General

Malware Config

Signatures

Files

• 2a9e7c533ef29c4c39ee61f7154d18c6

  .exe windows x64

  
  

  Code Sign

  42:e9:46:e2:cc:3c:ab:88:42:28:03:7f:41:e2:fa:65

  Certificate

  Issuer

  CN=HDD`WOW Toshiba SATA-III 12Tb HDWG460EZSTA N300 (7200rpm) 6568`Mb 1.5 Rtl

  Not Before

  19-02-2023 13:56

  Not After

  20-02-2033 13:56

  Subject

  CN=HDD`WOW Toshiba SATA-III 12Tb HDWG460EZSTA N300 (7200rpm) 6568`Mb 1.5 Rtl

  90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  11-05-2022 00:00

  Not After

  10-08-2033 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  f4:d6:4b:d8:02:24:53:ae:b7:46:ab:69:6a:3e:b8:3a:c7:c9:97:35:47:c2:3f:22:28:7d:ab:15:07:d5:70:0d

  Signer

  Actual PE Digest

  f4:d6:4b:d8:02:24:53:ae:b7:46:ab:69:6a:3e:b8:3a:c7:c9:97:35:47:c2:3f:22:28:7d:ab:15:07:d5:70:0d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=HDD`WOW Toshiba SATA-III 12Tb HDWG460EZSTA N300 (7200rpm) 6568`Mb 1.5 Rtl

  16-03-2023 15:36

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Sections

  Size: 646KB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 592KB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 74KB - Virtual size: 626KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_MEM_READ

  Size: 655KB - Virtual size: 1011KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 8KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 237KB - Virtual size: 236KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .themida

  Size: 2.7MB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE