tehtris_offline_forensic_2[.]6[.]0[.]0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

tehtris_offline_forensic_2.6.0.0.exe
Size

14.8MB
MD5

b24e639470b5cc0a46baa9fec06504af
SHA1

9eed36e3dc36693372baeef8538d3024e75b8d79
SHA256

1448e64b1323ae0ee97bcd7d712f8cb3a501c7fa06fb486f15da3601f1fa0a09
SHA512

a64578152ecdaf9039ca99253e7108cb4fa7c12173467185dcddd5dc1053d7d75d26a476202a9c1e4fd655c90fd9e88861db3cfa2b1952039936615b29e20e71
SSDEEP

393216:nRNR3iYOSiUq075W+4nHOdvQRjlTKKvYqFHj7ybKxg:nrdDObodvQRjhLYQPyGxg

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Files

tehtris_offline_forensic_2.6.0.0.exe
.exe windows:4 windows x86 arch:x86

4e3e7ce958acceeb80e70eeb7d75870e

Code Sign

06:65:32:8a:22:f9:ac:a9:00:2c:17:9c:18:01:32:37
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-05-2018 00:00

Not After

29-04-2021 12:00

Subject

SERIALNUMBER=521 474 445 00017,CN=TEHTRI-Security,O=TEHTRI-Security,L=PARIS,C=FR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:65:32:8a:22:f9:ac:a9:00:2c:17:9c:18:01:32:37
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-05-2018 00:00

Not After

29-04-2021 12:00

Subject

SERIALNUMBER=521 474 445 00017,CN=TEHTRI-Security,O=TEHTRI-Security,L=PARIS,C=FR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:1a:53:39:ba:75:e1:0e:3a:3e:d3:64:62:07:7a:29:04:e2:78:5f:79:eb:d8:4a:34:23:4e:ed:cc:ba:14:01
Signer

Actual PE Digest

fb:1a:53:39:ba:75:e1:0e:3a:3e:d3:64:62:07:7a:29:04:e2:78:5f:79:eb:d8:4a:34:23:4e:ed:cc:ba:14:01

Digest Algorithm

sha256

PE Digest Matches

true

91:16:fe:6d:2b:ff:a4:05:e5:a9:be:7f:04:a1:64:74:eb:05:40:dc
Signer

Actual PE Digest

91:16:fe:6d:2b:ff:a4:05:e5:a9:be:7f:04:a1:64:74:eb:05:40:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argc
__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_findclose
_fileno
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_iob
_lock
_onexit
_setmode
_stat
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst
_wfindnext
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
main.pyc

Sharing

General

Malware Config

Signatures

Files

4e3e7ce958acceeb80e70eeb7d75870e

Code Sign

06:65:32:8a:22:f9:ac:a9:00:2c:17:9c:18:01:32:37Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

06:65:32:8a:22:f9:ac:a9:00:2c:17:9c:18:01:32:37Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fb:1a:53:39:ba:75:e1:0e:3a:3e:d3:64:62:07:7a:29:04:e2:78:5f:79:eb:d8:4a:34:23:4e:ed:cc:ba:14:01Signer

91:16:fe:6d:2b:ff:a4:05:e5:a9:be:7f:04:a1:64:74:eb:05:40:dcSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 52B

.rdata Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 49KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 60KB - Virtual size: 60KB

06:65:32:8a:22:f9:ac:a9:00:2c:17:9c:18:01:32:37
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

06:65:32:8a:22:f9:ac:a9:00:2c:17:9c:18:01:32:37
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fb:1a:53:39:ba:75:e1:0e:3a:3e:d3:64:62:07:7a:29:04:e2:78:5f:79:eb:d8:4a:34:23:4e:ed:cc:ba:14:01
Signer

91:16:fe:6d:2b:ff:a4:05:e5:a9:be:7f:04:a1:64:74:eb:05:40:dc
Signer

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 49KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 60KB - Virtual size: 60KB