MDE_File_Sample_2aa66c9f04f9d503253ee3a0704edb6a7cd97da3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_2aa66c9f04f9d503253ee3a0704edb6a7cd97da3.zip
Size

65KB
MD5

54017ea620e08c5866c2905e05a3a52f
SHA1

4894ceb62bd64a9f27eb84c07c009ba8dc222d58
SHA256

bd8350c83e9d944017111789426c726cbfc8f9fb2d015515748a01818b0331d8
SHA512

5fbda6bdfa11d59507a5930b4ceb4a696d6c1de8fc5dc1006d86e50bd7b16f00995d10d4becbbf607e438a6640660a630ba08f17018e9b631d954c30cee5e507
SSDEEP

1536:gNFAGrYG96OI8r1iFOIMu1Cn6jD5BmCJeQ4revQuOY:aFAGrYG9e8r44G1Cn6ZBIQ4re4uH

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_2aa66c9f04f9d503253ee3a0704edb6a7cd97da3.zip
.zip

Password: 12345
sar3vh4d.one
.dll windows:4 windows x86 arch:x86

Password: 12345

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:76:c2:ce:62:e9:0e:5d:85:3e:00:00:00:00:00:76
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:40

Not After

04/09/2016, 17:40

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:11

Not After

01/01/2016, 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:7c:dd:01:8b:31:81:cf:4d:75:89:fd:9f:27:dc:f2:69:10:5e:2a:53:d8:77:87:58:a8:7d:21:b2:ed:04:48
Signer

Actual PE Digest

74:7c:dd:01:8b:31:81:cf:4d:75:89:fd:9f:27:dc:f2:69:10:5e:2a:53:d8:77:87:58:a8:7d:21:b2:ed:04:48

Digest Algorithm

sha256

PE Digest Matches

true

4c:44:91:e2:98:86:d8:22:92:25:e3:c7:86:a5:bd:6f:e1:48:e4:8a
Signer

Actual PE Digest

4c:44:91:e2:98:86:d8:22:92:25:e3:c7:86:a5:bd:6f:e1:48:e4:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 12345

Password: 12345

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:76:c2:ce:62:e9:0e:5d:85:3e:00:00:00:00:00:76Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

74:7c:dd:01:8b:31:81:cf:4d:75:89:fd:9f:27:dc:f2:69:10:5e:2a:53:d8:77:87:58:a8:7d:21:b2:ed:04:48Signer

4c:44:91:e2:98:86:d8:22:92:25:e3:c7:86:a5:bd:6f:e1:48:e4:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 132KB - Virtual size: 131KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:00:76:c2:ce:62:e9:0e:5d:85:3e:00:00:00:00:00:76
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

74:7c:dd:01:8b:31:81:cf:4d:75:89:fd:9f:27:dc:f2:69:10:5e:2a:53:d8:77:87:58:a8:7d:21:b2:ed:04:48
Signer

4c:44:91:e2:98:86:d8:22:92:25:e3:c7:86:a5:bd:6f:e1:48:e4:8a
Signer

.text
Size: 132KB - Virtual size: 131KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B