d610a0ba2dcfba3c400705d46025c0c9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d610a0ba2dcfba3c400705d46025c0c9.bin
Size

135KB
MD5

d93988ed449538467685f57be776e1f1
SHA1

e0ee279c897a1f7e6a530bad6d6a1e24990a17c4
SHA256

1b1e077dfa990717fd3fb6cffcc5d59e9b3a8bee418f40fe7474f42e77f33d5b
SHA512

fe76e61fa4a2abcc4d9747b8dfdb99e4f1e023e5a04e54fbc1f5da232406d223cc21416217a274100ebce40d3b56ba1db31b8013b04d0c36f7d7a36a8ac2f5e7
SSDEEP

3072:NZE2TVF4H1AmsX2GYoxUxzQdJjLrYqmg9Zb+D2HDy66FSEjOW5htxn:N+lA+G3UloBLrYGVDyJFDaWb

Score

1^/10

Malware Config

Signatures

Files

d610a0ba2dcfba3c400705d46025c0c9.bin
.zip

Password: infected
73f64bc33e3b3672255550ce4ec0f98e1fb399d373b5df80667b70de2bca9773.exe
.exe windows x64

Password: infected

071307373db47402e881a4d65e0a19ec

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

03/05/2022, 17:27

Not After

20/05/2024, 17:27

Subject

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:98:e7:b2:46:8d:aa:90:ed:f4:c2:f5:51:d1:f8:94:0a:27:cb:a0
Signer

Actual PE Digest

e2:98:e7:b2:46:8d:aa:90:ed:f4:c2:f5:51:d1:f8:94:0a:27:cb:a0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

03/05/2023, 12:04
Valid: true

Chain 1

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

wininet

InternetCheckConnectionA

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

071307373db47402e881a4d65e0a19ec

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75Certificate

Extended Key Usages

Key Usages

e2:98:e7:b2:46:8d:aa:90:ed:f4:c2:f5:51:d1:f8:94:0a:27:cb:a0Signer

Signature Validations

Verification

03/05/2023, 12:04 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

msvcrt

wininet

Sections

.text Size: 145KB - Virtual size: 144KB

.data Size: 109KB - Virtual size: 109KB

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 636B

.xdata Size: 1024B - Virtual size: 524B

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75
Certificate

e2:98:e7:b2:46:8d:aa:90:ed:f4:c2:f5:51:d1:f8:94:0a:27:cb:a0
Signer

03/05/2023, 12:04
Valid: true

.text
Size: 145KB - Virtual size: 144KB

.data
Size: 109KB - Virtual size: 109KB

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 636B

.xdata
Size: 1024B - Virtual size: 524B

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B