C:\Flashh\Flashh\obj\x86\Debug\Flashh.pdb
Static task
static1
1 signatures
General
-
Target
wallet.zip
-
Size
26.2MB
-
MD5
b86417082ebda5d7b472df36984c36b9
-
SHA1
c522a58b49f4a51748b72cc3daa6db68905c77aa
-
SHA256
42bdc7ce9209bbaae386eaf3ebe6b5dc6a95645ae7d76e4f7f1394acce3f754a
-
SHA512
443a48dc687bdb1ab1701235be76afcf30dd82f2e264701be0a1c9fa12282e82e5d4b5b09da3fa38f6f6c3c69a247a0701e744ca279d926f6e535c75597c26ea
-
SSDEEP
786432:SXtv6FHH8kzCCgroI6o/1lOIexfHnZbZol3X:Sd6zYroU/1luUlH
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/flash_btc_transaction/Flash BTC Transaction 2024.exe
Files
-
wallet.zip.zip
-
flash_btc_transaction.zip.zip
-
flash_btc_transaction/Flash BTC Transaction 2024.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 509KB - Virtual size: 509KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
flash_btc_transaction/Flash.pdb
-
flash_btc_transaction/Flash.vshost.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
61:19:cc:93:00:01:00:00:00:66Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before10/10/2011, 20:32Not After10/01/2013, 20:32SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:05:13:36:00:00:00:00:00:1aCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2011, 20:42Not After25/10/2012, 20:42SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/07/2012, 00:14Not After07/10/2013, 00:14SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
22:64:5f:e5:cf:38:f2:a2:a8:69:b4:29:9f:d2:ac:e1:72:43:a2:c4:35:f0:35:c1:ce:91:a1:5b:f4:6c:43:dcSigner
Actual PE Digest22:64:5f:e5:cf:38:f2:a2:a8:69:b4:29:9f:d2:ac:e1:72:43:a2:c4:35:f0:35:c1:ce:91:a1:5b:f4:6c:43:dcDigest Algorithmsha256PE Digest Matchestrue62:ac:05:0a:9d:d8:fe:44:a8:ef:62:6a:b5:a0:96:e3:c9:0a:46:e0Signer
Actual PE Digest62:ac:05:0a:9d:d8:fe:44:a8:ef:62:6a:b5:a0:96:e3:c9:0a:46:e0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
f:\binaries\Intermediate\vsproject\vshost32.csproj__1853760103\objr\x86\vshost32.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
flash_btc_transaction/Flash.vshost.exe.config
-
flash_btc_transaction/Flash.vshost.exe.manifest
-
flash_btc_transaction/Flash.xml
-
flash_btc_transaction/Flash_core.exe.config
-
flash_btc_transaction/blockchain.server.btc.exe windows:5 windows x86 arch:x86
20dd26497880c05caed9305b3c8b9109
Code Sign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/01/2021, 00:00Not After06/01/2031, 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/03/2021, 00:00Not After24/03/2024, 23:59SubjectCN=IObit CO.\, LTD,O=IObit CO.\, LTD,POSTALCODE=610042,STREET=No. 605\, 6th Floor\, Unit 1\, Building 1+STREET=45 Renmin South Road,L=Chengdu Shi,ST=Sichuan Sheng,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/03/2021, 00:00Not After24/03/2024, 23:59SubjectCN=IObit CO.\, LTD,O=IObit CO.\, LTD,POSTALCODE=610042,STREET=No. 605\, 6th Floor\, Unit 1\, Building 1+STREET=45 Renmin South Road,L=Chengdu Shi,ST=Sichuan Sheng,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12/01/2016, 00:00Not After11/01/2031, 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23/12/2017, 00:00Not After22/03/2029, 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
5e:2b:73:aa:a9:5a:89:ff:37:44:88:ac:0f:bb:66:11:7f:6b:21:83:df:56:fe:a6:6f:58:83:c2:39:d8:8b:c8Signer
Actual PE Digest5e:2b:73:aa:a9:5a:89:ff:37:44:88:ac:0f:bb:66:11:7f:6b:21:83:df:56:fe:a6:6f:58:83:c2:39:d8:8b:c8Digest Algorithmsha256PE Digest Matchestrue26:1f:14:54:37:8e:90:e2:7e:1e:9c:4d:5c:b6:be:1a:6b:22:fc:21Signer
Actual PE Digest26:1f:14:54:37:8e:90:e2:7e:1e:9c:4d:5c:b6:be:1a:6b:22:fc:21Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
user32
GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW
kernel32
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep
comctl32
InitCommonControls
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 21KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
wallet.txt