a1523f126ad4ce56cd4b9f2f5e0b18d1a63f09962fa9b336bf2dc2b647793b6f[.]bin[.]sample[.]gz

Sharing

Copy URL Twitter E-mail

General

Target

a1523f126ad4ce56cd4b9f2f5e0b18d1a63f09962fa9b336bf2dc2b647793b6f.bin.sample.gz
Size

28KB
MD5

8083b1632403af9c94118974f40d78ac
SHA1

8bbd46512ed8f290369435fc406e864b2c4b1987
SHA256

2a868ec4f7c2db395fc9d1016b0c582d05f16cc8eb8a035a5f8cb2cc83334cf0
SHA512

badc8d56f2f772b7f05220bc417b7560ddb5cf2b0b91ec2d06ac442c07c672962eefebfd52f4e7ef8ff071c584805ab24ea68758bd8bdfbc3dfd9d0ed1b82469
SSDEEP

768:O3OdRqIlpI7hilR38Hk690auCIPKDxas7oOtbA58CIF:Q0lEQlR3496PKDxa2oO1A58j

Score

1^/10

Malware Config

Signatures

Files

a1523f126ad4ce56cd4b9f2f5e0b18d1a63f09962fa9b336bf2dc2b647793b6f.bin.sample.gz
.gz
sample
.exe windows x86

e93ab621b41560812ea45815b4589244

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:9b:72:08:6d:08:9b:78:f7:b3:37:6c:19:5e:19:3b:a5:d3:e1:ed:d1:0a:81:f0:75:e3:6f:30:15:f8:b2:0b
Signer

Actual PE Digest

e3:9b:72:08:6d:08:9b:78:f7:b3:37:6c:19:5e:19:3b:a5:d3:e1:ed:d1:0a:81:f0:75:e3:6f:30:15:f8:b2:0b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

kernel32

DeleteFileA
EnterCriticalSection
ExitProcess
GetCommandLineA
GetComputerNameA
GetExitCodeProcess
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersionExA
GetVolumeInformationA
InitializeCriticalSection
IsBadStringPtrW
LeaveCriticalSection
PeekNamedPipe
RtlUnwind
WideCharToMultiByte
lstrlenW
CreatePipe

user32

LoadCursorA
LoadIconA
GetMessageA
TranslateMessage
DispatchMessageA
OemToCharA
RegisterClassA
PostQuitMessage
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject

advapi32

ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegQueryValueExA

crtdll

__GetMainArgs
exit
raise
signal

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.benignb
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e93ab621b41560812ea45815b4589244

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e3:9b:72:08:6d:08:9b:78:f7:b3:37:6c:19:5e:19:3b:a5:d3:e1:ed:d1:0a:81:f0:75:e3:6f:30:15:f8:b2:0bSigner

Headers

File Characteristics

Imports

shell32

ole32

oleaut32

kernel32

user32

gdi32

advapi32

crtdll

Sections

.text Size: 20KB - Virtual size: 20KB

.bss Size: - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.benignb Size: 16KB - Virtual size: 19KB

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e3:9b:72:08:6d:08:9b:78:f7:b3:37:6c:19:5e:19:3b:a5:d3:e1:ed:d1:0a:81:f0:75:e3:6f:30:15:f8:b2:0b
Signer

.text
Size: 20KB - Virtual size: 20KB

.bss
Size: - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.benignb
Size: 16KB - Virtual size: 19KB