ISP[.]rar | Triage

Resubmissions

22/05/2023, 10:45

230522-mte14afg58 1

22/05/2023, 10:40

230522-mqlz8sae2s 1

Sharing

Copy URL Twitter E-mail

General

Target

ISP.rar
Size

14KB
MD5

50b76dbd4ca8ab1fe38afc3e596e3efd
SHA1

69d7230ed70da7d6d169d490d159f1617050da56
SHA256

43547a6001cd88166f5e08ea7b5324496a30edff43c489b1f13ddff59ab3964b
SHA512

a956094f231f282b40ff2f44fc92f7c9ba5437331af0de222fcfa0d4aa31a73cd8ffc62a7d4bf776e5f52f972aa9ee84620bb58135f2a23df8112b9d4526677a
SSDEEP

384:iouRoNhrO3DPBQtFz8Dp2nmwFiacnFPr6hN6DC279bx8M1zOgz:Qihy3DZ0GDgmwFzMPehN6mwz

Score

1^/10

Malware Config

Signatures

Files

ISP.rar
.rar

Password: 123
ISP.exe
.exe windows x64

Password: 123

005b5709b7bee97b2626acbe22b6901a

Code Sign

37:ba:ea:b2:6a:88:5c:91:40:a4:1f:ee:7a:42:91:e9
Certificate

Issuer

CN=Kaspersky Lab Coq JSC

Not Before

17/05/2023, 16:45

Not After

31/12/2039, 23:59

Subject

CN=Kaspersky Lab Coq JSC

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5d
Signer

Actual PE Digest

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenA
lstrcmpiW

user32

MessageBoxW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitialize

oleaut32

VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocString

opencl

clSetKernelArg
clWaitForEvents
clCreateUserEvent
clEnqueueReadBuffer
clEnqueueWriteBuffer
clEnqueueNDRangeKernel
clCreateKernel
clReleaseKernel
clGetPlatformIDs
clCreateContextFromType
clReleaseContext
clGetContextInfo
clCreateCommandQueueWithProperties
clReleaseCommandQueue
clCreateBuffer
clReleaseMemObject
clCreateProgramWithSource
clReleaseProgram
clBuildProgram

Exports

Exports

goapp

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

005b5709b7bee97b2626acbe22b6901a

Code Sign

37:ba:ea:b2:6a:88:5c:91:40:a4:1f:ee:7a:42:91:e9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

opencl

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 4KB

37:ba:ea:b2:6a:88:5c:91:40:a4:1f:ee:7a:42:91:e9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5d
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 4KB