AC GUI v3[.]zip[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

AC GUI v3.zip.7z
Size

2.4MB
MD5

96d5c8edd164d2ecf779a7de738ead78
SHA1

f27887320626066918cb121315c4a72b5308319f
SHA256

f959fa5a41c043d87611c47417e8b710a5f9eaa14e73c5fb878ae125fd2d153f
SHA512

c3cfb36f3980bf60051f9c22127fbaefdd67197d72c71c525375ae47ae4c85a544cf749b74a4312f5f339339f2dfd4c0f1d4974a51225a7c05af5d49fbebe67d
SSDEEP

49152:Oq7w3FYTZuy3dUBInnNKzyn7oC9+894Vi1zodx+UHHuDEyeoKdCmSWcpRSwm:Oq7wVY42dUMnNKS7tM894ViiqgyNKdd2

Score

1^/10

Malware Config

Signatures

Files

AC GUI v3.zip.7z
.7z

Password: infected
AC GUI v3.zip
.zip
AC GUI v3.exe
.exe .ps1 windows x86
AC GUI v3.exe.config
.xml
AC GUI v3.pdb
Microsoft.PowerShell.ConsoleHost.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Management.Automation.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:45

Not After

11/05/2023, 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:da:2b:c0:dd:17:cd:b6:5b:9b:9a:94:3e:ef:7e:f0:11:09:39:04:dc:24:74:56:81:66:b4:ad:e9:68:99:ae
Signer

Actual PE Digest

5c:da:2b:c0:dd:17:cd:b6:5b:9b:9a:94:3e:ef:7e:f0:11:09:39:04:dc:24:74:56:81:66:b4:ad:e9:68:99:ae

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07/02/2023, 20:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 166KB - Virtual size: 166KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cbCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

5c:da:2b:c0:dd:17:cd:b6:5b:9b:9a:94:3e:ef:7e:f0:11:09:39:04:dc:24:74:56:81:66:b4:ad:e9:68:99:aeSigner

Signature Validations

Verification

07/02/2023, 20:39 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rsrc Size: 928KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 166KB - Virtual size: 166KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5c:da:2b:c0:dd:17:cd:b6:5b:9b:9a:94:3e:ef:7e:f0:11:09:39:04:dc:24:74:56:81:66:b4:ad:e9:68:99:ae
Signer

07/02/2023, 20:39
Valid: false

.text
Size: 6.1MB - Virtual size: 6.1MB

.rsrc
Size: 928KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 12B