2[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

2.rar
Size

517KB
MD5

2dd4679c7dfd3376d0bc13fab974873e
SHA1

2a96702e97cfd9d1b596a13586932f75b72bff86
SHA256

3d00b02c0eea697a210017a42aa7a4877d8bdb47eba87fa61ebe6daf10c85618
SHA512

09069fd537ea513a4e3920efab0ad60e8feed22764e4deab2fbd5676d480b1318449e4dad4e07f1d76ad629fd3f3ea082a97a8ae3d2dc3af6f3bca53b99a2fe9
SSDEEP

12288:o3RBgLHuJSEnHBVrKy4D0PmSrRiP3QxfH/uU8eGJ0PKBVZKp7LyZOvUJ:ABgiJSEnHDriDQmgRc3QxgDJ0PKPZwAJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Polazert_without_cert.exe.vir

Files

2.rar
.rar
Polazert_with_cert.exe.vir
.exe .ps1 windows:4 windows x64 arch:x64 polyglot

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2020 00:00

Not After

18-03-2045 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:f3:59:22:b7:51:26:67:69:12:3c:b9
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2024 03:21

Not After

25-05-2025 03:21

Subject

SERIALNUMBER=0110012801,CN=SMART AC VIET NAM TM & DV JOINT STOCK COMPANY,OU=IT Department,O=SMART AC VIET NAM TM & DV JOINT STOCK COMPANY,STREET=Nhà số 3\, ngõ 268/58/6 Ngọc Thụy\, Phường Ngọc Thuỵ\, Quận Long Biên,L=Ha Noi,ST=Ha Noi,C=VN,1.3.6.1.4.1.311.60.2.1.2=#13064861204e6f69,1.3.6.1.4.1.311.60.2.1.3=#1302564e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:fa:62:1d:cb:57:98:ce:e7:3f:3c:d5:35:d0:b9:04:cd:12:93:19
Signer

Actual PE Digest

24:fa:62:1d:cb:57:98:ce:e7:3f:3c:d5:35:d0:b9:04:cd:12:93:19

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 305.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Polazert_without_cert.exe.vir
.exe .ps1 windows:4 windows x64 arch:x64 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 305.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0c:f3:59:22:b7:51:26:67:69:12:3c:b9Certificate

Extended Key Usages

Key Usages

24:fa:62:1d:cb:57:98:ce:e7:3f:3c:d5:35:d0:b9:04:cd:12:93:19Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 266KB - Virtual size: 266KB

.rsrc Size: 1.2MB - Virtual size: 305.1MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 266KB - Virtual size: 266KB

.rsrc Size: 1.2MB - Virtual size: 305.1MB

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0c:f3:59:22:b7:51:26:67:69:12:3c:b9
Certificate

24:fa:62:1d:cb:57:98:ce:e7:3f:3c:d5:35:d0:b9:04:cd:12:93:19
Signer

.text
Size: 266KB - Virtual size: 266KB

.rsrc
Size: 1.2MB - Virtual size: 305.1MB

.text
Size: 266KB - Virtual size: 266KB

.rsrc
Size: 1.2MB - Virtual size: 305.1MB