c64e1c2d7f1784b31ab8faf45e46d156[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

c64e1c2d7f1784b31ab8faf45e46d156.bin
Size

20.9MB
MD5

c64e1c2d7f1784b31ab8faf45e46d156
SHA1

4170d2e520012676590106b2bd386eb6a043ba07
SHA256

b19cccfaf7cc1ab95b80a8b418aec00d065edc43705d430ea1666162f0fa254e
SHA512

8e69abef113ce1ef949452e4d767dc3d97033dcd29f404cf8cd7c4fb53eea05e0d2101f0ff68d87d0f64a6333ac50262f1371a42939462c280fb7f0e95f76f1a
SSDEEP

393216:P1FEgXrsz6NCHdEjTi6POqQOjt/fNfJS2DSnDbCl8I23zOIWstb/Oho:P1pbsWQ9LtOdVfJfDqmal3g0b/OG

Score

1^/10

Malware Config

Signatures

Files

c64e1c2d7f1784b31ab8faf45e46d156.bin
.zip

Password: infected
KORGPAManager.exe
.exe windows:4 windows x86 arch:x86

Password: infected

09d0478591d4f788cb3e5ea416c25237

Code Sign

36:02:61:76:36:e7:03:4b:9c:c1:fc:5f:fe:ac:2d:54
Certificate

Issuer

CN=Sectigo Public Code Signing Root E46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA E36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:98:dd:0d:21:f9:ab:de:8f:cf:92:0f:1c:22:03:d2
Certificate

Issuer

CN=Sectigo Public Code Signing CA E36,O=Sectigo Limited,C=GB

Not Before

05/07/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Alien Soft,O=Alien Soft,ST=London\, City of,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:b3:60:02:89:59:a2:7f:84:65:c9:e6:b1:8d:ba:cb
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/02/2023, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root E46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:29:32:98:e7:87:fb:1e:b8:d2:01:8e:ab:68:1c:d0:5d:9c:cf:5c:ea:90:76:09:36:a6:4e:71:18:88:7a:52
Signer

Actual PE Digest

f4:29:32:98:e7:87:fb:1e:b8:d2:01:8e:ab:68:1c:d0:5d:9c:cf:5c:ea:90:76:09:36:a6:4e:71:18:88:7a:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 20.3MB - Virtual size: 59.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Languages/ar-JO.ini
Languages/az-AZ.ini
Languages/bg-BG.ini
Languages/cn-CN.ini
Languages/cz-CZ.ini
Languages/da-DK.ini
Languages/de-DE.ini
Languages/en-GB.ini
Languages/es-SP.ini
Languages/fr-FR.ini
Languages/gr-GR.ini
Languages/he-HE.ini
Languages/hr-HR.ini
Languages/hu-HU.ini
Languages/it-IT.ini
Languages/ku-SO.ini
Languages/mk-MK.ini
Languages/nl-NL.ini
Languages/pe-PE.ini
Languages/pl-PL.ini
Languages/pt-PT.ini
Languages/ro-RO.ini
Languages/ru-RU.ini
Languages/sk-SK.ini
Languages/sq-AL.ini
Languages/sr-SR.ini
Languages/sv-SV.ini
Languages/tr-TR.ini
Languages/uz-UZ.ini
Languages/vi-VI.ini

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

09d0478591d4f788cb3e5ea416c25237

Code Sign

36:02:61:76:36:e7:03:4b:9c:c1:fc:5f:fe:ac:2d:54Certificate

Extended Key Usages

Key Usages

7d:98:dd:0d:21:f9:ab:de:8f:cf:92:0f:1c:22:03:d2Certificate

Extended Key Usages

Key Usages

d5:b3:60:02:89:59:a2:7f:84:65:c9:e6:b1:8d:ba:cbCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f4:29:32:98:e7:87:fb:1e:b8:d2:01:8e:ab:68:1c:d0:5d:9c:cf:5c:ea:90:76:09:36:a6:4e:71:18:88:7a:52Signer

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 20.3MB - Virtual size: 59.2MB

.rsrc Size: 512KB - Virtual size: 512KB

36:02:61:76:36:e7:03:4b:9c:c1:fc:5f:fe:ac:2d:54
Certificate

7d:98:dd:0d:21:f9:ab:de:8f:cf:92:0f:1c:22:03:d2
Certificate

d5:b3:60:02:89:59:a2:7f:84:65:c9:e6:b1:8d:ba:cb
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f4:29:32:98:e7:87:fb:1e:b8:d2:01:8e:ab:68:1c:d0:5d:9c:cf:5c:ea:90:76:09:36:a6:4e:71:18:88:7a:52
Signer

.text
Size: 20.3MB - Virtual size: 59.2MB

.rsrc
Size: 512KB - Virtual size: 512KB