7825301058d249901380497befc719a2[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

7825301058d249901380497befc719a2.bin
Size

122KB
MD5

4932f87e5395f66d0356ca3d59f2f87a
SHA1

9581915bc79f838d0403715c7abbbd13e35207a9
SHA256

f12cc4a9262d1450e0a9d354c53536682fadb0907761a0a713bd21cc91d5868a
SHA512

9a2c81fcc3848e72dbe5f5e61aaf511c8af574e340b328ee4e0b48c92cfa46766a282d6cf920d5e6de7e59212c3d5294b97fe0e3a7c3b2ecb06ffc9f823ef283
SSDEEP

1536:tKZU3fEynt4fRx7YaX0Vfgpc8DVdvxwKm9QfLkkXQCH+AZTt6BmYwShSZv:sZkEynSffsLgxJjWQz3rH+6R6cYNMv

Score

1^/10

Malware Config

Signatures

Files

7825301058d249901380497befc719a2.bin
.zip

Password: infected
73ecd0a3d8b2472391ad17406e3d29821f9283e6c872067785a4cad263a0ff72.exe
.exe windows x64

Password: infected

071307373db47402e881a4d65e0a19ec

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

03/05/2022, 17:27

Not After

20/05/2024, 17:27

Subject

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:d3:35:fa:b7:b8:fa:82:ab:80:0c:64:dd:f7:ca:d5:b0:47:9e:05
Signer

Actual PE Digest

e6:d3:35:fa:b7:b8:fa:82:ab:80:0c:64:dd:f7:ca:d5:b0:47:9e:05

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

03/05/2023, 12:01
Valid: true

Chain 1

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

wininet

InternetCheckConnectionA

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

071307373db47402e881a4d65e0a19ec

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75Certificate

Extended Key Usages

Key Usages

e6:d3:35:fa:b7:b8:fa:82:ab:80:0c:64:dd:f7:ca:d5:b0:47:9e:05Signer

Signature Validations

Verification

03/05/2023, 12:01 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

msvcrt

wininet

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 109KB - Virtual size: 109KB

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 636B

.xdata Size: 1024B - Virtual size: 524B

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75
Certificate

e6:d3:35:fa:b7:b8:fa:82:ab:80:0c:64:dd:f7:ca:d5:b0:47:9e:05
Signer

03/05/2023, 12:01
Valid: true

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 109KB - Virtual size: 109KB

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 636B

.xdata
Size: 1024B - Virtual size: 524B

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B