General
-
Target
BNGatewayEditor.zip
-
Size
213KB
-
MD5
bcf4d156bf8fd5ce19a26ac68040d8ee
-
SHA1
6c3cff46f9f5a11784ec3e200e23a9fe079d4917
-
SHA256
aa8eebbe6a4e6227d8c8b8f7f07c8b73506ff4aa6440f261594f2ac00cdad883
-
SHA512
1b45eb13151a52aa5497322ce9da2894303658e197c28d320de15f368c43c2539073c52b77f31971c40f8b431b2fdf68fd2139de0d7e5362e4da6b7e9ea4963c
-
SSDEEP
3072:w+OSMH4kK5k4IfnCo3KB6Fvwc476vhzZU0k1IlJIn0dWABzxLc+GER1gs4P+/ogT:P5re/Co3f6cW6vM0kSlmnwkMi1IbWXC
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/BNGatewayEditor.exe upx
Files
-
BNGatewayEditor.zip.zip
-
BNGatewayEditor.exe.exe windows x86
Code Sign
4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before12-05-1997 00:00Not After07-01-2004 23:59SubjectOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network24:e1:bd:38:4a:95:29:f8Certificate
IssuerCN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CNNot Before12-05-2001 08:40Not After05-05-2031 08:40SubjectCN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CNKey Usages
KeyUsageCertSign
KeyUsageCRLSign
11:35:d7:89:76:9c:3c:c8Certificate
IssuerCN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CNNot Before21-06-2002 04:50Not After21-06-2003 04:50SubjectCN=Soar Chin,OU=Quixotic Yawl Studio,O=Quixotic Yawl Studio,L=上海,ST=上海市,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment
08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before28-02-2001 00:00Not After06-01-2004 23:59SubjectCN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
4e:60:5a:68:fa:57:b0:76:31:1f:3c:13:b9:bb:bc:b5:8f:4e:68:e9Signer
Actual PE Digest4e:60:5a:68:fa:57:b0:76:31:1f:3c:13:b9:bb:bc:b5:8f:4e:68:e9Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Soar Chin,OU=Quixotic Yawl Studio,O=Quixotic Yawl Studio,L=上海,ST=上海市,C=CN16-03-2023 15:40 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 368KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 208KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
icyHell.net.URL.url