YW4BB6TMALWARESAMPLE[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

YW4BB6TMALWARESAMPLE.rar
Size

251KB
MD5

b7bec1fe35e86afc5b00f2b72f684406
SHA1

c875243df43d7a0baababf7488df884acffae2f9
SHA256

f1209bbd5163a03c4543607a1ce2c69548fa6bddc977670fad845fc42216c69f
SHA512

56c158a100dde65ce6127ab6eaa98dfc099abb490bc8b6e8805827606f80039919e77b0d7d1a63bcad7bcef568646328a339fe2d47fbcf4706db1a03509eee20
SSDEEP

6144:/xZTEPeP5tuQxMUey2XungQeBaouf2XkBpUQhM/h:pweHuYMuEQSBXufVpUQhm

Score

1^/10

Malware Config

Signatures

Files

YW4BB6TMALWARESAMPLE.rar
.rar

Password: malware
yW4Bb6T.exe
.exe windows x86

152a7602244177bd67f9ef45c6681ce8

Code Sign

52:92:f2:61:c3:ef:30:8b:48:bb:9f:f8:5f:86:94:2f
Certificate

Issuer

CN=386222113458623367959693848889931317529468745548257838278762683934366286792695734856655298852823799423986948966396455169448888375517645578752339747233

Not Before

16/07/2012, 08:06

Not After

31/12/2039, 23:59

Subject

CN=386222113458623367959693848889931317529468745548257838278762683934366286792695734856655298852823799423986948966396455169448888375517645578752339747233

Extended Key Usages

ExtKeyUsageCodeSigning

f7:14:0d:04:7f:a7:e9:04:09:2e:33:b9:49:c3:b8:1f:eb:7f:1b:04
Signer

Actual PE Digest

f7:14:0d:04:7f:a7:e9:04:09:2e:33:b9:49:c3:b8:1f:eb:7f:1b:04

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=386222113458623367959693848889931317529468745548257838278762683934366286792695734856655298852823799423986948966396455169448888375517645578752339747233

23/03/2023, 16:17
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrcatW
CreateFileW
VirtualAllocEx
GetModuleHandleA
GetProcAddress

user32

LoadIconA

advapi32

RegOpenKeyW
RegCloseKey

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: malware

152a7602244177bd67f9ef45c6681ce8

Code Sign

52:92:f2:61:c3:ef:30:8b:48:bb:9f:f8:5f:86:94:2fCertificate

Extended Key Usages

f7:14:0d:04:7f:a7:e9:04:09:2e:33:b9:49:c3:b8:1f:eb:7f:1b:04Signer

Signature Validations

Verification

23/03/2023, 16:17 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 286KB - Virtual size: 285KB

.data Size: 40KB - Virtual size: 40KB

.reloc Size: 512B - Virtual size: 220B

52:92:f2:61:c3:ef:30:8b:48:bb:9f:f8:5f:86:94:2f
Certificate

f7:14:0d:04:7f:a7:e9:04:09:2e:33:b9:49:c3:b8:1f:eb:7f:1b:04
Signer

23/03/2023, 16:17
Valid: false

.text
Size: 286KB - Virtual size: 285KB

.data
Size: 40KB - Virtual size: 40KB

.reloc
Size: 512B - Virtual size: 220B