MDE_File_Sample_69d56902ca69fb3486221301b76c67dcbd2d6bf6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_69d56902ca69fb3486221301b76c67dcbd2d6bf6.zip
Size

476KB
MD5

b8a922cac8c0455cf799dbc3118724f6
SHA1

98c70e3cb34a6ab1d2043a0dfdbc31e4efcd63e9
SHA256

3c2032e2a441b021dc83e4fa33ba238ec15763f11cb4cd5bb1e746d159d3ee6f
SHA512

82325d229beab5b9c2642062fa2b1a5a3e946200576ec707672c4b5b031e6a1c3456c464a05e8bfeea702ac8de459d4b7cba88ab0943f7f6e2accf1c4b0f1ea5
SSDEEP

6144:Gr4lM8SY9wLyfsIXE39QBHuyX4WKXGFkt/LKfw7TBYeXaPbUd3C1FP8i8us+jecN:Gr4ilOAqk0xX4WOkktTtXBCSm/jb1Jd

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_69d56902ca69fb3486221301b76c67dcbd2d6bf6.zip
.zip .ps1

Password: infected
PDFpower.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:1e:1e:7e:86:b3:f2:39:02:ad:d1:e3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04/03/2021, 09:44

Not After

04/03/2024, 09:44

Subject

SERIALNUMBER=516185493,CN=MY TECH MEDIA LTD,O=MY TECH MEDIA LTD,STREET=11 Hamanofim,L=Herzliya,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1561646d696e406d79746563686d656469612e6e6574,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:c1:f0:e8:b4:5f:b6:bf:20:6c:fb:ef:8a:6c:d2:ab:62:86:31:80
Signer

Actual PE Digest

06:c1:f0:e8:b4:5f:b6:bf:20:6c:fb:ef:8a:6c:d2:ab:62:86:31:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

0e:1e:1e:7e:86:b3:f2:39:02:ad:d1:e3Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

06:c1:f0:e8:b4:5f:b6:bf:20:6c:fb:ef:8a:6c:d2:ab:62:86:31:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

0e:1e:1e:7e:86:b3:f2:39:02:ad:d1:e3
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

06:c1:f0:e8:b4:5f:b6:bf:20:6c:fb:ef:8a:6c:d2:ab:62:86:31:80
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B