14d1125017daaca232d87c592f00fdc9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

14d1125017daaca232d87c592f00fdc9.bin
Size

760KB
MD5

3ecba7e367c1faf5d0f4aa26e5515313
SHA1

7dbcbf34c990b486c7831b74dbbda8913d125f48
SHA256

2b8443d5269a1fe1ec573b01dfd1644ece2c6d2d8189d22e8a519c5b8cae6625
SHA512

0df72ba02bcccce7fd3522888e9d3ff962682713683b19fd29664b94a27d9de3a1936939738ac29fb7415a79229c9a25fe196054f7411f5a3e15ca9846bfc401
SSDEEP

12288:8OXZLweq59UJbl/No3EcJrfHqSNxJs+dNRVt9fgEL7LAcUG9CcYMACWyCaPX+ECC:8OXZLwe2Sl/QnJbKSNxJbXHBfcccQtPF

Score

1^/10

Malware Config

Signatures

Files

14d1125017daaca232d87c592f00fdc9.bin
.zip

Password: infected
283b2e6ac224a81d2d6ee1b18650fed17c8321d0cc6204eb45bb09584493c9ed.bin
.exe windows:5 windows x86

Password: infected

9104dc8e7ad4ddd64ec7bc2dbfc4c381

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:d4:15:ce:b0:7b:09:8c:80:29:2f:f3:ee:e0:85:9e:96:cf:63:79:8d:76:e3:96:03:70:0f:a5:c1:26:fc:72
Signer

Actual PE Digest

8b:d4:15:ce:b0:7b:09:8c:80:29:2f:f3:ee:e0:85:9e:96:cf:63:79:8d:76:e3:96:03:70:0f:a5:c1:26:fc:72

Digest Algorithm

sha256

PE Digest Matches

true

36:c4:69:5d:5d:d3:d4:c7:21:36:fc:b0:d5:75:8d:3a:43:c3:30:75
Signer

Actual PE Digest

36:c4:69:5d:5d:d3:d4:c7:21:36:fc:b0:d5:75:8d:3a:43:c3:30:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
SetUnhandledExceptionFilter
GetVersion
GetNativeSystemInfo
VirtualProtect
lstrcatW
ExpandEnvironmentStringsW
LocalLock
LocalUnlock
GetACP
SetLastError
GetModuleHandleA
GlobalFree
FreeResource
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
lstrcmpA
SetThreadPriority
SuspendThread
ResumeThread
GetPrivateProfileIntW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetFileSizeEx
SetErrorMode
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetDriveTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapQueryInformation
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringW
TerminateProcess
FileTimeToLocalFileTime
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
GlobalUnlock
GlobalLock
GlobalAlloc
GetExitCodeThread
MulDiv
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetLongPathNameW
GetCommandLineW
CreateProcessW
GetModuleFileNameW
OpenEventW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
QueryPerformanceCounter
GetCurrentThread
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
AreFileApisANSI
GetCurrentDirectoryW
Sleep
SetEvent
ResetEvent
CreateEventW
lstrlenW
lstrcpyW
LoadLibraryW
GetProcAddress
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetTickCount
AttachConsole
WriteFile
WriteConsoleW
GetConsoleMode
GetLastError
GetFileType
GetStdHandle
FreeConsole
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
WaitForSingleObject
CloseHandle
ReadFile
CreateFileW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalFlags
GetModuleHandleW

user32

SendDlgItemMessageA
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
GetClassNameW
MessageBeep
GetWindowTextW
SetWindowTextW
RedrawWindow
EndPaint
BeginPaint
EnableMenuItem
KillTimer
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
GetDlgItem
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
MessageBoxW
GetDesktopWindow
SetRect
SystemParametersInfoW
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
GetForegroundWindow
SetFocus
EmptyClipboard
SetClipboardData
OpenClipboard
SetWindowPos
ShowWindow
CreateWindowExW
DefWindowProcW
DestroyIcon
GetParent
SendMessageW
EnableWindow
ValidateRect
GetActiveWindow
PostMessageW
CopyIcon
DrawFocusRect
OffsetRect
MapWindowPoints
GetMessagePos
DrawFrameControl
SetForegroundWindow
TranslateAcceleratorW
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
SetRectEmpty
FillRect
TabbedTextOutW
DrawStateW
GrayStringW
DrawTextExW
IsWindow
CharLowerBuffW
UnregisterClassW
GetKeyState
IsWindowVisible
DrawIcon
EndDialog
GetNextDlgTabItem
IsWindowEnabled
SetActiveWindow
ClientToScreen
GetDlgCtrlID
GetFocus
GetSystemMetrics
IsIconic
CopyRect
ReleaseDC
GetWindowTextLengthW
RegisterWindowMessageW
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsMenu
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetCapture
SetMenu
TrackPopupMenu
CloseClipboard
LoadCursorW
LoadBitmapW
SetCursor
SetTimer
LoadImageW
GetCursorPos
ScreenToClient
GetWindowRect
CreatePopupMenu
AppendMenuW
GetClientRect
GetSysColor
DrawTextW
LoadIconW
SetMenuItemInfoW
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
GetMenu
GetSubMenu
GetMenuItemID
GetSystemMenu
GetIconInfo
DrawIconEx
InvalidateRect
PtInRect
TrackMouseEvent
UpdateWindow
GetDC
GetScrollPos
SetPropW
GetPropW
RemovePropW
AdjustWindowRectEx
RealChildWindowFromPoint
GetSysColorBrush
CharUpperW
WindowFromPoint
DestroyMenu
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetMessageW
GetClassLongW
CallNextHookEx

gdi32

SetTextColor
CreateDIBSection
CreateDCW
CreateSolidBrush
SetMapMode
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
StretchDIBits
SetDIBitsToDevice
SetBkMode
SetBkColor
ExtSelectClipRgn
SaveDC
RealizePalette
RestoreDC
GetDIBits
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
ExtTextOutW
TextOutW
RectVisible
PtVisible
Escape
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
GetStockObject
DeleteDC
SetPixel
GetPixel
CreateCompatibleDC
GetObjectW
SelectObject
DeleteObject
GetTextExtentPoint32W

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueExW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ExtractIconExW
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_ReplaceIcon

shlwapi

PathIsDirectoryW
PathCompactPathW
StrFormatByteSizeW
PathStripPathW
PathMatchSpecW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFileExistsW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateGuid
CoInitialize

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetQueryOptionW
InternetSetOptionW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW

Sections

.text
Size: 893KB - Virtual size: 893KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9104dc8e7ad4ddd64ec7bc2dbfc4c381

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8b:d4:15:ce:b0:7b:09:8c:80:29:2f:f3:ee:e0:85:9e:96:cf:63:79:8d:76:e3:96:03:70:0f:a5:c1:26:fc:72Signer

36:c4:69:5d:5d:d3:d4:c7:21:36:fc:b0:d5:75:8d:3a:43:c3:30:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

psapi

oleacc

wininet

Sections

.text Size: 893KB - Virtual size: 893KB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 17KB - Virtual size: 30KB

.rsrc Size: 329KB - Virtual size: 329KB

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8b:d4:15:ce:b0:7b:09:8c:80:29:2f:f3:ee:e0:85:9e:96:cf:63:79:8d:76:e3:96:03:70:0f:a5:c1:26:fc:72
Signer

36:c4:69:5d:5d:d3:d4:c7:21:36:fc:b0:d5:75:8d:3a:43:c3:30:75
Signer

.text
Size: 893KB - Virtual size: 893KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 17KB - Virtual size: 30KB

.rsrc
Size: 329KB - Virtual size: 329KB