122077711110000000000000000000000000000000000025635252414147475858699663635252414147478585[.]tar[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

122077711110000000000000000000000000000000000025635252414147475858699663635252414147478585.tar.rar
Size

1.8MB
MD5

e8de5188c6cdfbb28dc3226dc66dec2e
SHA1

e429a575a618710bcda4face0ec8937656001c8d
SHA256

4b20d12e0ce7ca19e3afcc3c65f2d381b3255edd324759a726680479d4930352
SHA512

e1aa737d22404102e9a32516134aed458c973a2c3f963225162a40de749d7ada2418ff8662841c818d2bc830bc7bf3a2674bb3fdfbea87b5247bf7cc29a32837
SSDEEP

49152:rK7BricirjpgC0gaiI/yExuSm+yr4f9rpX7cKDqNv:Y5KjObmy1X7Ev

Score

1^/10

Malware Config

Signatures

Files

122077711110000000000000000000000000000000000025635252414147475858699663635252414147478585.tar.rar
.rar

Password: 1220
122077711110000000000000000000000000000000000025635252414147475858699663635252414147478585.exe
.exe windows:5 windows x86 arch:x86

Password: 1220

33e003ddaff3bc71480e8cb946f52917

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:1d:b6:b0:17:e7:b5:00:e6:44:ec:33:43:9c:76:df
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04-04-2023 00:00

Not After

03-04-2024 23:59

Subject

CN=Citrix Systems\, Inc.,OU=XenApp(Server 2024),O=Citrix Systems\, Inc.,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:1d:b6:b0:17:e7:b5:00:e6:44:ec:33:43:9c:76:df
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04-04-2023 00:00

Not After

03-04-2024 23:59

Subject

CN=Citrix Systems\, Inc.,OU=XenApp(Server 2024),O=Citrix Systems\, Inc.,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:f5:c9:45:34:b8:0b:27:dd:0a:33:8c:b6:87:65:14:21:4c:b9:61:de:60:64:86:45:2f:a0:90:93:5b:84:53
Signer

Actual PE Digest

2b:f5:c9:45:34:b8:0b:27:dd:0a:33:8c:b6:87:65:14:21:4c:b9:61:de:60:64:86:45:2f:a0:90:93:5b:84:53

Digest Algorithm

sha256

PE Digest Matches

false

c3:c7:6f:1f:59:70:35:d1:6c:26:93:a8:41:e3:cb:cf:eb:a6:78:ee
Signer

Actual PE Digest

c3:c7:6f:1f:59:70:35:d1:6c:26:93:a8:41:e3:cb:cf:eb:a6:78:ee

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

TextOutW
StretchDIBits
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelV
SetPixel
SetDIBitsToDevice
SetDIBits
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
OffsetViewportOrgEx
MoveToEx
LineTo
IntersectClipRect
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextColor
GetTextAlign
GetStockObject
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetDeviceCaps
GetDIBits
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBkMode
GetBkColor
ExtTextOutW
ExcludeClipRect
Ellipse
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CombineRgn
BitBlt

kernel32

lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
UnmapViewOfFile
TerminateProcess
SystemTimeToFileTime
Sleep
ReadProcessMemory
QueryDosDeviceW
OutputDebugStringW
OpenProcess
MulDiv
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryW
LeaveCriticalSection
IsBadCodePtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalGetAtomNameW
GlobalFree
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetTickCount
GetTempPathW
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetProcessTimes
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLastError
GetDriveTypeW
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentProcess
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FlushInstructionCache
FileTimeToSystemTime
EnterCriticalSection
CreateMutexW
CreateFileMappingW
CreateFileW
CopyFileW
CloseHandle
GetLongPathNameW
Sleep
VerSetConditionMask
VerifyVersionInfoW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
GetUserNameW
AdjustTokenPrivileges

shell32

SHGetFileInfoW
ExtractIconW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoCreateInstance
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw
ImageList_GetIconSize

user32

PrivateExtractIconsW

Sections

.text
Size: 675KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1220

Password: 1220

33e003ddaff3bc71480e8cb946f52917

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01:1d:b6:b0:17:e7:b5:00:e6:44:ec:33:43:9c:76:dfCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:1d:b6:b0:17:e7:b5:00:e6:44:ec:33:43:9c:76:dfCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2b:f5:c9:45:34:b8:0b:27:dd:0a:33:8c:b6:87:65:14:21:4c:b9:61:de:60:64:86:45:2f:a0:90:93:5b:84:53Signer

c3:c7:6f:1f:59:70:35:d1:6c:26:93:a8:41:e3:cb:cf:eb:a6:78:eeSigner

Headers

File Characteristics

Imports

gdi32

kernel32

advapi32

shell32

ole32

comctl32

user32

Sections

.text Size: 675KB - Virtual size: 676KB

.itext Size: 3KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 16KB

.bss Size: 260KB - Virtual size: 260KB

.idata Size: 79KB - Virtual size: 80KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 44KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:1d:b6:b0:17:e7:b5:00:e6:44:ec:33:43:9c:76:df
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:1d:b6:b0:17:e7:b5:00:e6:44:ec:33:43:9c:76:df
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2b:f5:c9:45:34:b8:0b:27:dd:0a:33:8c:b6:87:65:14:21:4c:b9:61:de:60:64:86:45:2f:a0:90:93:5b:84:53
Signer

c3:c7:6f:1f:59:70:35:d1:6c:26:93:a8:41:e3:cb:cf:eb:a6:78:ee
Signer

.text
Size: 675KB - Virtual size: 676KB

.itext
Size: 3KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.bss
Size: 260KB - Virtual size: 260KB

.idata
Size: 79KB - Virtual size: 80KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 44KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB