436e8b6a84e709a73340fc7a53580430[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

436e8b6a84e709a73340fc7a53580430.bin
Size

349.1MB
MD5

436e8b6a84e709a73340fc7a53580430
SHA1

a13236cc892afa01c15195b68400eb7e19aad004
SHA256

ea8c4a6d9e6d8e9c9ed430f8a29760264dd7e4a438189a66d47c319b6c180981
SHA512

d046134a9c2cf6feeeb1ffd1fb91ab916262db9f767ffc8c3e17ef0c6243dd27e426c3c17ab213362cb279404e5b4498a3e9f927d71745d03d03b2e334304095
SSDEEP

6291456:JBJvwY1EWG65t+6UQL+cmUPgtgIIA8/DfC3SD1KuhSY0sGmTH:xvVg+t+6UUUNtrIAYW3SPT05mTH

Score

1^/10

Malware Config

Signatures

Files

436e8b6a84e709a73340fc7a53580430.bin
.zip

Password: infected
d4f6a4008521e70bf9214f1ea6ac29c1952774e6adb995d92400d65d9f22b17f
.iso

Password: infected
DriverDiagnoseTool.exe
.exe windows x86

Password: infected

77a60604dca2de549db1ee79955a07a6

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:11:ed:10:06:34:3e:0f:d1:bc:55:11:f3:ab:20:84
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

31-08-2022 00:00

Not After

31-08-2023 23:59

Subject

CN=12980215 Canada Inc.,O=12980215 Canada Inc.,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bd:b9:7d:f5:f8:50:13:4f:7c:e8:3e:d9:f8:a0:b4:91:64:29:db:ec
Signer

Actual PE Digest

bd:b9:7d:f5:f8:50:13:4f:7c:e8:3e:d9:f8:a0:b4:91:64:29:db:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter

advapi32

CryptDestroyKey

vcruntime140

__current_exception
__CxxFrameHandler3
__current_exception_context
memset
_except_handler4_common
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_controlfp_s
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.lnk
.lnk
KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.pdf
.pdf

Password: infected
KENAPA_UMNO_BERSAMA_KERAJAAN_PERPADUAN.ps1
.ps1

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

77a60604dca2de549db1ee79955a07a6

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

1d:11:ed:10:06:34:3e:0f:d1:bc:55:11:f3:ab:20:84Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

bd:b9:7d:f5:f8:50:13:4f:7c:e8:3e:d9:f8:a0:b4:91:64:29:db:ecSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 805KB - Virtual size: 805KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 1024B - Virtual size: 680B

Password: infected

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

1d:11:ed:10:06:34:3e:0f:d1:bc:55:11:f3:ab:20:84
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

bd:b9:7d:f5:f8:50:13:4f:7c:e8:3e:d9:f8:a0:b4:91:64:29:db:ec
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 805KB - Virtual size: 805KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 1024B - Virtual size: 680B