CFDI8320e9890-a437239bd3233-b454ac564f31940377[.]iso

Sharing

Copy URL Twitter E-mail

General

Target

CFDI8320e9890-a437239bd3233-b454ac564f31940377.iso
Size

1022KB
MD5

573ded237a6fc58fe4fa03b3855fee13
SHA1

8da982f2c43ee3539f79d91039bcb2d15d3543b9
SHA256

e42839a90613b81701131eb31b4f4bfa865d18168a15088ba7f2da96ba32f431
SHA512

cd6de0ea46ee509b86c4046c2c5beb2caca9a7b162c5d6dd94dfb5a84165a209d73fdbb2f31597c6047609acafed138beb136c43175f6da315f8150cd876432b
SSDEEP

24576:/MUro9WB0ptkC/x4t3BsMim7N9/rSfbs:CeKkC/x41txld

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/CFDI8320e9890-a437239bd3233-b454ac564f31940377/CFDI8320e9890-a437239bd3233-b454ac564f31940377.dll

Files

CFDI8320e9890-a437239bd3233-b454ac564f31940377.iso
.iso
out.iso
.iso
CFDI8320e9890-a437239bd3233-b454ac564f31940377.pdf.lnk
.lnk
CFDI8320e9890-a437239bd3233-b454ac564f31940377/CFDI8320e9890-a437239bd3233-b454ac564f31940377.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

;x|
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI8320e9890-a437239bd3233-b454ac564f31940377/CFDI8320e9890-a437239bd3233-b454ac564f31940377.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12B4-2D5F-87D4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

Actual PE Digest

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb

Digest Algorithm

sha256

PE Digest Matches

true

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

Actual PE Digest

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI8320e9890-a437239bd3233-b454ac564f31940377/CFDI8320e9890-a437239bd3233-b454ac564f31940377.exe.config
.xml
CFDI8320e9890-a437239bd3233-b454ac564f31940377/CFDI8320e9890-a437239bd3233-b454ac564f31940377.pdf
.pdf
- http://rosys.com.mx

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

;x| Size: 478KB - Virtual size: 477KB

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 814B

Size: 512B - Virtual size: 144B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bcCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bbSigner

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 223KB - Virtual size: 222KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

;x|
Size: 478KB - Virtual size: 477KB

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 814B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

.text
Size: 223KB - Virtual size: 222KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B