f0dc1c309bb1ca513d363aa09157f378[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f0dc1c309bb1ca513d363aa09157f378.bin
Size

5.9MB
MD5

86ac0fb3d00a8eb65b70aff2c6533161
SHA1

063cf5d6e576eebba14c1f147c8457971a75d90a
SHA256

325c5fbdb9f772839aa2187b2e93fc32660bef5781edddac13ab40b5c4212422
SHA512

0bd0286b38bb89463856a0c08309f2a8d660cc8f04a79f77ba43d0649e75c2b6736512047847876a4fa35a8f55c6a641568bf3b985999df5c88ee0e5ad1976a4
SSDEEP

98304:Uvc5KzJ3hUPcw97dRmmEmEqAAOPdI2y/Rqp8XTFVg5LhLXFVlQ2bYp1b0vWj15fd:UFdGPc0BRmmEmVA5PdpYRzqLtPlQGYpB

Score

1^/10

Malware Config

Signatures

Files

f0dc1c309bb1ca513d363aa09157f378.bin
.zip

Password: infected
7afa02cbe1abf639ae0913e5175e8a47d0428e63020dee38305344d88e7d09a6.exe
.exe windows x86

Password: infected

496fff7f26eb25a135e9d530fa8ef62e

Code Sign

41:d3:49:3f:d5:3d:90:9f:4f:46:8f:3e:b5:4a:c8:83
Certificate

Issuer

CN=MSI Pulse GL79 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9S7-17L314-088)

Not Before

18/04/2023, 15:35

Not After

19/04/2033, 15:35

Subject

CN=MSI Pulse GL79 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9S7-17L314-088)

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:67:96:ee:ec:1a:5d:7b:94:0c:b1:14:41:40:3c:c0:f9:31:73:78:2a:bb:af:10:c6:a0:23:b2:44:a7:a4:01
Signer

Actual PE Digest

8a:67:96:ee:ec:1a:5d:7b:94:0c:b1:14:41:40:3c:c0:f9:31:73:78:2a:bb:af:10:c6:a0:23:b2:44:a7:a4:01

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MSI Pulse GL79 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9S7-17L314-088)

21/04/2023, 00:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

shell32

SHGetFolderPathA

crypt32

CryptUnprotectData

gdiplus

GdipGetImageEncodersSize

setupapi

SetupDiGetDeviceInterfaceDetailA

Sections

.MPRESS1
Size: 5.7MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 731KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

496fff7f26eb25a135e9d530fa8ef62e

Code Sign

41:d3:49:3f:d5:3d:90:9f:4f:46:8f:3e:b5:4a:c8:83Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8a:67:96:ee:ec:1a:5d:7b:94:0c:b1:14:41:40:3c:c0:f9:31:73:78:2a:bb:af:10:c6:a0:23:b2:44:a7:a4:01Signer

Signature Validations

Verification

21/04/2023, 00:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

crypt32

gdiplus

setupapi

Sections

.MPRESS1 Size: 5.7MB - Virtual size: 16.2MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 731KB - Virtual size: 731KB

41:d3:49:3f:d5:3d:90:9f:4f:46:8f:3e:b5:4a:c8:83
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8a:67:96:ee:ec:1a:5d:7b:94:0c:b1:14:41:40:3c:c0:f9:31:73:78:2a:bb:af:10:c6:a0:23:b2:44:a7:a4:01
Signer

21/04/2023, 00:31
Valid: false

.MPRESS1
Size: 5.7MB - Virtual size: 16.2MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 731KB - Virtual size: 731KB