d8f4ab2a01c5d8ad7ffd4aec3cf93921[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d8f4ab2a01c5d8ad7ffd4aec3cf93921.bin
Size

1.0MB
MD5

c9dac071257f651d1341032780d0b977
SHA1

ff618bf21d0f5b99ac20613f4b05100e306cdd43
SHA256

56dd2688b98ea14fce49f55d1219303b96bf7f66a6bd757fff26ab396dea1c28
SHA512

8cfe9c0f71d4cd62fd95dc8c7d89021d0d8856be353bed45dffefd6fef1ff43af31a50c02cb22416564e6306a6e398575a6de8794509eaa157e7d9d195b2ad2a
SSDEEP

24576:bE0jay1NrTVD2hUREXQh7hDSzO44L50HsXIPmhW8Ps9gmuDn:Ba8xRD2hUREXQhVDSQL2HsvPygtn

Score

1^/10

Malware Config

Signatures

Files

d8f4ab2a01c5d8ad7ffd4aec3cf93921.bin
.zip

Password: infected
8b66a3ecbb30f4351758c45f1c11dfa8faa9804b2976e108e9557ba39bae3202.exe
.exe windows:5 windows x86 arch:x86

Password: infected

1e13c87ad8b783b6ccf9a85c1dc91764

Code Sign

54:d4:24:cf:9a:f9:24:6b:26:14:d0:3a:3a:48:70:ab
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

06/12/2022, 16:11

Not After

04/12/2024, 16:34

Subject

SERIALNUMBER=14380998,CN=SYSDEV LABORATORIES UK LIMITED,O=SYSDEV LABORATORIES UK LIMITED,L=Newport Pagnell,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:87:11:41:08:61:6e:e2:d5:41:0d:0b:5b:5a:e4:fc:eb:1f:99:a4:31:f1:7a:91:d7:96:86:14:98:b3:4e:ae
Signer

Actual PE Digest

06:87:11:41:08:61:6e:e2:d5:41:0d:0b:5b:5a:e4:fc:eb:1f:99:a4:31:f1:7a:91:d7:96:86:14:98:b3:4e:ae

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

SetLastError
SystemTimeToFileTime
GetLocalTime
GetExitCodeThread
CreateThread
Sleep
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesW
GetTempPathW
MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
FindClose
FindFirstFileW
CreateDirectoryW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpW
GetSystemTimeAsFileTime
RemoveDirectoryW
FindNextFileW
DeleteFileW
GetEnvironmentVariableW
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
lstrcmpiW
LoadLibraryA
SetEnvironmentVariableW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
GetTickCount
WriteFile
CreateFileW
GetDriveTypeW
SetFileAttributesW
LockResource
LoadResource
FindResourceA
MulDiv
GetSystemDirectoryW
ResumeThread
TerminateThread
SuspendThread
LocalFree
lstrcpyW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
GetFileInformationByHandle
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
GetLastError
WaitForSingleObject
CloseHandle
GetProcAddress
lstrlenW
GetCurrentThreadId
UnhandledExceptionFilter

user32

ShowWindow
ReleaseDC
DrawTextW
GetDC
ClientToScreen
DialogBoxIndirectParamW
MessageBeep
DrawIconEx
GetWindowDC
CallWindowProcW
DefWindowProcW
LoadIconW
IsWindow
GetWindowLongW
GetSystemMenu
wvsprintfW
GetDlgItem
GetSystemMetrics
GetKeyState
MessageBoxA
SetWindowTextW
GetParent
LoadImageW
GetWindow
SetWindowPos
SystemParametersInfoW
SetFocus
CallNextHookEx
EnableWindow
KillTimer
SendMessageW
EndDialog
wsprintfW
SetWindowLongW
SetWindowsHookExW
SetTimer
GetClientRect
EnableMenuItem
PtInRect
CharUpperW
GetWindowTextW
GetWindowTextLengthW
ScreenToClient
GetWindowRect
UnhookWindowsHookEx

gdi32

CreateFontIndirectW
SelectObject
GetDeviceCaps
GetObjectW
DeleteObject

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW

ole32

CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
SysAllocStringLen

msvcrt

wcsncpy
_wcsnicmp
strncpy
memmove
wcsncmp
memcpy
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__CxxFrameHandler3
_CxxThrowException
malloc
free
wcsstr
wcscmp
_beginthreadex
_except_handler3
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memset
_wtol
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1e13c87ad8b783b6ccf9a85c1dc91764

Code Sign

54:d4:24:cf:9a:f9:24:6b:26:14:d0:3a:3a:48:70:abCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

06:87:11:41:08:61:6e:e2:d5:41:0d:0b:5b:5a:e4:fc:eb:1f:99:a4:31:f1:7a:91:d7:96:86:14:98:b3:4e:aeSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 10KB

.rsrc Size: 17KB - Virtual size: 17KB

54:d4:24:cf:9a:f9:24:6b:26:14:d0:3a:3a:48:70:ab
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

06:87:11:41:08:61:6e:e2:d5:41:0d:0b:5b:5a:e4:fc:eb:1f:99:a4:31:f1:7a:91:d7:96:86:14:98:b3:4e:ae
Signer

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 10KB

.rsrc
Size: 17KB - Virtual size: 17KB