d430fb367b17fdd8a5f7fd72c16e0477[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d430fb367b17fdd8a5f7fd72c16e0477.bin
Size

45.2MB
MD5

9c4d352e0d618c6fcbed02724944e338
SHA1

aefee4e5e4f18ee36c8367d611e7d353979ec521
SHA256

c74e35cf934e073addfd06dcd3bacd2c713079fcacdcd7fae025617b4e30515e
SHA512

bf3d80d50b9c505e59eb5b0d4ce48049b05ad35dbbe27bbcedfc231aa2302d49ea10b0ae2475022e99041fbf617c3f2ac9f6a65db3b003e419a55ddb607e30d4
SSDEEP

786432:/rxIl18q76YYMZgzZKsqElO9D4M2AtIsdbLBcB7usBWdbAN18crjdMnFh6Qyj:Dx8j6YYMGzZPUZh2jsL6QsBWdbAaFxA

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/3710df97f996f8f6390fa8b23bbafea03f2e7568bf00297f737324f380f06675.exe	pyinstaller

Files

d430fb367b17fdd8a5f7fd72c16e0477.bin
.zip

Password: infected
3710df97f996f8f6390fa8b23bbafea03f2e7568bf00297f737324f380f06675.exe
.exe windows:4 windows x86 arch:x86

Password: infected

e9d858bf5cc2b22933333fd98518c716

Code Sign

02:07:b0:d2:25:6e:68:2f:d4:64:b5:15:56:ad:55:a7
Certificate

Issuer

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Not Before

08/05/2024, 00:00

Not After

07/05/2025, 23:59

Subject

CN=Electrum Technologies GmbH,O=Electrum Technologies GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/06/2022, 00:00

Not After

22/06/2032, 23:59

Subject

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

91:57:e4:d4:8d:bd:86:96:d9:69:9c:50:27:2c:69:dd:5d:2d:a0:43:e0:bf:f0:c3:10:bf:8e:98:45:0c:31:2c
Signer

Actual PE Digest

91:57:e4:d4:8d:bd:86:96:d9:69:9c:50:27:2c:69:dd:5d:2d:a0:43:e0:bf:f0:c3:10:bf:8e:98:45:0c:31:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken

comctl32

LoadIconMetric

gdi32

CreateFontIndirectW
DeleteObject
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FormatMessageW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetTempPathW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalFree
MulDiv
MultiByteToWideChar
SetConsoleCtrlHandler
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argc
__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_filelengthi64
_fileno
_findclose
_get_osfhandle
_initterm
_iob
_lock
_onexit
_setmode
_snwprintf
fwprintf
_unlock
_wcsdup
_wfopen
_wfullpath
_wputenv_s
_wremove
_wrmdir
_wtempnam
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fprintf
fputc
fputwc
fread
free
fsetpos
fwrite
iswctype
localeconv
malloc
mbstowcs
memcmp
memcpy
memset
perror
realloc
setbuf
setlocale
signal
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strtok
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcstombs
_wstat
_wfindnext
_wfindfirst
_stat
_wcsdup
_strdup
_getpid
_fileno

user32

CreateWindowExW
DestroyIcon
DialogBoxIndirectParamW
DrawTextW
EndDialog
GetClientRect
GetDC
GetDialogBaseUnits
GetWindowLongW
InvalidateRect
MessageBoxA
MessageBoxW
MoveWindow
ReleaseDC
SendMessageW
SetWindowLongW
SystemParametersInfoW

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bitcoin.pyc
camera_dialog.pyc
commands.pyc
dnssec.pyc
main_window.pyc
run_electrum.pyc
simple_config.pyc
text.pyc
util.pyc
wallet.pyc

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e9d858bf5cc2b22933333fd98518c716

Code Sign

02:07:b0:d2:25:6e:68:2f:d4:64:b5:15:56:ad:55:a7Certificate

Extended Key Usages

Key Usages

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

91:57:e4:d4:8d:bd:86:96:d9:69:9c:50:27:2c:69:dd:5d:2d:a0:43:e0:bf:f0:c3:10:bf:8e:98:45:0c:31:2cSigner

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 124B

.rdata Size: 23KB - Virtual size: 22KB

/4 Size: 10KB - Virtual size: 10KB

.bss Size: - Virtual size: 59KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 64KB - Virtual size: 68KB

02:07:b0:d2:25:6e:68:2f:d4:64:b5:15:56:ad:55:a7
Certificate

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

91:57:e4:d4:8d:bd:86:96:d9:69:9c:50:27:2c:69:dd:5d:2d:a0:43:e0:bf:f0:c3:10:bf:8e:98:45:0c:31:2c
Signer

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 124B

.rdata
Size: 23KB - Virtual size: 22KB

/4
Size: 10KB - Virtual size: 10KB

.bss
Size: - Virtual size: 59KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 64KB - Virtual size: 68KB