191bbf637696ece59a72a105bdcd7f9e175309fff88acc612c353cef8cdf5234[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

191bbf637696ece59a72a105bdcd7f9e175309fff88acc612c353cef8cdf5234.zip
Size

676KB
MD5

5c3db8dfd2143de8a035818c11faaf1e
SHA1

2c9f306c483660a64a17913c27053f680ee41576
SHA256

1fb3c6c03cbc0bd63d59f1f355047c7b5f16b0bd2d1f2c0f2f152718fb863c7b
SHA512

c967aff967ade69877e101144869b2aa3c58b95f031b80e7ed8c20df721a36025a9675fd5c3b26aa836cff793b7caf8ec7df70cab59414983a54d278e332c6c4
SSDEEP

12288:tBmk3XJNQxeaTCPKcCpW2AGRMalCP8rIPnIo0m6n9Sa5rroyFuePS/ti9s:HpyNSjGRXQnJ0mG9Sa5rrbW

Score

1^/10

Malware Config

Signatures

Files

191bbf637696ece59a72a105bdcd7f9e175309fff88acc612c353cef8cdf5234.zip
.zip

Password: infected
191bbf637696ece59a72a105bdcd7f9e175309fff88acc612c353cef8cdf5234.zip
.zip
purchase order T&B19-20PO128.bat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c6:3a:b7:af:95:33:64:b3:34:32:2a:f1:0f:6b:7e:4b:8e:5c:41:98:b7:e7:00:78:a9:e0:54:3c:50:22:3c:38
Signer

Actual PE Digest

c6:3a:b7:af:95:33:64:b3:34:32:2a:f1:0f:6b:7e:4b:8e:5c:41:98:b7:e7:00:78:a9:e0:54:3c:50:22:3c:38

Digest Algorithm

sha256

PE Digest Matches

false

80:76:74:6d:b4:7e:13:1c:10:03:e7:dc:d2:7f:df:89:3f:8e:3c:f6
Signer

Actual PE Digest

80:76:74:6d:b4:7e:13:1c:10:03:e7:dc:d2:7f:df:89:3f:8e:3c:f6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38Certificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38Certificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

c6:3a:b7:af:95:33:64:b3:34:32:2a:f1:0f:6b:7e:4b:8e:5c:41:98:b7:e7:00:78:a9:e0:54:3c:50:22:3c:38Signer

80:76:74:6d:b4:7e:13:1c:10:03:e7:dc:d2:7f:df:89:3f:8e:3c:f6Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 696KB - Virtual size: 696KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

c6:3a:b7:af:95:33:64:b3:34:32:2a:f1:0f:6b:7e:4b:8e:5c:41:98:b7:e7:00:78:a9:e0:54:3c:50:22:3c:38
Signer

80:76:74:6d:b4:7e:13:1c:10:03:e7:dc:d2:7f:df:89:3f:8e:3c:f6
Signer

.text
Size: 696KB - Virtual size: 696KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B