Forger Utility-42-2-10-0-1606267233[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Forger Utility-42-2-10-0-1606267233.zip
Size

759KB
MD5

7ad752abcb28e4761a85aa74d83f65e9
SHA1

f0ceaa88adb2da9605bf9f6947c0172e7b01713b
SHA256

bea10a1564a8fea7ecfa877f68d9b3f9d8059220e559ca1103d9bedd1ff95c32
SHA512

51bec374d5eabff7cd5edc2d989c33deb94043780ff0e115871ef6e04899cf42a6826ec6852a76218baac354bed2a2371b98a6f3500c9d7ee21a91269a0d8fa6
SSDEEP

12288:GjOIVIvli/pQf+2bkGpixHcAi6oWw97ngqwXwuwKJZUklMcUt9VsMNobO4d3WJIf:sOIVIv0twkHxHcH6oXrzwXwtuUzj9yMQ

Score

1^/10

Malware Config

Signatures

Files

Forger Utility-42-2-10-0-1606267233.zip
.zip
Forger.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1
Signer

Actual PE Digest

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

22/04/2019, 01:06
Valid: true

Chain 1

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oo2core_7_win64.dll
.dll windows x64

0ebd80e4346a04c764266e0237b94619

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:de:b5:e6:9e:e9:32:c2:7a:38:24:9a:55:be:88:63
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

04/07/2019, 00:00

Not After

14/07/2022, 23:59

Subject

CN=UBISOFT ENTERTAINMENT INC.,O=UBISOFT ENTERTAINMENT INC.,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:1d:fc:f6:35:76:ea:4c:74:9c:8b:38:56:73:b7:98:55:46:06:a6:51:28:34:11:35:47:ea:ef:2d:54:fb:76
Signer

Actual PE Digest

6d:1d:fc:f6:35:76:ea:4c:74:9c:8b:38:56:73:b7:98:55:46:06:a6:51:28:34:11:35:47:ea:ef:2d:54:fb:76

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=UBISOFT ENTERTAINMENT INC.,O=UBISOFT ENTERTAINMENT INC.,L=Montreal,ST=Quebec,C=CA

18/09/2019, 16:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
HeapAlloc
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
RtlPcToFileHeader
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
GetStringTypeW
LCMapStringW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Exports

Exports

OodleCore_Plugin_DisplayAssertion_Default
OodleCore_Plugin_Free_Default
OodleCore_Plugin_MallocAligned_Default
OodleCore_Plugin_Printf_Default
OodleCore_Plugin_Printf_Verbose
OodleCore_Plugins_SetAllocators
OodleCore_Plugins_SetAssertion
OodleCore_Plugins_SetPrintf
OodleKraken_Decode_Headerless
OodleLZDecoder_Create
OodleLZDecoder_DecodeSome
OodleLZDecoder_Destroy
OodleLZDecoder_MakeValidCircularWindowSize
OodleLZDecoder_MemorySizeNeeded
OodleLZDecoder_Reset
OodleLZ_CheckSeekTableCRCs
OodleLZ_Compress
OodleLZ_CompressContext_Alloc
OodleLZ_CompressContext_Free
OodleLZ_CompressContext_Reset
OodleLZ_CompressOptions_GetDefault
OodleLZ_CompressOptions_Validate
OodleLZ_CompressWithContext
OodleLZ_CompressionLevel_GetName
OodleLZ_Compressor_GetName
OodleLZ_CreateSeekTable
OodleLZ_Decompress
OodleLZ_FillSeekTable
OodleLZ_FindSeekEntry
OodleLZ_FreeSeekTable
OodleLZ_GetChunkCompressor
OodleLZ_GetCompressedBufferSizeNeeded
OodleLZ_GetCompressedStepForRawStep
OodleLZ_GetDecodeBufferSize
OodleLZ_GetInPlaceDecodeBufferSize
OodleLZ_GetNumSeekChunks
OodleLZ_GetSeekEntryPackedPos
OodleLZ_GetSeekTableMemorySizeNeeded
OodleLZ_GetZipLikeCompressionSettings
OodleLZ_MakeSeekChunkLen
OodleLZ_ThreadPhased_BlockDecoderMemorySizeNeeded
Oodle_CheckVersion
Oodle_GetConfigValues
Oodle_LogHeader
Oodle_SetConfigValues
Oodle_SetUsageWarnings

Sections

.text
Size: 815KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 214KB - Virtual size: 213KB

.rsrc Size: 144KB - Virtual size: 144KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate

Extended Key Usages

Key Usages

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7eCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1Signer

Signature Validations

Verification

22/04/2019, 01:06 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 649KB - Virtual size: 649KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0ebd80e4346a04c764266e0237b94619

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

21:de:b5:e6:9e:e9:32:c2:7a:38:24:9a:55:be:88:63Certificate

Extended Key Usages

Key Usages

6d:1d:fc:f6:35:76:ea:4c:74:9c:8b:38:56:73:b7:98:55:46:06:a6:51:28:34:11:35:47:ea:ef:2d:54:fb:76Signer

Signature Validations

Verification

18/09/2019, 16:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 815KB - Virtual size: 814KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 18KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 214KB - Virtual size: 213KB

.rsrc
Size: 144KB - Virtual size: 144KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1
Signer

22/04/2019, 01:06
Valid: true

.text
Size: 649KB - Virtual size: 649KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

21:de:b5:e6:9e:e9:32:c2:7a:38:24:9a:55:be:88:63
Certificate

6d:1d:fc:f6:35:76:ea:4c:74:9c:8b:38:56:73:b7:98:55:46:06:a6:51:28:34:11:35:47:ea:ef:2d:54:fb:76
Signer

18/09/2019, 16:08
Valid: false

.text
Size: 815KB - Virtual size: 814KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 18KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 1KB