sipcli[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sipcli.zip
Size

1.2MB
MD5

0aa02604e232dd152af52ba49d50e14e
SHA1

71ed2e87a74fe3d3310ac819a3153e23426e3769
SHA256

c8f71da5ba387499ef18a5bbe2db0d4d4966143ebeee629db4141ca50ebd865a
SHA512

cb69c8aa883309816abf0c4d403de007dab3248fea5082db2f52be079cbb88e8bb83179680867605d38af1fae96d5cd1546caac56414b9e2342fcf7b4d7d5937
SSDEEP

24576:wTcQ7htWtSCImy2c1AYSjOYNPOGNl8BCAi9JKLoyllotIM2sKJav01:wTcQ7KtSKy7AYS6yOJBCHJKcyl4tK401

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/SEditor.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

sipcli.zip
.zip

Password: infected
License.txt
Readme.txt
SEditor.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:d0:0b:10:1c:5e:8e:5b:8c:8c:97:ee:2f:51:dd:01
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29/06/2022, 00:00

Not After

28/06/2024, 23:59

Subject

CN=Kaplan Bilisim ve Yazilim Ticaret Ltd.,O=Kaplan Bilisim ve Yazilim Ticaret Ltd.,ST=İstanbul,C=TR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e5:72:c1:0d:ae:6c:b5:e2:f5:55:13:d4:80:35:f4:48:f5:cb:36:2a
Signer

Actual PE Digest

e5:72:c1:0d:ae:6c:b5:e2:f5:55:13:d4:80:35:f4:48:f5:cb:36:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

hk=cfb
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SEditor.pdf
.pdf
Password: infected
- http://example.com/wavefile.wav
- http://example.com/wavefile.waven-US
- http://kaplansoft.com
- http://option.tr
- http://transfers.tr
- https://www.kaplansoft.com
- https://www.kaplansoft.com/SipCLI
- https://www.kaplansoft.com/SipCLIen-US
- https://www.kaplansoft.com/sipclien-US
sipcli.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:00:01:14:3b:a7:68:c2:0a:17:35:ca:c5:c2:b5:5c
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

06/06/2024, 00:00

Not After

06/06/2027, 23:59

Subject

SERIALNUMBER=798840,CN=Kaplan Bilisim ve Yazilim Ticaret Ltd. Sirketi,O=Kaplan Bilisim ve Yazilim Ticaret Ltd. Sirketi,ST=İstanbul,C=TR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025452

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:15:75:e4:8d:d8:d0:21:c0:17:04:f3:22:44:cd:3d:75:11:36:0d:f0:22:9f:eb:75:bc:3d:86:46:cc:b7:f7
Signer

Actual PE Digest

65:15:75:e4:8d:d8:d0:21:c0:17:04:f3:22:44:cd:3d:75:11:36:0d:f0:22:9f:eb:75:bc:3d:86:46:cc:b7:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

>M\Ng
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

c3:d0:0b:10:1c:5e:8e:5b:8c:8c:97:ee:2f:51:dd:01Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

e5:72:c1:0d:ae:6c:b5:e2:f5:55:13:d4:80:35:f4:48:f5:cb:36:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

hk=cfb Size: 331KB - Virtual size: 330KB

.text Size: 41KB - Virtual size: 40KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

77:00:01:14:3b:a7:68:c2:0a:17:35:ca:c5:c2:b5:5cCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

65:15:75:e4:8d:d8:d0:21:c0:17:04:f3:22:44:cd:3d:75:11:36:0d:f0:22:9f:eb:75:bc:3d:86:46:cc:b7:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

>M\Ng Size: 477KB - Virtual size: 476KB

.text Size: 47KB - Virtual size: 46KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

c3:d0:0b:10:1c:5e:8e:5b:8c:8c:97:ee:2f:51:dd:01
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

e5:72:c1:0d:ae:6c:b5:e2:f5:55:13:d4:80:35:f4:48:f5:cb:36:2a
Signer

hk=cfb
Size: 331KB - Virtual size: 330KB

.text
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

77:00:01:14:3b:a7:68:c2:0a:17:35:ca:c5:c2:b5:5c
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

65:15:75:e4:8d:d8:d0:21:c0:17:04:f3:22:44:cd:3d:75:11:36:0d:f0:22:9f:eb:75:bc:3d:86:46:cc:b7:f7
Signer

>M\Ng
Size: 477KB - Virtual size: 476KB

.text
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B