9180536763[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9180536763.zip
Size

656KB
MD5

0616ce5628c0d9dbff2e615370f84386
SHA1

3afd7c522e27518a6e52555a2ee82512a7457e07
SHA256

27e193df41edc6092af792356e8433cd0a370b03b925bec34c1c74f6d8385378
SHA512

2dc0f9168f462c2d3a23bee1abe8b6af0619dc8a1c875a0b17519e73600ce74077be0dd252f796e6829fce232b4aab94c55baba15347d18232cf5b0b09e9ee6f
SSDEEP

12288:Vv9cuSdNVr6rBhGsd7Ml4Ew1hSuEYDNsvACJEk7jB+ZjdoJP2bVE42Jc/y/w+O0A:VJ2VriGsJj19ErEcB+nopdJcj7c30pN

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/ece71f334410bd59eb78927e8877237ea3cec84153b856e14bc48ad52ce34035	aspack_v212_v242

Files

9180536763.zip
.zip

Password: infected
ece71f334410bd59eb78927e8877237ea3cec84153b856e14bc48ad52ce34035
.exe windows x86

Password: infected

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:1b:1a:d8:bb:c6:84:dd:51:c9:25:e3:4d:e2:55:9c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22-06-2021 00:00

Not After

22-06-2023 23:59

Subject

CN=BlueCloud Network,O=BlueCloud Network,L=Haymarket,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:1b:1a:d8:bb:c6:84:dd:51:c9:25:e3:4d:e2:55:9c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22-06-2021 00:00

Not After

22-06-2023 23:59

Subject

CN=BlueCloud Network,O=BlueCloud Network,L=Haymarket,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:58:b3:a4:59:d5:48:c9:a6:c3:e8:3e:4d:d4:b0:fe:9a:1a:33:33:cc:61:c2:de:7b:81:b9:67:f1:17:e5:97
Signer

Actual PE Digest

d7:58:b3:a4:59:d5:48:c9:a6:c3:e8:3e:4d:d4:b0:fe:9a:1a:33:33:cc:61:c2:de:7b:81:b9:67:f1:17:e5:97

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=BlueCloud Network,O=BlueCloud Network,L=Haymarket,ST=New South Wales,C=AU

07-02-2023 20:52
Valid: true

Chain 1

CN=BlueCloud Network,O=BlueCloud Network,L=Haymarket,ST=New South Wales,C=AU

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

58:3d:3b:eb:d7:aa:5b:1f:90:44:70:1d:e5:3f:2e:c1:8b:81:3a:b0
Signer

Actual PE Digest

58:3d:3b:eb:d7:aa:5b:1f:90:44:70:1d:e5:3f:2e:c1:8b:81:3a:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=BlueCloud Network,O=BlueCloud Network,L=Haymarket,ST=New South Wales,C=AU

04-06-2022 16:33
Valid: true

Chain 1

CN=BlueCloud Network,O=BlueCloud Network,L=Haymarket,ST=New South Wales,C=AU

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 324KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 147KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UsbEAm
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

34:1b:1a:d8:bb:c6:84:dd:51:c9:25:e3:4d:e2:55:9cCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

34:1b:1a:d8:bb:c6:84:dd:51:c9:25:e3:4d:e2:55:9cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

d7:58:b3:a4:59:d5:48:c9:a6:c3:e8:3e:4d:d4:b0:fe:9a:1a:33:33:cc:61:c2:de:7b:81:b9:67:f1:17:e5:97Signer

Signature Validations

Verification

07-02-2023 20:52 Valid: true

Chain 1

58:3d:3b:eb:d7:aa:5b:1f:90:44:70:1d:e5:3f:2e:c1:8b:81:3a:b0Signer

Signature Validations

Verification

04-06-2022 16:33 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 324KB - Virtual size: 792KB

.rdata Size: 120KB - Virtual size: 320KB

.data Size: 147KB - Virtual size: 420KB

.rsrc Size: 1KB - Virtual size: 48KB

.reloc Size: 25KB - Virtual size: 88KB

.UsbEAm Size: 48KB - Virtual size: 52KB

.adata Size: - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

34:1b:1a:d8:bb:c6:84:dd:51:c9:25:e3:4d:e2:55:9c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

34:1b:1a:d8:bb:c6:84:dd:51:c9:25:e3:4d:e2:55:9c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

d7:58:b3:a4:59:d5:48:c9:a6:c3:e8:3e:4d:d4:b0:fe:9a:1a:33:33:cc:61:c2:de:7b:81:b9:67:f1:17:e5:97
Signer

07-02-2023 20:52
Valid: true

58:3d:3b:eb:d7:aa:5b:1f:90:44:70:1d:e5:3f:2e:c1:8b:81:3a:b0
Signer

04-06-2022 16:33
Valid: true

.text
Size: 324KB - Virtual size: 792KB

.rdata
Size: 120KB - Virtual size: 320KB

.data
Size: 147KB - Virtual size: 420KB

.rsrc
Size: 1KB - Virtual size: 48KB

.reloc
Size: 25KB - Virtual size: 88KB

.UsbEAm
Size: 48KB - Virtual size: 52KB

.adata
Size: - Virtual size: 4KB