b20682412165f6a01fc877eeedce94553542d45c8fd952c5198a95984b17f92f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b20682412165f6a01fc877eeedce94553542d45c8fd952c5198a95984b17f92f.exe
Size

812KB
MD5

5a97f5e907d0d08e660191e5b340ea4a
SHA1

4ff5d824392c7b3fd7b2d13d657cb20020934532
SHA256

b20682412165f6a01fc877eeedce94553542d45c8fd952c5198a95984b17f92f
SHA512

eca2a2d33c9b12cbce1e082fdb553b6279e1fb2abc1e4aad1b5cb0f7cc0f021638a7241b00aef0189c730d7fdbed3778761bdaf833f7d377f71709acd0088f5a
SSDEEP

6144:W9/XXL5hWSEfh8uveT25mbkYjF/mbkYjFJRHpV3x:W9/XXL5xs62QwYjFuwYjFJ/Vh

Score

10^/10

Malware Config

Signatures

Detects executables packed with Babel 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Babel

Files

b20682412165f6a01fc877eeedce94553542d45c8fd952c5198a95984b17f92f.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

09:9d:34:ea:51:15:c0:08:6c:e9:6d:b7:2e:eb:20:47
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-03-2021 00:00

Not After

29-03-2023 23:59

Subject

SERIALNUMBER=4559077,CN=Bluestack Systems\, Inc,O=Bluestack Systems\, Inc,L=Campbell,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9c:15:1d:5f:79:31:3c:f2:60:8e:44:92:f2:59:48:9d:c7:b9:74:1b:21:86:35:4d:f7:16:e6:3e:1a:9f:42:f0
Signer

Actual PE Digest

9c:15:1d:5f:79:31:3c:f2:60:8e:44:92:f2:59:48:9d:c7:b9:74:1b:21:86:35:4d:f7:16:e6:3e:1a:9f:42:f0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

09:9d:34:ea:51:15:c0:08:6c:e9:6d:b7:2e:eb:20:47Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

9c:15:1d:5f:79:31:3c:f2:60:8e:44:92:f2:59:48:9d:c7:b9:74:1b:21:86:35:4d:f7:16:e6:3e:1a:9f:42:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 257KB - Virtual size: 256KB

.rsrc Size: 366KB - Virtual size: 366KB

.reloc Size: 512B - Virtual size: 12B

09:9d:34:ea:51:15:c0:08:6c:e9:6d:b7:2e:eb:20:47
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9c:15:1d:5f:79:31:3c:f2:60:8e:44:92:f2:59:48:9d:c7:b9:74:1b:21:86:35:4d:f7:16:e6:3e:1a:9f:42:f0
Signer

.text
Size: 257KB - Virtual size: 256KB

.rsrc
Size: 366KB - Virtual size: 366KB

.reloc
Size: 512B - Virtual size: 12B