VN5A47C5033DE383D1B898CF239AAB2C39_2022_04_12T08_19_01_2571075[.]rar

Resubmissions

15/05/2023, 11:29

230515-nllz4sfa85 3

15/05/2023, 11:07

230515-m8b8raad3z 10

Sharing

Copy URL Twitter E-mail

General

Target

VN5A47C5033DE383D1B898CF239AAB2C39_2022_04_12T08_19_01_2571075.rar
Size

5.2MB
MD5

10976818be3e1bb043e60db1b9d8a75d
SHA1

b88569b3816e277d206ca96685e9e535b60e63f2
SHA256

0709ad3fc66bb5d08ad8f0cf7a542366ae50439d0b52331156fe7d2480ea3f5e
SHA512

01ab99a147fe1402836fa8757bc7d8e6650e5c830b4c9d3f274a94b6b9626b207ddd1d46e641aae4e37d6af9026d6584e99093db4edc503b1af7c900c45fd450
SSDEEP

98304:RaDMdL8mO8HSX2Wfz1kHqaA1F5v8tHxJDqvsz+Y9PBWjVZxm37Tmh:RaDMmmtSXf71xaA50rJgjY9ZWjVg+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/Readme.txt

Files

VN5A47C5033DE383D1B898CF239AAB2C39_2022_04_12T08_19_01_2571075.rar
.rar
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Autofills/Google_[Chrome]_Default.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Cookies/Google_[Chrome]_Default Extension.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Cookies/Google_[Chrome]_Default Network.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Cookies/Microsoft_[Edge]_Default Network.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Cookies/Steam_[htmlcache]_Unknown.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/DomainDetects.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Desktop.lnk
.lnk
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/DEVISE CARRASCOSA.doc
.doc windows office2003
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/Denis CARRASCOSA Releve.doc
.doc windows office2003
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/Readme.txt
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/demande explication BAMBA ALY.doc
.doc windows office2003
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/demande pret traore.docx
.docx office2007
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/demission MAWOLODI.doc
.doc windows office2003
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/FileGrabber/Users/Administrator/Documents/depart jb.doc
.doc windows office2003
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/ImportantAutofills.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/InstalledBrowsers.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/InstalledSoftware.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Passwords.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/ProcessList.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Screenshot.jpg
.dll windows x86

9043a0459baa7e86a8246f1ef2c4bb0d

Code Sign

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

08/09/2024, 23:59

Subject

CN=Artem Shevchenko,O=Artem Shevchenko,POSTALCODE=04050,STREET=Melnikova st. 15\, 5 apt.,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:c1:69:5f:02:13:f0:63:57:11:03:6b:0a:b8:8e:70:d6:2e:cd:d4
Signer

Actual PE Digest

00:c1:69:5f:02:13:f0:63:57:11:03:6b:0a:b8:8e:70:d6:2e:cd:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Artem Shevchenko,O=Artem Shevchenko,POSTALCODE=04050,STREET=Melnikova st. 15\, 5 apt.,L=Kiev,ST=Kiev,C=UA

09/09/2019, 06:59
Valid: true

Chain 1

CN=Artem Shevchenko,O=Artem Shevchenko,POSTALCODE=04050,STREET=Melnikova st. 15\, 5 apt.,L=Kiev,ST=Kiev,C=UA

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qt5network

?staticMetaObject@QBearerEngine@@2UQMetaObject@@B
?qt_metacall@QBearerEngine@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QBearerEngine@@UAEPAXPBD@Z
?staticMetaObject@QNetworkSessionPrivate@@2UQMetaObject@@B
?qt_metacall@QNetworkSessionPrivate@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QNetworkSessionPrivate@@UAEPAXPBD@Z
?staticMetaObject@QBearerEnginePlugin@@2UQMetaObject@@B
??1QBearerEnginePlugin@@UAE@XZ
??0QBearerEnginePlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QBearerEnginePlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QBearerEnginePlugin@@UAEPAXPBD@Z
?usagePoliciesChanged@QNetworkSessionPrivate@@QAEXV?$QFlags@W4UsagePolicy@QNetworkSession@@@@@Z
?newConfigurationActivated@QNetworkSessionPrivate@@QAEXXZ
?closed@QNetworkSessionPrivate@@QAEXXZ
?stateChanged@QNetworkSessionPrivate@@QAEXW4State@QNetworkSession@@@Z
?error@QNetworkSessionPrivate@@QAEXW4SessionError@QNetworkSession@@@Z
?quitPendingWaitsForOpened@QNetworkSessionPrivate@@QAEXXZ
?qNetworkConfigurationManagerPrivate@@YAPAVQNetworkConfigurationManagerPrivate@@XZ
?engines@QNetworkConfigurationManagerPrivate@@QBE?AV?$QList@PAVQBearerEngine@@@@XZ
?interfaceFromName@QNetworkInterface@@SA?AV1@ABVQString@@@Z
??0QNetworkInterface@@QAE@XZ
?isValid@QNetworkConfiguration@@QBE_NXZ
?children@QNetworkConfiguration@@QBE?AV?$QList@VQNetworkConfiguration@@@@XZ
?identifier@QNetworkConfiguration@@QBE?AVQString@@XZ
?type@QNetworkConfiguration@@QBE?AW4Type@1@XZ
?state@QNetworkConfiguration@@QBE?AV?$QFlags@W4StateFlag@QNetworkConfiguration@@@@XZ
??8QNetworkConfiguration@@QBE_NABV0@@Z
??1QNetworkConfiguration@@QAE@XZ
??4QNetworkConfiguration@@QAEAAV0@ABV0@@Z
??0QNetworkConfiguration@@QAE@ABV0@@Z
??0QNetworkConfiguration@@QAE@XZ
?setALREnabled@QNetworkSessionPrivate@@UAEX_N@Z
?requiresPolling@QBearerEngine@@UBE_NXZ
??1QNetworkSessionPrivate@@UAE@XZ
??0QNetworkSessionPrivate@@QAE@XZ
?updateCompleted@QBearerEngine@@QAEXXZ
?configurationChanged@QBearerEngine@@QAEXV?$QExplicitlySharedDataPointer@VQNetworkConfigurationPrivate@@@@@Z
?configurationRemoved@QBearerEngine@@QAEXV?$QExplicitlySharedDataPointer@VQNetworkConfigurationPrivate@@@@@Z
?configurationAdded@QBearerEngine@@QAEXV?$QExplicitlySharedDataPointer@VQNetworkConfigurationPrivate@@@@@Z
??1QBearerEngine@@UAE@XZ
??0QBearerEngine@@QAE@PAVQObject@@@Z
?allInterfaces@QNetworkInterface@@SA?AV?$QList@VQNetworkInterface@@@@XZ
?interfaceFromIndex@QNetworkInterface@@SA?AV1@H@Z
?addressEntries@QNetworkInterface@@QBE?AV?$QList@VQNetworkAddressEntry@@@@XZ
?hardwareAddress@QNetworkInterface@@QBE?AVQString@@XZ
?flags@QNetworkInterface@@QBE?AV?$QFlags@W4InterfaceFlag@QNetworkInterface@@@@XZ
?humanReadableName@QNetworkInterface@@QBE?AVQString@@XZ
?name@QNetworkInterface@@QBE?AVQString@@XZ
?index@QNetworkInterface@@QBEHXZ
?isValid@QNetworkInterface@@QBE_NXZ
??1QNetworkInterface@@QAE@XZ
??0QNetworkInterface@@QAE@ABV0@@Z
??1QNetworkAddressEntry@@QAE@XZ

qt5core

?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?currentDateTimeUtc@QDateTime@@SA?AV1@XZ
?toTime_t@QDateTime@@QBEIXZ
??1QDateTime@@QAE@XZ
?toInt@QVariant@@QBEHPA_N@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@XZ
?disconnect@QObject@@SA_NPBV1@PBD01@Z
??0QMutex@@QAE@W4RecursionMode@0@@Z
??1QMutex@@QAE@XZ
?lock@QMutex@@QAEXXZ
?unlock@QMutex@@QAEXXZ
?unlock@QMutexLocker@@QAEXXZ
?relock@QMutexLocker@@QAEXXZ
??0QChar@@QAE@UQLatin1Char@@@Z
?qHash@@YAIABVQString@@I@Z
?detach@QListData@@QAEPAUData@1@H@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?realloc@QListData@@QAEXH@Z
?dispose@QListData@@SAXPAUData@1@@Z
?erase@QListData@@QAEPAPAXPAPAX@Z
?append@QListData@@QAEPAPAXXZ
??0QString@@QAE@XZ
??0QString@@QAE@VQLatin1String@@@Z
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
??4QString@@QAEAAV0@ABV0@@Z
??4QString@@QAEAAV0@$$QAV0@@Z
?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z
?append@QString@@QAEAAV1@ABV1@@Z
?utf16@QString@@QBEPBGXZ
?fromLatin1@QString@@SA?AV1@PBDH@Z
?number@QString@@SA?AV1@HH@Z
?number@QString@@SA?AV1@IH@Z
??8@YA_NABVQString@@0@Z
??M@YA_NABVQString@@0@Z
?allocateNode@QHashData@@QAEPAXH@Z
?freeNode@QHashData@@QAEXPAX@Z
?detach_helper@QHashData@@QAEPAU1@P6AXPAUNode@1@PAX@ZP6AX0@ZHH@Z
?hasShrunk@QHashData@@QAEXXZ
?rehash@QHashData@@QAEXH@Z
?free_helper@QHashData@@QAEXP6AXPAUNode@1@@Z@Z
?nextNode@QHashData@@SAPAUNode@1@PAU21@@Z
??0QSharedData@@QAE@XZ
?freeNodeAndRebalance@QMapDataBase@@QAEXPAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QAEXXZ
?createNode@QMapDataBase@@QAEPAUQMapNodeBase@@HHPAU2@_N@Z
?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPAU1@XZ
?freeData@QMapDataBase@@SAXPAU1@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?shared_null@QListData@@2UData@1@B
?shared_null@QMapDataBase@@2U1@B
??1QByteArray@@QAE@XZ
??8QString@@QBE_NVQLatin1String@@@Z
?cast@QMetaObject@@QBEPAVQObject@@PAV2@@Z
?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PBD@Z
?activate@QMetaObject@@SAXPAVQObject@@PBU1@HPAPAX@Z
??1Connection@QMetaObject@@QAE@XZ
?registerNormalizedType@QMetaType@@SAHABVQByteArray@@P6AXPAX@ZP6APAX1PBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PBUQMetaObject@@@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?qt_metacast@QObject@@UAEPAXPBD@Z
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
??0QObject@@QAE@PAV0@@Z
??1QObject@@UAE@XZ
?connect@QObject@@SA?AVConnection@QMetaObject@@PBV1@PBD01W4ConnectionType@Qt@@@Z

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

msvcr120

_initterm_e
_initterm
_except_handler4_common
free
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
memcpy
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__clean_type_info_names_internal
_malloc_crt

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DeviceIoControl
CloseHandle
CreateFileW

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/UserInformation.txt
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(brave)/CURRENT
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(brave)/MANIFEST-000001
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(chrome default)/000003.log
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(chrome default)/CURRENT
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(chrome default)/LOG
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(chrome default)/LOG.old
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/BinanceChain(chrome default)/MANIFEST-000001
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Exodus/wallet/info.seco
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Exodus/wallet/seed.seco
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Exodus/wallet/twofactor-secret.seco
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Exodus/wallet/twofactor.seco
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(brave)/000054.ldb
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(brave)/000056.ldb
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(brave)/000057.log
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(brave)/000058.ldb
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(brave)/CURRENT
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(brave)/MANIFEST-000001
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/000494.log
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/024123.ldb
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/024125.ldb
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/024126.log
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/024127.ldb
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/CURRENT
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/LOG
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/LOG.old
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/MANIFEST-000001
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/lost/000494.log
VN[5A47C5033DE383D1B898CF239AAB2C39] [2022-04-12T08_19_01.2571075]/Wallets/Metamask(chrome default)/lost/MANIFEST-000001

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 512B - Virtual size: 12B

9043a0459baa7e86a8246f1ef2c4bb0d

Code Sign

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

00:c1:69:5f:02:13:f0:63:57:11:03:6b:0a:b8:8e:70:d6:2e:cd:d4Signer

Signature Validations

Verification

09/09/2019, 06:59 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

qt5network

qt5core

msvcp120

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 256B

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 512B - Virtual size: 12B

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

00:c1:69:5f:02:13:f0:63:57:11:03:6b:0a:b8:8e:70:d6:2e:cd:d4
Signer

09/09/2019, 06:59
Valid: true

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 256B

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 2KB - Virtual size: 1KB