39c9fa949697aaad0d98d489986b5727972b7898ce8ab11804346f01e4d46a51

Sharing

Copy URL Twitter E-mail

General

Target

39c9fa949697aaad0d98d489986b5727972b7898ce8ab11804346f01e4d46a51
Size

10.0MB
MD5

55b84764c66fff5548c0ddac484e1862
SHA1

ba29c2e75857ee576b6f509507eb14eaa1d5cb1a
SHA256

39c9fa949697aaad0d98d489986b5727972b7898ce8ab11804346f01e4d46a51
SHA512

14b3552eb5a16fb7c4853d36dc2455662dd455d5436800756da4f242d4260de1a5e6c741c602a153806321801f5ac5e095d0fdff60d5721eb493c26d07ff2e03
SSDEEP

196608:0awNy5TAOKDrTEfziTkKdTBR4LpJwiU0QS+8D7NcG1xuErKG6iccokKu:0D4T3khdN+TwR0QS++dZroih5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/moba/MobaXterm_Professinal_20.3_Preview4.exe

Files

39c9fa949697aaad0d98d489986b5727972b7898ce8ab11804346f01e4d46a51
.zip
moba/MobaXterm backup.zip
.zip
MobaXterm.2021-06-04_16.06.ini
MobaXterm.2021-06-07_19.07.ini
MobaXterm.2021-06-09_11.16.ini
MobaXterm.2021-06-10_09.08.ini
MobaXterm.2021-06-15_14.42.ini
MobaXterm.2021-06-16_11.08.ini
MobaXterm.2021-06-16_11.20.ini
MobaXterm.2021-06-18_18.06.ini
MobaXterm.2021-06-30_15.53.ini
MobaXterm.2021-07-05_14.45.ini
MobaXterm.2021-07-08_16.49.ini
MobaXterm.2021-07-08_23.53.ini
MobaXterm.2021-07-09_19.11.ini
MobaXterm.2021-07-11_10.12.ini
MobaXterm.2021-07-11_15.17.ini
MobaXterm.2021-07-12_14.21.ini
moba/MobaXterm.ini
moba/MobaXterm.log
moba/MobaXterm_Professinal_20.3_Preview4 - ݷʽ.lnk
.lnk
moba/MobaXterm_Professinal_20.3_Preview4.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 162KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
moba/ResetMasterPassword.exe
.exe windows x86

Code Sign

02:28:29:5d:3f:28:17:74:2d:67:16:01:b5:a1:ac:99
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/01/2016, 00:00

Not After

19/01/2021, 23:59

Subject

CN=Mobatek,O=Mobatek,POSTALCODE=31830,STREET=13 rue Paul Bernadot,L=Plaisance du Touch,ST=France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:10:90:b1:36:70:04:94:21:2e:4b:6a:15:86:49:24:00:d3:2c:a6
Signer

Actual PE Digest

5f:10:90:b1:36:70:04:94:21:2e:4b:6a:15:86:49:24:00:d3:2c:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 6.0MB - Virtual size: 6.0MB

DATA Size: 536KB - Virtual size: 536KB

BSS Size: - Virtual size: 162KB

.idata Size: 19KB - Virtual size: 19KB

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 512B

.reloc Size: - Virtual size: 348KB

.rsrc Size: 7.2MB - Virtual size: 7.2MB

Code Sign

02:28:29:5d:3f:28:17:74:2d:67:16:01:b5:a1:ac:99Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

5f:10:90:b1:36:70:04:94:21:2e:4b:6a:15:86:49:24:00:d3:2c:a6Signer

Headers

File Characteristics

Sections

CODE Size: 86KB - Virtual size: 85KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 6KB

.rsrc Size: 28KB - Virtual size: 28KB

CODE
Size: 6.0MB - Virtual size: 6.0MB

DATA
Size: 536KB - Virtual size: 536KB

BSS
Size: - Virtual size: 162KB

.idata
Size: 19KB - Virtual size: 19KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 512B

.reloc
Size: - Virtual size: 348KB

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

02:28:29:5d:3f:28:17:74:2d:67:16:01:b5:a1:ac:99
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

5f:10:90:b1:36:70:04:94:21:2e:4b:6a:15:86:49:24:00:d3:2c:a6
Signer

CODE
Size: 86KB - Virtual size: 85KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 28KB