2db467faac6a4a29d735a61e62310a0d5090019d72bebf793684c7c36817de3c[.]bin[.]sample[.]gz

Sharing

Copy URL

Twitter E-mail

General

Target

2db467faac6a4a29d735a61e62310a0d5090019d72bebf793684c7c36817de3c.bin.sample.gz
Size

73KB
MD5

6ce92ecc9c82222025158a90d937640d
SHA1

98c68804d200abaeffc3707295dbbf4ef7d612f2
SHA256

7b040360dbc92a228b585e56094bb32a369d9625b5a585b870c0384965734abc
SHA512

3ddb3962fd3b632ecd8fb6a15a1e1c5e8eac94468294e6491926e731d4a5b813d840fbec5cae948a82a1983727341b65a008fb2b8311a9a0b9c5938ec7900c7e
SSDEEP

1536:kzczQdquWZISHYHdZbUiCiRsi1ij0tEcNiaHicdPm18GN:kzhA9ZI1UP0zNnCcdP08GN

Score

1^/10

Malware Config

Signatures

Files

2db467faac6a4a29d735a61e62310a0d5090019d72bebf793684c7c36817de3c.bin.sample.gz
.gz
sample
.exe windows x86

9b627dea1daeb162c4cd98a4693fdb12

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:12:c8:86:8c:15:92:1a:30:6e:cf:fe:4f:59:e0:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/10/2004, 00:00

Not After

27/11/2005, 23:59

Subject

CN=Beijing Huicong International Information Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech,O=Beijing Huicong International Information Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:1c:46:1a:39:e6:75:5c:4d:61:df:1c:07:89:21:0e:88:2a:a1:ba
Signer

Actual PE Digest

ac:1c:46:1a:39:e6:75:5c:4d:61:df:1c:07:89:21:0e:88:2a:a1:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2396
ord3346
ord5300
ord3922
ord1089
ord4698
ord5199
ord4079
ord5289
ord5714
ord2982
ord5302
ord5307
ord4465
ord3136
ord3262
ord2985
ord2512
ord5731
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2621
ord1134
ord2725
ord825
ord823
ord1576
ord1168
ord2554
ord4486
ord6375
ord4274
ord4673
ord6663
ord4278
ord1200
ord537
ord858
ord800
ord2976
ord3147
ord3259
ord3081

msvcrt

fwrite
sprintf
fopen
fclose
fread
atoi
_snprintf
strstr
__CxxFrameHandler
strncpy
__p___argv
__p___argc
_access
strchr
__dllonexit
_onexit
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_strnicmp
_setmbcp

kernel32

CloseHandle
GetLastError
SetEvent
Sleep
DeleteFileA
WinExec
SetFileTime
CreateFileA
MoveFileA
SetFileAttributesA
CreateDirectoryA
GetFileAttributesA
OpenEventA
GetVersionExA
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

advapi32

RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA

setupapi

SetupIterateCabinetA

msvcp60

?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b627dea1daeb162c4cd98a4693fdb12

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

71:12:c8:86:8c:15:92:1a:30:6e:cf:fe:4f:59:e0:77Certificate

Extended Key Usages

Key Usages

ac:1c:46:1a:39:e6:75:5c:4d:61:df:1c:07:89:21:0e:88:2a:a1:baSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

setupapi

msvcp60

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 72KB - Virtual size: 69KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

71:12:c8:86:8c:15:92:1a:30:6e:cf:fe:4f:59:e0:77
Certificate

ac:1c:46:1a:39:e6:75:5c:4d:61:df:1c:07:89:21:0e:88:2a:a1:ba
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 72KB - Virtual size: 69KB