healer | 1wg01rY8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1wg01rY8.exe
Size

19KB
MD5

6ed09bc061bef57530a88624374180f4
SHA1

7f082c94137ebd6527d84555959802195a089946
SHA256

760eb9960bfab97f6bce865828a0d7c37dfe638ff06e6b12776897f9c1e62995
SHA512

875bfd71766fcce6846a864268f18449b0ab163024b0befb6d7a2cf3424fbe0d84b07af6da3240b0a08cc4911fafad062064ba2459eb190517e3b3b7c9205ccf
SSDEEP

384:zw+1WA2Ni64rXGfZvTx1uHFGi4i/8E9VFf:zw+gU64r8QzeE

Score

10^/10

healer

Malware Config

Signatures

Detects Healer an antivirus disabler dropper 1 IoCs

resource	yara_rule
sample	healer

Healer family
healer

Files

1wg01rY8.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:c2:72:75:d6:86:38:43:79:18:39:2b:6f:79:bb:cc
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/06/2020, 00:00

Not After

22/06/2023, 23:59

Subject

CN=K Desktop Environment e.V.,O=K Desktop Environment e.V.,POSTALCODE=10969,STREET=Prinzenstr 85 F,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:23:47:75:f4:82:53:78:1f:f9:01:4c:24:78:c6:ae:b5:3e:5f:53:75:a9:b2:dd:31:ce:a4:f7:5a:61:a9:b2
Signer

Actual PE Digest

d2:23:47:75:f4:82:53:78:1f:f9:01:4c:24:78:c6:ae:b5:3e:5f:53:75:a9:b2:dd:31:ce:a4:f7:5a:61:a9:b2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

f0:c2:72:75:d6:86:38:43:79:18:39:2b:6f:79:bb:ccCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

d2:23:47:75:f4:82:53:78:1f:f9:01:4c:24:78:c6:ae:b5:3e:5f:53:75:a9:b2:dd:31:ce:a4:f7:5a:61:a9:b2Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

f0:c2:72:75:d6:86:38:43:79:18:39:2b:6f:79:bb:cc
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

d2:23:47:75:f4:82:53:78:1f:f9:01:4c:24:78:c6:ae:b5:3e:5f:53:75:a9:b2:dd:31:ce:a4:f7:5a:61:a9:b2
Signer

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B