v5f1d2vn_pomf2_lain_la_subdir-f[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

v5f1d2vn_pomf2_lain_la_subdir-f.zip
Size

11.2MB
MD5

89d2b9d48590d968f588c5c4de9c8f86
SHA1

21a3fc52b614ed9cbb7fe8c38f4e418e84dbf38c
SHA256

4b7c7431fbfbc0d4159c85a58d2d387d3b48defa3b6fffb826f25e5621979332
SHA512

eb73efcff91ad6f7c7012b2b0fe2f45473fb551c8984cc38574a06a95673f3cbe4ddba748bbb10e2217a2ca4b4ac594dcefbad26891a515c771703760daf9025
SSDEEP

196608:cpnB5fjJMPbRGEEtsEDuYgnGlaRvJFlZngJDeF5C+6P07kbGUMCn:abuGTttDuYOpJFfgVeFg+6P07ItXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ConsoleApp4.exe
unpack001/selenium-manager/windows/selenium-manager.exe

Files

v5f1d2vn_pomf2_lain_la_subdir-f.zip
.zip
ConsoleApp4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\source\repos\ConsoleApp4\ConsoleApp4\obj\Debug\ConsoleApp4.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
geckodriver.exe
.exe windows:6 windows x64 arch:x64

b0d6ca51b8808d6cc464953b2eddca1d

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:de:b5:3f:95:73:37:fb:ea:f9:8c:4a:61:5b:14:9d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/05/2020, 00:00

Not After

12/05/2021, 12:00

Subject

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US,1.2.840.113549.1.9.1=#0c2072656c656173652b636572746966696361746573406d6f7a696c6c612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bd:bc:b6:f9:51:06:28:d5:29:2a:f1:83:64:6c:32:d1:16:d9:5d:1e
Signer

Actual PE Digest

bd:bc:b6:f9:51:06:28:d5:29:2a:f1:83:64:6c:32:d1:16:d9:5d:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

/builds/worker/workspace/build/src/target/x86_64-pc-windows-msvc/release/deps/geckodriver.pdb

Imports

kernel32

AddVectoredExceptionHandler
CancelIo
CancelIoEx
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
DeleteCriticalSection
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EncodePointer
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileInformationByHandle
GetFileType
GetFinalPathNameByHandleW
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathW
GetTimeZoneInformation
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

ws2_32

WSACleanup
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
WSASocketW
WSAStartup
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getsockname
getsockopt
ioctlsocket
listen
recv
send
setsockopt
shutdown

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 694KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 905B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
selenium-manager/linux/selenium-manager
.elf linux x64
selenium-manager/macos/selenium-manager
.macho macos arch:arm64 arch:x64
selenium-manager/windows/selenium-manager.exe
.exe windows:6 windows x86 arch:x86

0173ee78d12a1737db5da04608e6742e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

selenium_manager.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetConsoleOutputCP
HeapSize
GetFileSizeEx
DecodePointer
FlushFileBuffers
CreateSymbolicLinkW
CloseHandle
SwitchToThread
GetCommandLineW
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
GetConsoleMode
SetConsoleMode
GetLastError
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
lstrlenW
SetFileTime
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetFileInformationByHandle
SetLastError
FindClose
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
CopyFileExW
SetHandleInformation
GetStdHandle
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
WideCharToMultiByte
RtlCaptureContext
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
GetFileType
CreateHardLinkW
SetFileAttributesW
PostQueuedCompletionStatus
GetSystemInfo
GetBinaryTypeW
GlobalFree
GlobalAlloc
LocalFree
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
GetCommandLineA
WriteFile
GetModuleHandleExW
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

shutdown
WSASend
send
WSAIoctl
bind
WSASocketW
getaddrinfo
freeaddrinfo
getsockname
WSAGetLastError
getpeername
ioctlsocket
connect
setsockopt
WSAStartup
getsockopt
closesocket
WSACleanup
recv

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile
NtDeviceIoControlFile
NtCreateFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 976KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ver.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

b0d6ca51b8808d6cc464953b2eddca1d

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:de:b5:3f:95:73:37:fb:ea:f9:8c:4a:61:5b:14:9dCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

bd:bc:b6:f9:51:06:28:d5:29:2a:f1:83:64:6c:32:d1:16:d9:5d:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 694KB - Virtual size: 694KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 50KB - Virtual size: 50KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 1024B - Virtual size: 905B

.reloc Size: 19KB - Virtual size: 19KB

0173ee78d12a1737db5da04608e6742e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

advapi32

kernel32

shell32

ole32

ws2_32

ntdll

bcrypt

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 976KB - Virtual size: 976KB

.data Size: 6KB - Virtual size: 9KB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:de:b5:3f:95:73:37:fb:ea:f9:8c:4a:61:5b:14:9d
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

bd:bc:b6:f9:51:06:28:d5:29:2a:f1:83:64:6c:32:d1:16:d9:5d:1e
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 694KB - Virtual size: 694KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 50KB - Virtual size: 50KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 1024B - Virtual size: 905B

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 976KB - Virtual size: 976KB

.data
Size: 6KB - Virtual size: 9KB

.reloc
Size: 82KB - Virtual size: 82KB