322d6bc5cd3eb2c063e925fc6ebf9568[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

322d6bc5cd3eb2c063e925fc6ebf9568.bin
Size

104KB
MD5

96d3c41ac8beeadfaca5db3efea88408
SHA1

d8c667230109eea8fd26da34f769757bafb02130
SHA256

ddbcbf7cae3af36b08f4fb0e44fd9d50de110418ea1d1ef36fe33620f1084d84
SHA512

fa9476179d86df7aa8a17b1d820ab778b7eca98615745cdebeebde5af73f8407f2fe0adc552aa5c807f5eb3327faa5df00aa477f7a7d5d75a7393816f3b1cb70
SSDEEP

3072:3H+W1BIdnJj1JVDI9jDEsMEqE7aaNNddwIZK:3e6q1bEmsM47zDddwaK

Score

1^/10

Malware Config

Signatures

Files

322d6bc5cd3eb2c063e925fc6ebf9568.bin
.zip

Password: infected
9639c51b88a109291ae958aa454154a7972dfaf863d3adae546a8043ce480377.exe
.exe windows x64

Password: infected

4fb1914d5ddbbd80791f2f249cf92e7a

Code Sign

4b:5f:e3:40:10:84:d6:e7:d2:a9:fc:6d:ba:a9:44:69:40:20:79:f0
Certificate

Issuer

CN=TMKB Software

Not Before

24/03/2023, 16:29

Not After

21/03/2033, 16:29

Subject

CN=TMKB Software

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:f2:45:95:61:93:ca:4b:a5:ac:46:b8:eb:0e:a8:40:a9:be:a1:ac
Signer

Actual PE Digest

43:f2:45:95:61:93:ca:4b:a5:ac:46:b8:eb:0e:a8:40:a9:be:a1:ac

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TMKB Software

23/03/2023, 16:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_seh-1

_Unwind_Resume

kernel32

CreateDirectoryW
DeleteCriticalSection
EnterCriticalSection
FreeConsole
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
OpenProcess
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chdir
_fmode
_getcwd
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
getenv
malloc
memcpy
signal
strlen
strncmp
system
towlower
vfprintf
wcslen

user32

EnumDisplayDevicesA

libstdc++-6

_ZNKSt25__codecvt_utf8_utf16_baseIwE10do_unshiftERiPcS2_RS2_
_ZNKSt25__codecvt_utf8_utf16_baseIwE11do_encodingEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE13do_max_lengthEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE16do_always_noconvEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIwE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIwE9do_lengthERiPKcS3_y
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4findEPKwyy
_ZNSt25__codecvt_utf8_utf16_baseIwED2Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_replaceEyyPKwy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEyw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERyy
_ZNSt7codecvtIwciEC2Ey
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_range_errorPKc
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt4endlIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_
_ZSt5wcout
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_PKc
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZdlPv
_ZdlPvy
_Znwy
__gxx_personality_seh0

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4fb1914d5ddbbd80791f2f249cf92e7a

Code Sign

4b:5f:e3:40:10:84:d6:e7:d2:a9:fc:6d:ba:a9:44:69:40:20:79:f0Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

43:f2:45:95:61:93:ca:4b:a5:ac:46:b8:eb:0e:a8:40:a9:be:a1:acSigner

Signature Validations

Verification

23/03/2023, 16:05 Valid: false

Headers

File Characteristics

Imports

libgcc_s_seh-1

kernel32

msvcrt

user32

libstdc++-6

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 208B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 708B

.xdata Size: 1024B - Virtual size: 684B

.bss Size: - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 140KB - Virtual size: 139KB

/4 Size: 512B - Virtual size: 80B

/19 Size: 8KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 329B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 155B

4b:5f:e3:40:10:84:d6:e7:d2:a9:fc:6d:ba:a9:44:69:40:20:79:f0
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

43:f2:45:95:61:93:ca:4b:a5:ac:46:b8:eb:0e:a8:40:a9:be:a1:ac
Signer

23/03/2023, 16:05
Valid: false

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 208B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 708B

.xdata
Size: 1024B - Virtual size: 684B

.bss
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 140KB - Virtual size: 139KB

/4
Size: 512B - Virtual size: 80B

/19
Size: 8KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 329B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 155B