sliver | checktest[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

checktest.zip
Size

5.0MB
MD5

50b9956ced0eddc1f2b1a3bcfa606058
SHA1

485aa12bae3b28f2bf97fb208fa9270ce0270687
SHA256

79c6163ee0c6c045ee2b1baf65d37eaea85a24f6a650cab5e3e34a0456cfd079
SHA512

c15838ea67879ba748320255aea29a780ec09a4ca90d3856d3b596a0a1b6a7542a6a4784067d122027c9b89900fc865aec6f0b1dff3df9d8b18e36947310e334
SSDEEP

98304:U0pM5sh/+Yp6BWdMLPm4IKcq96sgP3rZm0N9K4qZ140bfYm1gh:U0pMiQodMLqK3QjPbZLKRjDPCh

Score

10^/10

sliver

Malware Config

Signatures

Sliver RAT v2 1 IoCs

resource	yara_rule
static1/unpack001/checktest.exe	SliverRAT_v2

Sliver family
sliver

Files

checktest.zip
.zip

Password: 123456@!
checktest.exe
.dll windows:6 windows x64 arch:x64

Password: 123456@!

4ece409658ab9058d9f9f9305ac8f3e2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:ba:10:45:27:b6:4e:19:ac:c1:a8:33:91:80:d5:d6:8e:69:95:90:5b:65:88:53:90:62:a5:fe:af:21:ac:17
Signer

Actual PE Digest

b3:ba:10:45:27:b6:4e:19:ac:c1:a8:33:91:80:d5:d6:8e:69:95:90:5b:65:88:53:90:62:a5:fe:af:21:ac:17

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\certca\x64\Release\certca.pdb

Imports

kernel32

IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleA
GetProcAddress
CreateTimerQueueTimer
VirtualProtect
RtlCaptureContext
GetCurrentProcess
DeleteTimerQueue
WaitForSingleObject
CreateEventW
SetEvent
LoadLibraryA
CloseHandle
K32GetModuleInformation
LoadLibraryW
CreateThread
CreateTimerQueue
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

puts

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Exports

Exports

CAAccessCheck
CAAccessCheckEx
CAAddCACertificateType
CAAddCACertificateTypeEx
CACertTypeAccessCheck
CACertTypeAccessCheckEx
CACertTypeAuthzAccessCheck
CACertTypeGetSecurity
CACertTypeQuery
CACertTypeRegisterQuery
CACertTypeSetSecurity
CACertTypeUnregisterQuery
CACloneCertType
CACloseCA
CACloseCertType
CACountCAs
CACountCertTypes
CACreateAutoEnrollmentObjectEx
CACreateCertType
CACreateLocalAutoEnrollmentObject
CACreateNewCA
CADCSetCertTypePropertyEx
CADeleteCA
CADeleteCAEx
CADeleteCertType
CADeleteCertTypeEx
CADeleteLocalAutoEnrollmentObject
CAEnumCertTypes
CAEnumCertTypesEx
CAEnumCertTypesEx2
CAEnumCertTypesForCA
CAEnumCertTypesForCAEx
CAEnumFirstCA
CAEnumNextCA
CAEnumNextCertType
CAFindByCertType
CAFindByIssuerDN
CAFindByName
CAFindCertTypeByName
CAFindCertTypeByName2
CAFreeCAProperty
CAFreeCertTypeExtensions
CAFreeCertTypeProperty
CAGetCACertificate
CAGetCAExpiration
CAGetCAFlags
CAGetCAProperty
CAGetCASecurity
CAGetCertTypeExpiration
CAGetCertTypeExtensions
CAGetCertTypeExtensionsEx
CAGetCertTypeFlags
CAGetCertTypeFlagsEx
CAGetCertTypeKeySpec
CAGetCertTypeProperty
CAGetCertTypePropertyEx
CAGetDN
CAInstallDefaultCertType
CAInstallDefaultCertTypeEx
CAIsCertTypeCurrent
CAIsCertTypeCurrentEx
CAOIDAdd
CAOIDAddEx
CAOIDCreateNew
CAOIDCreateNewEx
CAOIDDelete
CAOIDDeleteEx
CAOIDFreeLdapURL
CAOIDFreeProperty
CAOIDGetLdapURL
CAOIDGetProperty
CAOIDGetPropertyEx
CAOIDSetProperty
CAOIDSetPropertyEx
CARemoveCACertificateType
CARemoveCACertificateTypeEx
CASetCACertificate
CASetCAExpiration
CASetCAFlags
CASetCAProperty
CASetCASecurity
CASetCertTypeExpiration
CASetCertTypeExtension
CASetCertTypeFlags
CASetCertTypeFlagsEx
CASetCertTypeKeySpec
CASetCertTypeProperty
CASetCertTypePropertyEx
CAUpdateCA
CAUpdateCAEx
CAUpdateCertType
CAUpdateCertTypeEx
CCFindCertificateBuildFilter
CCFindCertificateFreeFilter
CCFindCertificateFromFilter
CCFreeStringArray
CCGetCertNameList

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 123456@!

Password: 123456@!

4ece409658ab9058d9f9f9305ac8f3e2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b3:ba:10:45:27:b6:4e:19:ac:c1:a8:33:91:80:d5:d6:8e:69:95:90:5b:65:88:53:90:62:a5:fe:af:21:ac:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 10.5MB - Virtual size: 10.5MB

.pdata Size: 1024B - Virtual size: 684B

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 1.1MB - Virtual size: 3.1MB

.v-lizer Size: 1024B - Virtual size: 776B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b3:ba:10:45:27:b6:4e:19:ac:c1:a8:33:91:80:d5:d6:8e:69:95:90:5b:65:88:53:90:62:a5:fe:af:21:ac:17
Signer

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 10.5MB - Virtual size: 10.5MB

.pdata
Size: 1024B - Virtual size: 684B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 1.1MB - Virtual size: 3.1MB

.v-lizer
Size: 1024B - Virtual size: 776B