GEPMALWARESAMPLE[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

GEPMALWARESAMPLE.rar
Size

251KB
MD5

a61795ea8a0d743b04e993bd1db6862e
SHA1

7e3bc5f8b9a36c3b157ae55e3b1393a32bb8019e
SHA256

5c021582ba1d3552e2711052d9ebef8126d7be5394e34b96c680f0eccb373de8
SHA512

a11f89e84b88c0c86fe0ff1e7a20be5fe496fffb4fcf981b7acea8d320f058b80d6a2cbaadb2703c762e742d6d7745c770ef11c7ec94e5a85fea38358935bc1e
SSDEEP

6144:J7ycqvBl2MRUfHEsQG+7WF8BtG08wxrsPbdAgn:Zyl2MRUf5QGFF8Bt74Pbd1

Score

1^/10

Malware Config

Signatures

Files

GEPMALWARESAMPLE.rar
.rar

Password: malware
Gep.exe
.exe windows x86

4ba127fe6eacb6b5853313f4b9c03263

Code Sign

69:d0:c8:ba:19:31:3f:73:bb:36:a5:a8:73:ac:d0:09
Certificate

Issuer

CN=797871756289634253896562428764717967153361673529868625515891451715252584769788918372438574322411216259565529928552691682658776517582536117728595793761

Not Before

17/07/2012, 06:12

Not After

31/12/2039, 23:59

Subject

CN=797871756289634253896562428764717967153361673529868625515891451715252584769788918372438574322411216259565529928552691682658776517582536117728595793761

Extended Key Usages

ExtKeyUsageCodeSigning

36:37:14:f1:d3:24:5a:70:6c:75:17:13:8d:6d:95:cb:a2:8d:22:86
Signer

Actual PE Digest

36:37:14:f1:d3:24:5a:70:6c:75:17:13:8d:6d:95:cb:a2:8d:22:86

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=797871756289634253896562428764717967153361673529868625515891451715252584769788918372438574322411216259565529928552691682658776517582536117728595793761

23/03/2023, 16:11
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
GetModuleHandleA
GetProcAddress
CreateFileW
GetWindowsDirectoryW
VirtualAllocEx

user32

LoadIconA

advapi32

RegOpenKeyW
RegCloseKey

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: malware

4ba127fe6eacb6b5853313f4b9c03263

Code Sign

69:d0:c8:ba:19:31:3f:73:bb:36:a5:a8:73:ac:d0:09Certificate

Extended Key Usages

36:37:14:f1:d3:24:5a:70:6c:75:17:13:8d:6d:95:cb:a2:8d:22:86Signer

Signature Validations

Verification

23/03/2023, 16:11 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 286KB - Virtual size: 285KB

.data Size: 40KB - Virtual size: 40KB

.data2 Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 220B

69:d0:c8:ba:19:31:3f:73:bb:36:a5:a8:73:ac:d0:09
Certificate

36:37:14:f1:d3:24:5a:70:6c:75:17:13:8d:6d:95:cb:a2:8d:22:86
Signer

23/03/2023, 16:11
Valid: false

.text
Size: 286KB - Virtual size: 285KB

.data
Size: 40KB - Virtual size: 40KB

.data2
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 220B