TAS[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TAS.exe
Size

5.1MB
MD5

b689cc8a2718e7417d0647599ce16272
SHA1

98ff5683ddb1562aa18bbaafe1400f68ca89459e
SHA256

54da28add2c8b05eade0a5da3dc9f25d9c5ba7c41610be70bcf1488e03235c9d
SHA512

2fbc30cc245de4c275e3e35da0f3899e468effdf82e833a0fcb74f8a6fb13b1ef346068413f39d9f2b1a9d84a20b8aabaedfbab140ed85bf3c3e6f4652b3d84e
SSDEEP

98304:VHCof7iUHo/US+tp2Op7Yor2dI8XdUcVY657fSC1yuvQTnY/:JCof7iU6M2Op0YidUcVY69fSC8GunM

Score

1^/10

Malware Config

Signatures

Files

TAS.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:77:8a:7d:65:d3:72:0c:b6:14:f8:06:2e:df:61:d5
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/11/2022, 00:00

Not After

19/12/2025, 23:59

Subject

CN=Hans Turck GmbH & Co. KG,O=Hans Turck GmbH & Co. KG,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:4d:0c:b0:ff:89:db:d0:27:3e:c4:7b:1e:5e:e8:ed:e5:62:52:b4
Signer

Actual PE Digest

9b:4d:0c:b0:ff:89:db:d0:27:3e:c4:7b:1e:5e:e8:ed:e5:62:52:b4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Hans Turck GmbH & Co. KG,O=Hans Turck GmbH & Co. KG,ST=Nordrhein-Westfalen,C=DE

16/05/2023, 12:27
Valid: true

Chain 1

CN=Hans Turck GmbH & Co. KG,O=Hans Turck GmbH & Co. KG,ST=Nordrhein-Westfalen,C=DE

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e9:77:8a:7d:65:d3:72:0c:b6:14:f8:06:2e:df:61:d5Certificate

Extended Key Usages

Key Usages

9b:4d:0c:b0:ff:89:db:d0:27:3e:c4:7b:1e:5e:e8:ed:e5:62:52:b4Signer

Signature Validations

Verification

16/05/2023, 12:27 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 512B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e9:77:8a:7d:65:d3:72:0c:b6:14:f8:06:2e:df:61:d5
Certificate

9b:4d:0c:b0:ff:89:db:d0:27:3e:c4:7b:1e:5e:e8:ed:e5:62:52:b4
Signer

16/05/2023, 12:27
Valid: true

.text
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 512B - Virtual size: 12B