Astro [Cracked][.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Astro [Cracked].zip
Size

2.8MB
MD5

0875ffa2e9dca644382b925979fb73ae
SHA1

5d080e9f07944018cb4b59fde831763c7f7533d5
SHA256

d27c5f6fe41ee842f7cc7655f004599c950ad3b6c267912975b2840c1b7828a2
SHA512

1302b5638387c517b565cdec392a0a890740343bcb7c26dce7a5bafa5892325a55d13519c946dfeb5dc2bfdd00a82f1325d6c4f77d6be782a262d18b4ed73ae0
SSDEEP

49152:Cc04bSYY7+1/e62xEOiWoP8TJjjO0XZRMuI1Y7whyaZaYOxmFFO5cZ+cbJL:CcqL62xEOS01jj5ZG1ZaYOxmFF0c5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Astro [Cracked]/Astro.exe
unpack001/Astro [Cracked]/ReaLTaiizor.dll

Files

Astro [Cracked].zip
.zip
Astro [Cracked]/Astro.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Astro [Cracked]/ReaLTaiizor.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/ReaLTaiizor/obj/Release/net48/ReaLTaiizor.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Astro [Cracked]/System.CodeDom.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-10-2021 18:45

Not After

13-10-2022 18:45

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:84:4c:17:08:39:e9:41:3e:9d:9f:18:6e:ca:2c:42:c6:4a:02:10:4e:b9:d3:34:21:bb:63:17:1c:da:0c:8f
Signer

Actual PE Digest

61:84:4c:17:08:39:e9:41:3e:9d:9f:18:6e:ca:2c:42:c6:4a:02:10:4e:b9:d3:34:21:bb:63:17:1c:da:0c:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/System.CodeDom/Release/net462/System.CodeDom.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 570KB - Virtual size: 570KB

.rsrc Size: 262KB - Virtual size: 261KB

.reloc Size: 512B - Virtual size: 12B

.text Size: 405KB - Virtual size: 404KB

.rsrc Size: 262KB - Virtual size: 261KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

61:84:4c:17:08:39:e9:41:3e:9d:9f:18:6e:ca:2c:42:c6:4a:02:10:4e:b9:d3:34:21:bb:63:17:1c:da:0c:8fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 18KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 570KB - Virtual size: 570KB

.rsrc
Size: 262KB - Virtual size: 261KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 405KB - Virtual size: 404KB

.rsrc
Size: 262KB - Virtual size: 261KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

61:84:4c:17:08:39:e9:41:3e:9d:9f:18:6e:ca:2c:42:c6:4a:02:10:4e:b9:d3:34:21:bb:63:17:1c:da:0c:8f
Signer

.text
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B