infected

935778709500381f823bab6e7acae23f

Code Sign

05:90:20:b5:e9:62:69:df:b8:95:37:30:6a:6a:73:fe
Certificate

Issuer

CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/12/2022, 00:00

Not After

28/12/2023, 23:59

Subject

CN=www.flex.com,O=Flex,ST=California,C=US

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f3:df:20:8f:e8:3e:33:f5:98:b8:f4:15:6b:8c:7a:ef:90:05:05:15:b6:fc:96:0d:1f:9c:0d:16:4b:7d:6f:9e
Signer

Actual PE Digest

f3:df:20:8f:e8:3e:33:f5:98:b8:f4:15:6b:8c:7a:ef:90:05:05:15:b6:fc:96:0d:1f:9c:0d:16:4b:7d:6f:9e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.flex.com,O=Flex,ST=California,C=US

09/02/2023, 19:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
LoadLibraryW
Sleep
GetLastError
SetLastError
GetProcAddress
EnumSystemLocalesW
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetModuleFileNameW
GetModuleHandleExW
HeapValidate
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ExitProcess
MultiByteToWideChar
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetModuleFileNameA
HeapAlloc
RtlUnwind
WideCharToMultiByte
GetStringTypeW
LCMapStringEx
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetStdHandle
RaiseException
CloseHandle
CreateFileW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

935778709500381f823bab6e7acae23f

Code Sign

05:90:20:b5:e9:62:69:df:b8:95:37:30:6a:6a:73:feCertificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

f3:df:20:8f:e8:3e:33:f5:98:b8:f4:15:6b:8c:7a:ef:90:05:05:15:b6:fc:96:0d:1f:9c:0d:16:4b:7d:6f:9eSigner

Signature Validations

Verification

09/02/2023, 19:25 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 27KB - Virtual size: 27KB

05:90:20:b5:e9:62:69:df:b8:95:37:30:6a:6a:73:fe
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

f3:df:20:8f:e8:3e:33:f5:98:b8:f4:15:6b:8c:7a:ef:90:05:05:15:b6:fc:96:0d:1f:9c:0d:16:4b:7d:6f:9e
Signer

09/02/2023, 19:25
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 27KB - Virtual size: 27KB