de70431af6ad51d608edd0b1f24c74ae049da986c87ac766450789d1fd6712b9

Sharing

Copy URL Twitter E-mail

General

Target

de70431af6ad51d608edd0b1f24c74ae049da986c87ac766450789d1fd6712b9
Size

1.2MB
MD5

afd96cef38a7c0d827292b123aa440c1
SHA1

c416c6edb0cda785cc51c98ff60fb9581781dde2
SHA256

de70431af6ad51d608edd0b1f24c74ae049da986c87ac766450789d1fd6712b9
SHA512

461c731dce2574d29e7817f4346c040bd12c2e8af1171684902a4aa68fedf6018126f5a3d6efcc68f6a80cd62c01788b2d62aa30a462e80cf59da7ac935f0d88
SSDEEP

24576:2LXV5+808wKPonGwtz8Jeik9ksQGapZKnj/4FQj4LPjVGJl4i8MJbG6XwC:2bb+L8vy1SA/apZKnj/LkUl4i8MJSqN

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Microsoft.Management.Infrastructure.dll
unpack001/System.Management.Automation.dll
unpack001/Windows11Upgrade.exe

Files

de70431af6ad51d608edd0b1f24c74ae049da986c87ac766450789d1fd6712b9
.zip
.git/COMMIT_EDITMSG
.git/FETCH_HEAD
.git/HEAD
.git/ORIG_HEAD
.git/config
.git/description
.git/hooks/applypatch-msg.sample
.sh linux
.git/hooks/commit-msg.sample
.sh linux
.git/hooks/fsmonitor-watchman.sample
.sh linux
.git/hooks/post-update.sample
.sh linux
.git/hooks/pre-applypatch.sample
.sh linux
.git/hooks/pre-commit.sample
.sh linux
.git/hooks/pre-merge-commit.sample
.sh linux
.git/hooks/pre-push.sample
.sh linux
.git/hooks/pre-rebase.sample
.sh linux
.git/hooks/pre-receive.sample
.sh linux
.git/hooks/prepare-commit-msg.sample
.sh linux
.git/hooks/push-to-checkout.sample
.sh linux
.git/hooks/update.sample
.sh linux
.git/index
.git/info/exclude
.git/logs/HEAD
.git/logs/refs/heads/main
.git/logs/refs/remotes/origin/HEAD
.git/logs/refs/remotes/origin/main
.git/objects/13/b1eb1577fb5271beb05ae306c6f44d33c25cbc
.git/objects/19/8fde3c0535406d4f1c4e33a159ead20e80cfd3
.git/objects/36/9ab44f966131aa55a6d657b69e60328ffd73cc
.git/objects/3b/f46a35f03b40589b8f8aa0d40dcf6eef37cbc3
.git/objects/41/a5fe9a1c2a3e489bc574f915f5c09c056f0d31
.git/objects/43/ad0585b8ff5d074a06c42372058f5fd69bf264
.git/objects/4c/3ae321beb700e7050bdedede888fe1fd837cdb
.git/objects/65/e32890d99d2e30882df2c17514154ca0a00735
.git/objects/78/6b7593a1998babbfe007a081ceb7d70719f3e1
.git/objects/7a/f125a246d180e71b9c4a20cca73cc44bfa8902
.git/objects/8a/e7a33a5fad0b1d3252e6a1deda89a882aee94a
.git/objects/90/6b1386d965875b57f88fdab2cd68faef5828b5
.git/objects/93/b339f1801ae325921392f12b3ed9d3fbe50896
.git/objects/ad/998b553cbd1a7dc2e32ad014e8627dc9f0ac0a
.git/objects/e3/d04028ba14404e698f9455a15ecdd21849736f
.git/objects/pack/pack-fe7623204041f37c9aba9fa53574e679cde18025.idx
.git/objects/pack/pack-fe7623204041f37c9aba9fa53574e679cde18025.pack
.git/packed-refs
.git/refs/heads/main
.git/refs/remotes/origin/HEAD
.git/refs/remotes/origin/main
LICENSE
Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

Actual PE Digest

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.md
System.Management.Automation.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows11Upgrade.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\coofcookie\source\repos\Windows11Upgrade\Windows11Upgrade\obj\Release\Windows11Upgrade.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 28KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate

Extended Key Usages

Key Usages

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7eCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 675KB - Virtual size: 675KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 344KB - Virtual size: 343KB

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 123KB - Virtual size: 122KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 28KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

.text
Size: 675KB - Virtual size: 675KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 344KB - Virtual size: 343KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 123KB - Virtual size: 122KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B