Extracted

• a1c984415c2aefd5b01be2caac70dca7.bin

  .zip

  Password: infected

• c2b8512055bcd2b94f235a56c6add1914d92a2fc78c5cb7c942d3c4496263a68.exe

  .exe windows:4 windows x86 arch:x86

  Password: infected

  481f47bbb2c9c21e108d65f52b04c448

  
  

  Code Sign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29/04/2021, 00:00

  Not After

  28/04/2036, 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:7c:3a:5e:3d:be:86:97:b2:6a:23:ee:30:2b:cf:90

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  04/04/2023, 00:00

  Not After

  04/04/2026, 23:59

  Subject

  SERIALNUMBER=91440300695560951T,CN=Shenzhen DriveTheLife Software Technology Co.Ltd,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14/07/2023, 00:00

  Not After

  13/10/2034, 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23/03/2022, 00:00

  Not After

  22/03/2037, 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01/08/2022, 00:00

  Not After

  09/11/2031, 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  bd:78:21:2c:a7:4a:4b:e7:87:cd:ef:59:87:24:ea:40:a6:54:22:6f

  Signer

  Actual PE Digest

  bd:78:21:2c:a7:4a:4b:e7:87:cd:ef:59:87:24:ea:40:a6:54:22:6f

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  _iob

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  __p___initenv

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  strrchr

  wcsncmp

  _close

  wcslen

  wcscpy

  strerror

  modf

  strspn

  realloc

  __p__environ

  __p__wenviron

  _errno

  free

  strncmp

  strstr

  strncpy

  _ftol

  qsort

  fopen

  perror

  fclose

  fflush

  calloc

  malloc

  signal

  printf

  _isctype

  atoi

  exit

  __mb_cur_max

  _pctype

  strchr

  fprintf

  _controlfp

  _strdup

  _strnicmp

  kernel32

  PeekNamedPipe

  ReadFile

  WriteFile

  LoadLibraryA

  GetProcAddress

  GetVersionExA

  GetExitCodeProcess

  TerminateProcess

  LeaveCriticalSection

  SetEvent

  ReleaseMutex

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  CreateMutexA

  GetFileType

  SetLastError

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GlobalFree

  GetCommandLineW

  TlsAlloc

  TlsFree

  DuplicateHandle

  GetCurrentProcess

  SetHandleInformation

  CloseHandle

  GetSystemTimeAsFileTime

  FileTimeToSystemTime

  GetTimeZoneInformation

  FileTimeToLocalFileTime

  SystemTimeToFileTime

  SystemTimeToTzSpecificLocalTime

  Sleep

  FormatMessageA

  GetLastError

  WaitForSingleObject

  CreateEventA

  SetStdHandle

  SetFilePointer

  CreateFileA

  CreateFileW

  GetOverlappedResult

  DeviceIoControl

  GetFileInformationByHandle

  LocalFree

  advapi32

  FreeSid

  AllocateAndInitializeSid

  wsock32

  getsockopt

  connect

  htons

  gethostbyname

  ntohl

  inet_ntoa

  setsockopt

  socket

  closesocket

  select

  ioctlsocket

  __WSAFDIsSet

  WSAStartup

  WSACleanup

  WSAGetLastError

  ws2_32

  WSARecv

  WSASend

  Sections

  .text

  Size: 44KB - Virtual size: 42KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ