cb36f2c7d495c2a30fc1216525c1d797[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

cb36f2c7d495c2a30fc1216525c1d797.bin
Size

137KB
MD5

ad6ff6162993cb3f868fb700be186b07
SHA1

d6fccb5e455ecbdac97639f1fdb828209782f180
SHA256

331c23f0940e8804594b4734d885e62ef7cfeb75b6098e586fc545148edf664f
SHA512

3895df97d89a3b95e6da342917a3497b02ba78a6459f391761c971854cf386101c82630cad7886b931ce6300b5d4d421795872cb9b4500603c2d7c43a6c83e72
SSDEEP

3072:1UPDJPEtCMszFHN5Gc368u7ADG5/J6OJ5bv13yuTry6UpZP3MG:1UPDqS1/68uUDG5R6iFEuTmrvR

Score

1^/10

Malware Config

Signatures

Files

cb36f2c7d495c2a30fc1216525c1d797.bin
.zip

Password: infected
d8bc54d3a4a3022f43c67831356df16ae9c8925a861d8f1087a20b9e2503758c.exe
.exe windows x64

Password: infected

071307373db47402e881a4d65e0a19ec

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

03/05/2022, 17:27

Not After

20/05/2024, 17:27

Subject

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:73:41:f5:d4:c5:95:af:b7:02:1c:2f:86:95:66:20:1d:ee:ed:9c
Signer

Actual PE Digest

77:73:41:f5:d4:c5:95:af:b7:02:1c:2f:86:95:66:20:1d:ee:ed:9c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

03/05/2023, 12:03
Valid: true

Chain 1

SERIALNUMBER=11429614000100,CN=Tecfinance Informatica E Projetos De Sistemas Ltda,OU=TI,O=Tecfinance Informatica E Projetos De Sistemas Ltda,L=Sao Paulo,ST=Sao Paulo,C=BR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024252

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

wininet

InternetCheckConnectionA

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

071307373db47402e881a4d65e0a19ec

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75Certificate

Extended Key Usages

Key Usages

77:73:41:f5:d4:c5:95:af:b7:02:1c:2f:86:95:66:20:1d:ee:ed:9cSigner

Signature Validations

Verification

03/05/2023, 12:03 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

msvcrt

wininet

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 109KB - Virtual size: 109KB

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 636B

.xdata Size: 1024B - Virtual size: 524B

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

2b:0e:c5:8d:18:0d:7c:4f:95:06:e5:45:d0:85:5e:75
Certificate

77:73:41:f5:d4:c5:95:af:b7:02:1c:2f:86:95:66:20:1d:ee:ed:9c
Signer

03/05/2023, 12:03
Valid: true

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 109KB - Virtual size: 109KB

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 636B

.xdata
Size: 1024B - Virtual size: 524B

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B