f8f6497ea12109da765fcf57fc2f80162ef74128b4929df933c8a4ba0bc7bbfe

Sharing

Copy URL Twitter E-mail

General

Target

f8f6497ea12109da765fcf57fc2f80162ef74128b4929df933c8a4ba0bc7bbfe
Size

2.4MB
MD5

49569032fe9010b271bd6eb305493669
SHA1

5076775590dd2bd963d06a6741115cdf033b6747
SHA256

f8f6497ea12109da765fcf57fc2f80162ef74128b4929df933c8a4ba0bc7bbfe
SHA512

c5e600b4d09906f5c7dfd134104584ab69d648c8b4a8f2ddf3cabec43226fc83bb56db005e294bb3d1c9faab6ba66f855e8949db26c8bcb005a8f36df3f52a45
SSDEEP

49152:+EvqTjx3wrPI3/Q1UzgsjHbki+HvnBAUZLYwio6UpGaXBuQQ9u:vvCx3+PI3/QKzZb4BAUZL2q

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Files

f8f6497ea12109da765fcf57fc2f80162ef74128b4929df933c8a4ba0bc7bbfe
.exe windows:4 windows x86 arch:x86

29103647771b047595bd7ea134c944db

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:b2:71:9d:da:a7:06:ca:f0:d4:3f:5e:07:f0:a6:d3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22/01/2024, 00:00

Not After

21/01/2027, 23:59

Subject

CN=Approximatrix\, LLC,O=Approximatrix\, LLC,ST=Ohio,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:66:59:b6:ac:bc:b4:74:f2:74:de:4f:60:d5:35:9a:b2:49:66:21
Signer

Actual PE Digest

18:66:59:b6:ac:bc:b4:74:f2:74:de:4f:60:d5:35:9a:b2:49:66:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FormatMessageA
FreeLibrary
GetACP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesA
GetFinalPathNameByHandleA
GetFullPathNameA
GetHandleInformation
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
SetConsoleCursorPosition
SetConsoleTextAttribute
SetEvent
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_access
_amsg_exit
_beginthreadex
_cexit
_close
_close
_dup
_endthreadex
_errno
_fdopen
_fileno
_findclose
_findfirst
_findnext
_fstat
_fstati64
_fullpath
_get_osfhandle
_getcwd
_getpid
_initterm
_iob
_isatty
_fileno
_lock
_lseeki64
_open
_open
_onexit
_pgmptr
_pipe
_read
_read
_setjmp3
_stati64
_strdup
_strdup
_stricmp
_unlink
_unlock
_vsnprintf
_wcsdup
_wgetcwd
_wopen
_write
abort
asctime
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
freopen
free
fwprintf
fseek
ftell
fwrite
getc
getenv
gmtime
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
localtime
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
realloc
remove
setlocale
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
time
tolower
ungetc
vfprintf
wcschr
wcscmp
wcscpy
wcslen

Sections

.text
Size: 907KB - Virtual size: 907KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29103647771b047595bd7ea134c944db

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

bd:b2:71:9d:da:a7:06:ca:f0:d4:3f:5e:07:f0:a6:d3Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

18:66:59:b6:ac:bc:b4:74:f2:74:de:4f:60:d5:35:9a:b2:49:66:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 907KB - Virtual size: 907KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

/4 Size: 169KB - Virtual size: 168KB

.bss Size: - Virtual size: 7KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 36KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

bd:b2:71:9d:da:a7:06:ca:f0:d4:3f:5e:07:f0:a6:d3
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

18:66:59:b6:ac:bc:b4:74:f2:74:de:4f:60:d5:35:9a:b2:49:66:21
Signer

.text
Size: 907KB - Virtual size: 907KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

/4
Size: 169KB - Virtual size: 168KB

.bss
Size: - Virtual size: 7KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 36KB