fc924a4c46667be6e82ccf6f4068fcd22da63e2a0cefcd01dc3b7dd014138fa4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

fc924a4c46667be6e82ccf6f4068fcd22da63e2a0cefcd01dc3b7dd014138fa4.zip
Size

43KB
MD5

663a11e3c4ff5f06ae456a01a036ac99
SHA1

24cd3c6a7a23768f39396587a8031c0e086d5222
SHA256

f85bd062cd8445be1c863d4ee41a3c037703d602f92e897bde42a862f98b7313
SHA512

f5496bbfa056fed702297592dc510b00eae0481c0c9f2828c281f3373f7d43495e8e21cd1469c3b0c0912177ba357600920aa8ea88f118e1d81871df020aa1f5
SSDEEP

768:NyPTNYI4j3ql2GEPwJBO5No+sk6Fxgy2seHR/3PPvxk/rjDra9ySTabu0teqTZf4:NyPTNN4TqlF/yMk6gTsehnvxk/rjDrav

Score

1^/10

Malware Config

Signatures

Files

fc924a4c46667be6e82ccf6f4068fcd22da63e2a0cefcd01dc3b7dd014138fa4.zip
.zip

Password: S1BinaryVault
C/ProgramData/Sentinel/AFUCache/fc924a4c46667be6e82ccf6f4068fcd22da63e2a0cefcd01dc3b7dd014138fa4
.exe windows x86

Password: S1BinaryVault

0fd5142e65d56f4c690d531a148ed364

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/08/2019, 00:00

Not After

08/08/2020, 23:59

Subject

CN=Kuzyakov Artur Vyacheslavovich IP,O=Kuzyakov Artur Vyacheslavovich IP,STREET=kv.29\, 24K1 Tashkentskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/08/2019, 00:00

Not After

08/08/2020, 23:59

Subject

CN=Kuzyakov Artur Vyacheslavovich IP,O=Kuzyakov Artur Vyacheslavovich IP,STREET=kv.29\, 24K1 Tashkentskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:58:78:99:0a:20:f3:e5:4d:eb:47:c8:c8:e9:08:b2:e6:0d:69:88:30:5a:7b:da:7c:6c:47:24:cb:03:38:55
Signer

Actual PE Digest

e4:58:78:99:0a:20:f3:e5:4d:eb:47:c8:c8:e9:08:b2:e6:0d:69:88:30:5a:7b:da:7c:6c:47:24:cb:03:38:55

Digest Algorithm

sha256

PE Digest Matches

true

b9:c0:90:fc:1d:2f:b9:dd:b7:ea:19:7d:1a:79:28:fb:2e:ca:b8:0e
Signer

Actual PE Digest

b9:c0:90:fc:1d:2f:b9:dd:b7:ea:19:7d:1a:79:28:fb:2e:ca:b8:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetCommandLineW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetWindowsDirectoryW
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetCurrentDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fullpath
_iob
_onexit
_putws
_setmode
_wsystem
abort
atexit
atoi
calloc
fputc
free
fwrite
getenv
isspace
localeconv
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strchr
strcoll
strlen
tolower
vfprintf
wcscat
wcscpy
wcslen
wcstombs
wprintf

shell32

CommandLineToArgvW
ShellExecuteExW

shlwapi

PathRemoveFileSpecW

user32

wsprintfW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1BinaryVault

Password: S1BinaryVault

0fd5142e65d56f4c690d531a148ed364

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e4:58:78:99:0a:20:f3:e5:4d:eb:47:c8:c8:e9:08:b2:e6:0d:69:88:30:5a:7b:da:7c:6c:47:24:cb:03:38:55Signer

b9:c0:90:fc:1d:2f:b9:dd:b7:ea:19:7d:1a:79:28:fb:2e:ca:b8:0eSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

shlwapi

user32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 40B

.rdata Size: 3KB - Virtual size: 2KB

.eh_fram Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 26KB - Virtual size: 25KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e4:58:78:99:0a:20:f3:e5:4d:eb:47:c8:c8:e9:08:b2:e6:0d:69:88:30:5a:7b:da:7c:6c:47:24:cb:03:38:55
Signer

b9:c0:90:fc:1d:2f:b9:dd:b7:ea:19:7d:1a:79:28:fb:2e:ca:b8:0e
Signer

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 40B

.rdata
Size: 3KB - Virtual size: 2KB

.eh_fram
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 26KB - Virtual size: 25KB