General

Malware Config

Signatures

Files

• BNGatewayEditor.zip

  .zip
• BNGatewayEditor.exe

  .exe windows x86

  
  

  Code Sign

  4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3

  Certificate

  Issuer

  OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

  Not Before

  12-05-1997 00:00

  Not After

  07-01-2004 23:59

  Subject

  OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

  24:e1:bd:38:4a:95:29:f8

  Certificate

  Issuer

  CN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CN

  Not Before

  12-05-2001 08:40

  Not After

  05-05-2031 08:40

  Subject

  CN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CN

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:35:d7:89:76:9c:3c:c8

  Certificate

  Issuer

  CN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CN

  Not Before

  21-06-2002 04:50

  Not After

  21-06-2003 04:50

  Subject

  CN=Soar Chin,OU=Quixotic Yawl Studio,O=Quixotic Yawl Studio,L=上海,ST=上海市,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  KeyUsageKeyEncipherment

  KeyUsageDataEncipherment

  08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d

  Certificate

  Issuer

  OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

  Not Before

  28-02-2001 00:00

  Not After

  06-01-2004 23:59

  Subject

  CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  4e:60:5a:68:fa:57:b0:76:31:1f:3c:13:b9:bb:bc:b5:8f:4e:68:e9

  Signer

  Actual PE Digest

  4e:60:5a:68:fa:57:b0:76:31:1f:3c:13:b9:bb:bc:b5:8f:4e:68:e9

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Soar Chin,OU=Quixotic Yawl Studio,O=Quixotic Yawl Studio,L=上海,ST=上海市,C=CN

  16-03-2023 15:40

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  UPX0

  Size: - Virtual size: 368KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 208KB - Virtual size: 208KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• icyHell.net.URL

  .url