MDE_File_Sample_33c02d70abb2f1f12a79cfd780d875a94e7fe877[.]zip

Resubmissions

23/05/2023, 10:20

230523-mdf88aeg96 6

09/05/2023, 07:39

230509-jg48nsgf9t 6

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_33c02d70abb2f1f12a79cfd780d875a94e7fe877.zip
Size

477KB
MD5

389068894e06e915de2506fe876e2084
SHA1

19104fe7a35301a06f688952ee6f358cc31c21bc
SHA256

42746edc16f2c02fc73d9f0f0b9436c8109495409bbd7a3d715ab0b4c5aefbfd
SHA512

1e01821295cad3b132e45ccf5f676a8729013d08e0b3eae9a243969b8d9966804e5bffb028dac832bd0fabcbf9293984fcd7d62b9df2079f485811c75ca81a60
SSDEEP

12288:5/BP6cfKE5Pk9x+4PJpbRXhSZv5ycAUlDiqSj:5/ocFIvjud5yqDiqO

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_33c02d70abb2f1f12a79cfd780d875a94e7fe877.zip
.zip

Password: infected
PDFpower.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:2c:66:d4:ce:18:c4:ec:68:2e:71:dd
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04/03/2021, 09:42

Not After

04/03/2024, 09:42

Subject

SERIALNUMBER=516185493,CN=MY TECH MEDIA LTD,O=MY TECH MEDIA LTD,STREET=11 Hamanofim,L=Herzliya,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1561646d696e406d79746563686d656469612e6e6574,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:05:86:4f:97:d0:d1:12:60:ee:df:11:73:5b:70:4e:b0:d6:43:82
Signer

Actual PE Digest

c1:05:86:4f:97:d0:d1:12:60:ee:df:11:73:5b:70:4e:b0:d6:43:82

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=516185493,CN=MY TECH MEDIA LTD,O=MY TECH MEDIA LTD,STREET=11 Hamanofim,L=Herzliya,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1561646d696e406d79746563686d656469612e6e6574,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

24/11/2022, 15:08
Valid: true

Chain 1

SERIALNUMBER=516185493,CN=MY TECH MEDIA LTD,O=MY TECH MEDIA LTD,STREET=11 Hamanofim,L=Herzliya,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1561646d696e406d79746563686d656469612e6e6574,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

18:2c:66:d4:ce:18:c4:ec:68:2e:71:ddCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

c1:05:86:4f:97:d0:d1:12:60:ee:df:11:73:5b:70:4e:b0:d6:43:82Signer

Signature Validations

Verification

24/11/2022, 15:08 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

18:2c:66:d4:ce:18:c4:ec:68:2e:71:dd
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

c1:05:86:4f:97:d0:d1:12:60:ee:df:11:73:5b:70:4e:b0:d6:43:82
Signer

24/11/2022, 15:08
Valid: true

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B