FlushUI-Release[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

FlushUI-Release.zip
Size

304KB
MD5

06b2ab82aa02d85be7b325d118d8453f
SHA1

2d7c1de59e8e6378da8927e9c476d263235a7590
SHA256

2b8d4038019755bec38f2a31953cb77070466d3ccfb4ab832b9942723b52375d
SHA512

afaaebb73f29a299f7f73821bf4a0d4d807803cb0bbebdf5824d121f806200b66f4e403fe5aff9be0530d2e468ac850fb8346f4667b10d096a7aaf7bcbee875d
SSDEEP

6144:BuVSywZewo2fzinPdesnV/36bTETvP9Fi1DrTpdQRDYqQRrz:QoywZLmVvXvX2ORDoRrz

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FlushUI-Release/FlushUI/bin/Debug/Syn+.exe
unpack001/FlushUI-Release/FlushUI/obj/Debug/Syn+.exe
unpack001/FlushUI-Release/FlushUI/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
unpack001/FlushUI-Release/FlushUI/obj/Release/TempPE/Properties.Resources.Designer.cs.dll

Files

FlushUI-Release.zip
.zip

Password: 123123123312312312312
FlushUI-Release/FlushUI/App.config
FlushUI-Release/FlushUI/App.xaml
FlushUI-Release/FlushUI/App.xaml.cs
FlushUI-Release/FlushUI/Flush.csproj
FlushUI-Release/FlushUI/Flush.sln
FlushUI-Release/FlushUI/MainWindow.xaml
FlushUI-Release/FlushUI/MainWindow.xaml.cs
.js
FlushUI-Release/FlushUI/Properties/AssemblyInfo.cs
FlushUI-Release/FlushUI/Properties/Resources.Designer.cs
.vbs
FlushUI-Release/FlushUI/Properties/Resources.resx
.vbs
FlushUI-Release/FlushUI/Properties/Settings.Designer.cs
FlushUI-Release/FlushUI/Properties/Settings.settings
FlushUI-Release/FlushUI/SynapseZAPI.cs
.js
FlushUI-Release/FlushUI/bin/Debug/Bin/Syntax/lua.xshd
.xml
FlushUI-Release/FlushUI/bin/Debug/ICSharpCode.AvalonEdit.dll
.dll windows:4 windows x86 arch:x86

Password: 123123123312312312312

dae02f32a21e03ce65412f6e56942daa

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:9f:d5:83:8b:30:58:28:61:f0:ed:44:6c:27:7c:68
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/08/2021, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=9133000070337747XE,CN=Hithink RoyalFlush Information Network Co.\, Ltd.,O=Hithink RoyalFlush Information Network Co.\, Ltd.,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:9f:d5:83:8b:30:58:28:61:f0:ed:44:6c:27:7c:68
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/08/2021, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=9133000070337747XE,CN=Hithink RoyalFlush Information Network Co.\, Ltd.,O=Hithink RoyalFlush Information Network Co.\, Ltd.,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bf:de:c6:95:c1:3f:6a:09:58:d8:e3:ad:fb:97:6b:3b:af:05:45:8f:0a:c9:40:be:6c:d4:76:80:59:29:8d:6e
Signer

Actual PE Digest

bf:de:c6:95:c1:3f:6a:09:58:d8:e3:ad:fb:97:6b:3b:af:05:45:8f:0a:c9:40:be:6c:d4:76:80:59:29:8d:6e

Digest Algorithm

sha256

PE Digest Matches

true

62:27:5b:8f:e0:84:02:23:e3:fe:1e:15:f3:79:81:aa:49:c8:bc:19
Signer

Actual PE Digest

62:27:5b:8f:e0:84:02:23:e3:fe:1e:15:f3:79:81:aa:49:c8:bc:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\AvalonEdit\obj\Release\ICSharpCode.AvalonEdit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 588KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlushUI-Release/FlushUI/bin/Debug/Scripts/Script.lua
FlushUI-Release/FlushUI/bin/Debug/Syn+.exe
.exe windows:4 windows x86 arch:x86

Password: 123123123312312312312

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\default.DESKTOP-0UR79C1\Desktop\Syn+\obj\Debug\Syn+.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlushUI-Release/FlushUI/bin/Debug/Syn+.exe.config
FlushUI-Release/FlushUI/bin/Debug/Syn+.pdb
FlushUI-Release/FlushUI/obj/Debug/App.g.cs
FlushUI-Release/FlushUI/obj/Debug/App.g.i.cs
FlushUI-Release/FlushUI/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
FlushUI-Release/FlushUI/obj/Debug/Flush.csproj.AssemblyReference.cache
FlushUI-Release/FlushUI/obj/Debug/Flush.csproj.CoreCompileInputs.cache
FlushUI-Release/FlushUI/obj/Debug/Flush.csproj.FileListAbsolute.txt
FlushUI-Release/FlushUI/obj/Debug/Flush.csproj.GenerateResource.cache
FlushUI-Release/FlushUI/obj/Debug/MainWindow.baml
FlushUI-Release/FlushUI/obj/Debug/MainWindow.g.cs
FlushUI-Release/FlushUI/obj/Debug/MainWindow.g.i.cs
FlushUI-Release/FlushUI/obj/Debug/Syn+.csproj.AssemblyReference.cache
FlushUI-Release/FlushUI/obj/Debug/Syn+.csproj.CoreCompileInputs.cache
FlushUI-Release/FlushUI/obj/Debug/Syn+.csproj.FileListAbsolute.txt
FlushUI-Release/FlushUI/obj/Debug/Syn+.csproj.GenerateResource.cache
FlushUI-Release/FlushUI/obj/Debug/Syn+.exe
.exe windows:4 windows x86 arch:x86

Password: 123123123312312312312

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\default.DESKTOP-0UR79C1\Desktop\Syn+\obj\Debug\Syn+.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlushUI-Release/FlushUI/obj/Debug/Syn+.g.resources
FlushUI-Release/FlushUI/obj/Debug/Syn+.pdb
FlushUI-Release/FlushUI/obj/Debug/Syn+_MarkupCompile.cache
FlushUI-Release/FlushUI/obj/Debug/Syn+_MarkupCompile.i.cache
FlushUI-Release/FlushUI/obj/Debug/Syn+_MarkupCompile.lref
FlushUI-Release/FlushUI/obj/Debug/Syn_.Properties.Resources.resources
FlushUI-Release/FlushUI/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
.dll windows:4 windows x86 arch:x86

Password: 123123123312312312312

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlushUI-Release/FlushUI/obj/Release/App.g.i.cs
FlushUI-Release/FlushUI/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
FlushUI-Release/FlushUI/obj/Release/Flush.csproj.AssemblyReference.cache
FlushUI-Release/FlushUI/obj/Release/MainWindow.g.i.cs
FlushUI-Release/FlushUI/obj/Release/Syn+_MarkupCompile.i.cache
FlushUI-Release/FlushUI/obj/Release/Syn+_MarkupCompile.i.lref
FlushUI-Release/FlushUI/obj/Release/TempPE/Properties.Resources.Designer.cs.dll
.dll windows:4 windows x86 arch:x86

Password: 123123123312312312312

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlushUI-Release/README.md

Sharing

General

Malware Config

Signatures

Files

Password: 123123123312312312312

Password: 123123123312312312312

dae02f32a21e03ce65412f6e56942daa

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

08:9f:d5:83:8b:30:58:28:61:f0:ed:44:6c:27:7c:68Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:9f:d5:83:8b:30:58:28:61:f0:ed:44:6c:27:7c:68Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

bf:de:c6:95:c1:3f:6a:09:58:d8:e3:ad:fb:97:6b:3b:af:05:45:8f:0a:c9:40:be:6c:d4:76:80:59:29:8d:6eSigner

62:27:5b:8f:e0:84:02:23:e3:fe:1e:15:f3:79:81:aa:49:c8:bc:19Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 588KB - Virtual size: 584KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

Password: 123123123312312312312

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 123123123312312312312

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 123123123312312312312

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

Password: 123123123312312312312

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

08:9f:d5:83:8b:30:58:28:61:f0:ed:44:6c:27:7c:68
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:9f:d5:83:8b:30:58:28:61:f0:ed:44:6c:27:7c:68
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

bf:de:c6:95:c1:3f:6a:09:58:d8:e3:ad:fb:97:6b:3b:af:05:45:8f:0a:c9:40:be:6c:d4:76:80:59:29:8d:6e
Signer

62:27:5b:8f:e0:84:02:23:e3:fe:1e:15:f3:79:81:aa:49:c8:bc:19
Signer

.text
Size: 588KB - Virtual size: 584KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B