TPBootstrapper[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TPBootstrapper.zip
Size

860KB
MD5

4610239a19681d81de25a887570df34a
SHA1

e4e74b015d3aa2fdc1dfc6ef22660d8661b63a92
SHA256

2cd2c0303e07b308424b56662f8561148d2d8e33b357bde80ac47b5f6eba9c31
SHA512

84bcde40ebd1013206e16135227908a326d5e4390a12cd9618a9474a737884007b047d0245e54419d3b090242a9c3e1ee92f23b8e1789293b3357b965476a481
SSDEEP

24576:RNuUJvgK4uYD0paATNAc0cdWJMg7cRtFeXT7F21sqk:RNuUvgyYYaeNtg7cRtI/8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoUpdater.NET.dll
unpack001/Octokit.dll
unpack001/TPBootstrapper.exe

Files

TPBootstrapper.zip
.zip
AutoUpdater.NET.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\AutoUpdater.NET\AutoUpdater.NET\obj\Release-NET40\AutoUpdater.NET.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoUpdater.NET.pdb
Lib/AutoUpdater.NET.xml
.xml
Lib/Octokit.xml
.xml
Lib/Ookii.Dialogs.Wpf.xml
.xml
Octokit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Octokit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ookii.Dialogs.Wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:00:c0:d4:41:5d:1f:88:b0:ec:8a:df:1a:b9:b5:af
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

04/09/2008, 00:00

Not After

04/09/2009, 23:59

Subject

CN=Sven Groot,O=Sven Groot,POSTALCODE=3328 CS,STREET=Zwaluwenburg 81,L=Dordrecht,ST=Zuid-Holland,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:ce:bf:bb:bf:fa:10:a0:ec:b2:d9:ad:12:86:f0:51:3d:7a:f5:80
Signer

Actual PE Digest

2d:ce:bf:bb:bf:fa:10:a0:ec:b2:d9:ad:12:86:f0:51:3d:7a:f5:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Sven\Documents\Visual Studio 2008\Projects\Ookii.Dialogs\Ookii.Dialogs.Wpf\obj\Release\Ookii.Dialogs.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPBootstrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\tpbootstrapper\TPBootstrapper\obj\Release\TPBootstrapper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPBootstrapper.pdb

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 414KB - Virtual size: 413KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 956KB - Virtual size: 956KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

a8:00:c0:d4:41:5d:1f:88:b0:ec:8a:df:1a:b9:b5:afCertificate

Extended Key Usages

Key Usages

2d:ce:bf:bb:bf:fa:10:a0:ec:b2:d9:ad:12:86:f0:51:3d:7a:f5:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 99KB - Virtual size: 99KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 165KB - Virtual size: 165KB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 414KB - Virtual size: 413KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 956KB - Virtual size: 956KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

a8:00:c0:d4:41:5d:1f:88:b0:ec:8a:df:1a:b9:b5:af
Certificate

2d:ce:bf:bb:bf:fa:10:a0:ec:b2:d9:ad:12:86:f0:51:3d:7a:f5:80
Signer

.text
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 165KB - Virtual size: 165KB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 512B - Virtual size: 12B