MDE_File_Sample_488450fd8ee69eb2cbbb3cdf93d3efc8fee344e0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_488450fd8ee69eb2cbbb3cdf93d3efc8fee344e0.zip
Size

354KB
MD5

b087c03604d5aa3882326aea022781ea
SHA1

1ad543e6a17e23f0bee90201c0aab348e28b75f6
SHA256

f7b1dba45653563dbd719dabc238b93b45fd156d67497dad99f44c58fc08b1aa
SHA512

6cc2210ea942c5f1e5885ce28cb64f7c1ae2f76f7894a7e769a079eaac174487c8b83799b22951483f973734f112b57e52662331ee3b5a59b2b4e8bede97ab5d
SSDEEP

6144:uDaS0g4wCsxBmmGvdRLBEeCnNEOuLwyTdQ6Z9ujmkmdiohdiQOPCExI1epb38c4Y:bSwummGFdWNyOupQs9ujhgFhdOPtEQMI

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_488450fd8ee69eb2cbbb3cdf93d3efc8fee344e0.zip
.zip

Password: Cis0@2023
xSeFIntServ.exe
.exe windows x64

Password: Cis0@2023

dc9ffe24706c5b83801768c8d33f3a45

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:33:57:9a:66:02:06:dc:48:51:f1:8e:18:56:6b:ed
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/10/2022, 00:00

Not After

15/10/2024, 23:59

Subject

SERIALNUMBER=C4201190,CN=xSecuritas\, Inc,O=xSecuritas\, Inc,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:45:f6:f3:4a:4a:81:7f:8e:b4:82:bf:72:b7:41:9f:fa:62:42:35:81:d3:a9:db:7e:7d:f4:ae:9f:49:73:42
Signer

Actual PE Digest

3d:45:f6:f3:4a:4a:81:7f:8e:b4:82:bf:72:b7:41:9f:fa:62:42:35:81:d3:a9:db:7e:7d:f4:ae:9f:49:73:42

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=C4201190,CN=xSecuritas\, Inc,O=xSecuritas\, Inc,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

12/02/2023, 07:42
Valid: true

Chain 1

SERIALNUMBER=C4201190,CN=xSecuritas\, Inc,O=xSecuritas\, Inc,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=C4201190,CN=xSecuritas\, Inc,O=xSecuritas\, Inc,L=Los Angeles,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

advapi32

QueryServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenServiceW
InitializeSecurityDescriptor
StartServiceW
ControlService
SetEntriesInAclW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
SetSecurityDescriptorDacl
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
StartServiceCtrlDispatcherW
RegSetValueExW
DeleteService
RegCreateKeyExW
RegFlushKey
SetServiceStatus
RegDeleteKeyW
RegisterServiceCtrlHandlerExW
DuplicateTokenEx
CreateProcessAsUserW
SetTokenInformation
SetFileSecurityW
RegDeleteValueA
RegSetValueExA
RegEnumKeyW
GetKernelObjectSecurity

kernel32

FreeLibrary
HeapFree
Sleep
HeapAlloc
LocalFree
GetProcessHeap
GetTickCount
CreateDirectoryW
SetLastError
GetCurrentProcess
LocalAlloc
FindNextFileW
ReadFile
CreateFileW
GetModuleFileNameW
CallNamedPipeW
WriteFile
CreateNamedPipeW
WaitForSingleObject
DisconnectNamedPipe
ProcessIdToSessionId
GetPrivateProfileStringW
CreateThread
MoveFileExW
ExitProcess
CreateProcessW
CopyFileW
ConnectNamedPipe
WideCharToMultiByte
CreateMutexW
GetProcAddress
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
WTSGetActiveConsoleSessionId
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
FlushFileBuffers
GetModuleHandleW
GetFileType
RtlUnwind
LoadLibraryW
CloseHandle
Process32FirstW
DeleteFileW
OutputDebugStringW
Process32NextW
GetLastError
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
GetVersionExW
GetFileAttributesW
ReleaseMutex
RaiseException
RtlPcToFileHeader
TerminateProcess
FindClose
SetEndOfFile
WriteConsoleW
GetFileSize
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
EncodePointer
DecodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
DeviceIoControl
SetEvent
CancelIo
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
CreateFileMappingA
ResumeThread
InitializeCriticalSection
VirtualFree
VirtualAlloc
lstrlenW
lstrcpyW
GetVersion
ReadProcessMemory
WriteProcessMemory
VirtualProtectEx
lstrcmpA
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentDirectoryW
VirtualAllocEx
VirtualQueryEx
VirtualFreeEx
VirtualQuery
Thread32Next
OpenThread
Thread32First
VirtualProtect
TerminateThread
SetThreadContext
GetThreadContext
CreateRemoteThread
GetModuleFileNameA
GetModuleHandleA
ExitThread
SetThreadPriority
ReleaseSemaphore
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx

user32

wsprintfW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

psapi

GetModuleFileNameExW

wtsapi32

WTSQueryUserToken

crypt32

CertComparePublicKeyInfo
CertCompareCertificateName
CertOpenStore
CertCompareCertificate
CertGetNameStringW
CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertCreateCertificateContext

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Cis0@2023

Password: Cis0@2023

dc9ffe24706c5b83801768c8d33f3a45

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:33:57:9a:66:02:06:dc:48:51:f1:8e:18:56:6b:edCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

3d:45:f6:f3:4a:4a:81:7f:8e:b4:82:bf:72:b7:41:9f:fa:62:42:35:81:d3:a9:db:7e:7d:f4:ae:9f:49:73:42Signer

Signature Validations

Verification

12/02/2023, 07:42 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

userenv

advapi32

kernel32

user32

shell32

ole32

psapi

wtsapi32

crypt32

Sections

.text Size: 508KB - Virtual size: 508KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 44KB - Virtual size: 58KB

.pdata Size: 25KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:33:57:9a:66:02:06:dc:48:51:f1:8e:18:56:6b:ed
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

3d:45:f6:f3:4a:4a:81:7f:8e:b4:82:bf:72:b7:41:9f:fa:62:42:35:81:d3:a9:db:7e:7d:f4:ae:9f:49:73:42
Signer

12/02/2023, 07:42
Valid: true

.text
Size: 508KB - Virtual size: 508KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 44KB - Virtual size: 58KB

.pdata
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB