cf15ed86315ab1a94996fb69ef157005[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

cf15ed86315ab1a94996fb69ef157005.bin
Size

45.3MB
MD5

0ac9ae83df41e3dac0155a17383735ea
SHA1

6f26f99b2df1d4f21bb7539e62b8fbb237b0526a
SHA256

2f2c9c9667f199055392aa8787bab2bc8b8875eed5062c2525223151f7fb10bb
SHA512

5ece53cd8dc8590b770a2316a2f65ef009755bcae9e91692921b2518a8f11183971581a37d916ea919a1f68db3809d597e44f6168a743a246c79986b0fe89f97
SSDEEP

786432:TqqV3fvKMSFd8G/fMYw4i0O8XhdX4La+gDEL/1qowRHsxmfzAQ1TexXF1ZYmbR0F:T9PvKMxgUvQ3Cgetqo0iAkQoxVb+AQR

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/175eb4505659184198a6dacaf5c52bf80c9b10f168b081a07e3457058cc51e89.exe	pyinstaller

Files

cf15ed86315ab1a94996fb69ef157005.bin
.zip

Password: infected
175eb4505659184198a6dacaf5c52bf80c9b10f168b081a07e3457058cc51e89.exe
.exe windows:4 windows x86 arch:x86

Password: infected

e9d858bf5cc2b22933333fd98518c716

Code Sign

0f:d8:54:3a:f7:a2:21:c5:1c:f9:06:16:5b:1c:c0:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/05/2022, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Electrum Technologies GmbH,O=Electrum Technologies GmbH,L=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:ee:11:98:2e:c8:b0:10:be:57:0b:e8:31:fb:48:75:be:5e:bf:d0:9c:be:f9:68:32:b5:f2:1a:4f:5e:0a:55
Signer

Actual PE Digest

71:ee:11:98:2e:c8:b0:10:be:57:0b:e8:31:fb:48:75:be:5e:bf:d0:9c:be:f9:68:32:b5:f2:1a:4f:5e:0a:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken

comctl32

LoadIconMetric

gdi32

CreateFontIndirectW
DeleteObject
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FormatMessageW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetTempPathW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalFree
MulDiv
MultiByteToWideChar
SetConsoleCtrlHandler
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argc
__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_filelengthi64
_fileno
_findclose
_get_osfhandle
_initterm
_iob
_lock
_onexit
_setmode
_snwprintf
fwprintf
_unlock
_wcsdup
_wfopen
_wfullpath
_wputenv_s
_wremove
_wrmdir
_wtempnam
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fprintf
fputc
fputwc
fread
free
fsetpos
fwrite
iswctype
localeconv
malloc
mbstowcs
memcmp
memcpy
memset
perror
realloc
setbuf
setlocale
signal
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strtok
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcstombs
_wstat
_wfindnext
_wfindfirst
_stat
_wcsdup
_strdup
_getpid
_fileno

user32

CreateWindowExW
DestroyIcon
DialogBoxIndirectParamW
DrawTextW
EndDialog
GetClientRect
GetDC
GetDialogBaseUnits
GetWindowLongW
InvalidateRect
MessageBoxA
MessageBoxW
MoveWindow
ReleaseDC
SendMessageW
SetWindowLongW
SystemParametersInfoW

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bitcoin.pyc
camera_dialog.pyc
commands.pyc
dnssec.pyc
main_window.pyc
run_electrum.pyc
simple_config.pyc
text.pyc
util.pyc
wallet.pyc

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e9d858bf5cc2b22933333fd98518c716

Code Sign

0f:d8:54:3a:f7:a2:21:c5:1c:f9:06:16:5b:1c:c0:e4Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

71:ee:11:98:2e:c8:b0:10:be:57:0b:e8:31:fb:48:75:be:5e:bf:d0:9c:be:f9:68:32:b5:f2:1a:4f:5e:0a:55Signer

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 124B

.rdata Size: 23KB - Virtual size: 22KB

/4 Size: 10KB - Virtual size: 10KB

.bss Size: - Virtual size: 59KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 64KB - Virtual size: 68KB

0f:d8:54:3a:f7:a2:21:c5:1c:f9:06:16:5b:1c:c0:e4
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

71:ee:11:98:2e:c8:b0:10:be:57:0b:e8:31:fb:48:75:be:5e:bf:d0:9c:be:f9:68:32:b5:f2:1a:4f:5e:0a:55
Signer

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 124B

.rdata
Size: 23KB - Virtual size: 22KB

/4
Size: 10KB - Virtual size: 10KB

.bss
Size: - Virtual size: 59KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 64KB - Virtual size: 68KB