0x00020000000231c1-784[.]dat[.]exe[.]malware

Sharing

Copy URL Twitter E-mail

General

Target

0x00020000000231c1-784.dat.exe.malware
Size

1.0MB
MD5

7cab73bde1024943dc370e2f47aff8d8
SHA1

8adc9a37a6494ee568627b6b59102a18905f6e06
SHA256

438e0e66e20c6e2f163e69d7ca05ff7be037e22aef599e4760984661303e4437
SHA512

e44df2d05fd5e9f1945925acd6ade504bf3ee1791bae97aba3f99b6da74376795ad357b667d71420ae7e1ba60425e44ac538deb42068b4695341c7172709f0c7
SSDEEP

24576:BFGQ7I2W0sdMKPAOhJPAOhXnebe+/Apd2BEbFn++4dYB:a29sdMtZSnebe+/AXbFn++5

Score

1^/10

Malware Config

Signatures

Files

0x00020000000231c1-784.dat.exe.malware
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:a2:b8:af:12:30:6f:b3:35:fa:07:8a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 06:04

Not After

04/10/2024, 06:04

Subject

SERIALNUMBER=516382686,CN=STANIS LTD,O=STANIS LTD,STREET=Derech Hashalom\, 53,L=Givatayim,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1161646d696e407374616e69732e74656368,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:55:64:15:85:03:ec:c1:6d:e5:b5:33:24:64:57:21:d6:2a:46:18:fb:1c:93:58:83:e9:18:f5:95:48:6b:09
Signer

Actual PE Digest

bf:55:64:15:85:03:ec:c1:6d:e5:b5:33:24:64:57:21:d6:2a:46:18:fb:1c:93:58:83:e9:18:f5:95:48:6b:09

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=516382686,CN=STANIS LTD,O=STANIS LTD,STREET=Derech Hashalom\, 53,L=Givatayim,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1161646d696e407374616e69732e74656368,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20/04/2023, 10:25
Valid: true

Chain 1

SERIALNUMBER=516382686,CN=STANIS LTD,O=STANIS LTD,STREET=Derech Hashalom\, 53,L=Givatayim,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1161646d696e407374616e69732e74656368,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1001KB - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

6b:a2:b8:af:12:30:6f:b3:35:fa:07:8aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bf:55:64:15:85:03:ec:c1:6d:e5:b5:33:24:64:57:21:d6:2a:46:18:fb:1c:93:58:83:e9:18:f5:95:48:6b:09Signer

Signature Validations

Verification

20/04/2023, 10:25 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1001KB - Virtual size: 1001KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 12B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

6b:a2:b8:af:12:30:6f:b3:35:fa:07:8a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:55:64:15:85:03:ec:c1:6d:e5:b5:33:24:64:57:21:d6:2a:46:18:fb:1c:93:58:83:e9:18:f5:95:48:6b:09
Signer

20/04/2023, 10:25
Valid: true

.text
Size: 1001KB - Virtual size: 1001KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 12B