335b0939ace1f973006514e03203333c[.]bin

Resubmissions

29/08/2024, 14:09

240829-rf6dcawajh 3

16/08/2024, 09:41

240816-lnvc6axera 3

Sharing

Copy URL Twitter E-mail

General

Target

335b0939ace1f973006514e03203333c.bin
Size

1.3MB
MD5

e164420d61ec0e5c178ebd52b0ea7561
SHA1

9155c28c4743e0548e794338361f3856294811a5
SHA256

19902cd22fa510de7714633e8859998c5f7665a6aef7210a912eadf0cebcd1c8
SHA512

0f0d9c6c74629b76c726da0d9148cfff8f76192c36940ee6dbbdc3a4d6ebe4c4df48dd6df96ef5c11fa57e4702b303e19776c3fce60c2d5aec43e0b1472e501a
SSDEEP

24576:pEMKGRsc6hwEYS8z3NptPzIuWNwzbMUrHTbuSk+xsUgHsyDIXAJ/aSYtIwHE:pEnHlFq3btLnWqzbXHrk8XgHsQ/rCPk

Score

1^/10

Malware Config

Signatures

Files

335b0939ace1f973006514e03203333c.bin
.zip

Password: infected
b6875a5ec6cab25669ca295fc76cc6afb1150e2af58c468ad48baedeb161c4c9.exe
.exe windows:5 windows x86 arch:x86

Password: infected

eb8241dbc5b993c11e5dca8a029f14a8

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:7e:49:a2:96:36:01:02:b9:3c:b0:a4
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2019, 05:18

Not After

14/06/2022, 05:18

Subject

SERIALNUMBER=U72900DL2018PTC336564,CN=KernelApps Private Limited,O=KernelApps Private Limited,STREET=B 57\, 2nd floor\, Sector 57,L=Noida,ST=Uttar Pradesh,C=IN,1.3.6.1.4.1.311.60.2.1.2=#130d55747461722050726164657368,1.3.6.1.4.1.311.60.2.1.3=#1302494e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:88:93:39:08:3a:ef:5a:43:c0:a5:e4:77:48:a5:1b:ef:c9:60:1d
Signer

Actual PE Digest

24:88:93:39:08:3a:ef:5a:43:c0:a5:e4:77:48:a5:1b:ef:c9:60:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapAlloc
ExitProcess
Sleep
RtlUnwind
GetStartupInfoW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringW
InterlockedIncrement
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
GetThreadLocale
GetTickCount
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
GetVersionExW
CompareStringW
GetVersionExA
FormatMessageW
MulDiv
LoadLibraryA
lstrlenW
LoadLibraryW
GlobalUnlock
GlobalFree
FreeResource
lstrlenA
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
WideCharToMultiByte
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetProcAddress
GetTempPathW
GetModuleFileNameW
GetModuleHandleW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
LocalFree
CloseHandle
MultiByteToWideChar
GetCommandLineW
FindFirstFileW
FindClose
FindResourceW
LoadResource
LockResource
IsDebuggerPresent
SizeofResource

user32

SetRect
MessageBeep
GetSysColorBrush
ReleaseCapture
LoadCursorW
SetCapture
CharNextW
CharUpperW
RegisterClipboardFormatW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
PostThreadMessageW
UnregisterClassW
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
InvalidateRect
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetCursorPos
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
SendMessageW

gdi32

GetWindowExtEx
GetStockObject
GetBkColor
GetTextColor
DeleteDC
GetMapMode
GetRgnBox
ExtSelectClipRgn
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateRectRgnIndirect

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
OleRun
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
VariantChangeType
VarBstrFromDate
VariantClear
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

ws2_32

WSASetLastError
WSACleanup
WSAStartup

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

eb8241dbc5b993c11e5dca8a029f14a8

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

42:7e:49:a2:96:36:01:02:b9:3c:b0:a4Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

24:88:93:39:08:3a:ef:5a:43:c0:a5:e4:77:48:a5:1b:ef:c9:60:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

42:7e:49:a2:96:36:01:02:b9:3c:b0:a4
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

24:88:93:39:08:3a:ef:5a:43:c0:a5:e4:77:48:a5:1b:ef:c9:60:1d
Signer

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB