DoubleCounterBypass[.]V1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

DoubleCounterBypass.V1.zip
Size

404KB
MD5

1f5b8c0207f72186f0835cb56053c293
SHA1

fc08a93404eb90c50953508cc8ed290c20b5683d
SHA256

54206adc41c8b9a252d0775d89f665a4e96fa202c4ce65623ea466978a24ee78
SHA512

78ccf4afe6afde6e55f22a6a1011d65c55fa419df26d7a943ede4617ce549071d8be6baaaa92e2c98499fa6107f3f3ce67cde6fc1369f6cf1e246b2a15bab589
SSDEEP

12288:SSyYT2YvjXTGRzLE/rTywOHpnhJENcxTrq:P2EqRz4vyvH1L0

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DoubleCounterBypass V1/BrotliSharpLib.dll
unpack001/DoubleCounterBypass V1/Double Counter Bypass.exe
unpack001/DoubleCounterBypass V1/LegitHttpClient.dll

Files

DoubleCounterBypass.V1.zip
.zip
DoubleCounterBypass V1/BrotliSharpLib.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DoubleCounterBypass V1/Double Counter Bypass.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DoubleCounterBypass V1/LegitHttpClient.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DoubleCounterBypass V1/System.Runtime.CompilerServices.Unsafe.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:0a:83:34:a8:fb:fd:d0:38:76:00:00:00:00:01:0a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:8E9E-4BD0-2ED0,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:86:a4:ae:f3:dd:ce:5d:c3:73:98:b8:87:69:e4:b4:0e:c9:57:60:e0:e7:c3:1a:bc:f8:ed:3e:f9:4b:58:be
Signer

Actual PE Digest

a1:86:a4:ae:f3:dd:ce:5d:c3:73:98:b8:87:69:e4:b4:0e:c9:57:60:e0:e7:c3:1a:bc:f8:ed:3e:f9:4b:58:be

Digest Algorithm

sha256

PE Digest Matches

true

fb:04:b1:54:63:fe:e1:f1:d9:2e:93:23:b7:8a:35:0d:bf:24:35:54
Signer

Actual PE Digest

fb:04:b1:54:63:fe:e1:f1:d9:2e:93:23:b7:8a:35:0d:bf:24:35:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:0a:83:34:a8:fb:fd:d0:38:76:00:00:00:00:01:0aCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a1:86:a4:ae:f3:dd:ce:5d:c3:73:98:b8:87:69:e4:b4:0e:c9:57:60:e0:e7:c3:1a:bc:f8:ed:3e:f9:4b:58:beSigner

fb:04:b1:54:63:fe:e1:f1:d9:2e:93:23:b7:8a:35:0d:bf:24:35:54Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:0a:83:34:a8:fb:fd:d0:38:76:00:00:00:00:01:0a
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a1:86:a4:ae:f3:dd:ce:5d:c3:73:98:b8:87:69:e4:b4:0e:c9:57:60:e0:e7:c3:1a:bc:f8:ed:3e:f9:4b:58:be
Signer

fb:04:b1:54:63:fe:e1:f1:d9:2e:93:23:b7:8a:35:0d:bf:24:35:54
Signer

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B