sdfjh28H3h[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

sdfjh28H3h.rar
Size

2.9MB
MD5

08cf889f1bcf5a3674abaf1b89cac614
SHA1

734667bb3b288f1a993e1edbe182b5f4f750a466
SHA256

d4591706c72d82b296f2b686e23d6093fe6b3a207137043e9f8c87e1d267a28a
SHA512

109475a1748df71464a6070d7f174c9033eb4ae9ed3d2e40c84461ad8f91340e2b9e81a3bda03e716be1e73d9d33d296e572dcc4ad01eb7bffe27e860e97d416
SSDEEP

49152:Qy29caVxSGHyxCeu8/OiM2kb+4sknihrIVNHKY/P+FFI9ad6dScC+PDQI+fMl5XP:92SuxjHp6lkbRsfap+F1dWScE4vXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Teen.dll
unpack001/kjh37fyB3v.exe

Files

sdfjh28H3h.rar
.rar
System.Runtime.CompilerServices.Unsafe.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/02/2021, 20:09

Not After

10/02/2022, 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7
Signer

Actual PE Digest

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Teen.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\users\azez\documents\visual studio 2013\Projects\Teen\Teen\obj\Debug\Teen.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kjh37fyB3v.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\repos-backup\2K24 AIO V2\2K24 AIO V2\bin\x64\Debug\xVM_Protected\kjh37fyB3v.pdb

Sections

Dg}sh*
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

y?Gp# ;
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 31KB - Virtual size: 31KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

Dg}sh* Size: 103KB - Virtual size: 103KB

.text Size: 3.0MB - Virtual size: 3.0MB

y?Gp# ; Size: 4KB - Virtual size: 4KB

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7
Signer

.text
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 31KB - Virtual size: 31KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

Dg}sh*
Size: 103KB - Virtual size: 103KB

.text
Size: 3.0MB - Virtual size: 3.0MB

y?Gp# ;
Size: 4KB - Virtual size: 4KB