Bonzi buddy VS Malwarebytes VS windows 11[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Bonzi buddy VS Malwarebytes VS windows 11.zip
Size

2.9MB
MD5

ed027c969121ece48e3009ae29eb3338
SHA1

77f0ffa8d0c3c7bb143664732daa40536653b384
SHA256

b4e6a136a8d8a4f5c956a90e4048b7fa5e52b63a3d52864984c8e308d8e26d83
SHA512

d1eff3ec35c1177d74c93515856cb2b77852941e8d4bba06c89034748ab99fd9ab91978fcba471c7cd9e4fe4f5ade98c3cb5d58b9455a2a485fb5a9ba3f5a4d6
SSDEEP

49152:WMxzJs3f1FpE+7eVMmUZ6y9o5HOQoOUcT9g9Fdbwod/pR1x/C2ROtx:Jw/YZeo5HPo4pYb1dx02RCx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bonzi buddy VS Malwarebytes VS windows 11/7z2408-x64.exe

Files

Bonzi buddy VS Malwarebytes VS windows 11.zip
.zip
Bonzi buddy VS Malwarebytes VS windows 11/7z2408-x64.exe
.exe windows:4 windows x86 arch:x86

cf0d2de4fd6406302012e0f40060395f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitialize

user32

PeekMessageW
ExitWindowsEx
GetDlgItemTextW
SetWindowTextW
ShowWindow
MessageBoxW
CreateDialogParamW
LoadIconW
SendMessageW
GetMessageW
EnableWindow
GetDlgItem
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetDlgItemTextW
DestroyWindow

advapi32

RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

msvcrt

_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memcpy
memcmp
memmove
malloc
free
exit
memset

kernel32

ReadFile
CloseHandle
CreateFileW
FormatMessageW
WriteFile
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
GetFileAttributesW
SetFilePointer
GetVersion
LoadLibraryExW
GetModuleHandleA
GetStartupInfoA
LocalFree
SetFileAttributesW
SetFileTime
MoveFileExW
GetLastError
lstrcatW
GetCommandLineW
lstrcpyW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
lstrlenW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bonzi buddy VS Malwarebytes VS windows 11/MBSetup.exe
.exe windows:6 windows x86 arch:x86

8c1be39b6ace6c7da85b7edd83bef6f8

Code Sign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:93:8d:3b:2c:3a:a1:3c:a3:f8:52:00:00:00:01:93:8d
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

25/09/2024, 20:39

Not After

28/09/2024, 20:39

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:93:8d:3b:2c:3a:a1:3c:a3:f8:52:00:00:00:01:93:8d
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

25/09/2024, 20:39

Not After

28/09/2024, 20:39

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:cc
Signer

Actual PE Digest

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:cc

Digest Algorithm

sha256

PE Digest Matches

true

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:cc
Signer

Actual PE Digest

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
DeleteCriticalSection
RaiseException
IsWow64Process
GetCurrentProcess
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
CreateFileW
DeviceIoControl
CloseHandle
GetCurrentThreadId
SetLastError
LockResource
FindResourceExW
Sleep
DeleteFileW
GlobalFree
LocalFree
FormatMessageW
LocalAlloc
CallNamedPipeW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCommandLineW
DecodePointer
lstrcmpiW
GetNativeSystemInfo
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
CreateProcessW
FindNextFileW
WideCharToMultiByte
GlobalAlloc
GlobalLock
SetThreadUILanguage
LoadLibraryW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
MoveFileExW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
OpenProcess
ResumeThread
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
GetCurrentDirectoryW
GetCurrentProcessId
GetModuleFileNameA
OutputDebugStringW
GetLocalTime
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CreateMutexW
MulDiv
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
SetEndOfFile
LCMapStringW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
FormatMessageA
GetStringTypeW
GetLocaleInfoEx
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EncodePointer
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetStdHandle
WriteFile
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadFile
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
CompareStringW

dwmapi

DwmGetWindowAttribute

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

Sections

.text
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bonzi buddy VS Malwarebytes VS windows 11/Untitleddocument.html
.html

Sharing

General

Malware Config

Signatures

Files

cf0d2de4fd6406302012e0f40060395f

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 3KB

8c1be39b6ace6c7da85b7edd83bef6f8

Code Sign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2Certificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:01:93:8d:3b:2c:3a:a1:3c:a3:f8:52:00:00:00:01:93:8dCertificate

Extended Key Usages

Key Usages

33:00:01:93:8d:3b:2c:3a:a1:3c:a3:f8:52:00:00:00:01:93:8dCertificate

Extended Key Usages

Key Usages

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:ccSigner

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:ccSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

dwmapi

crypt32

rpcrt4

Sections

.text Size: 729KB - Virtual size: 729KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 13KB - Virtual size: 18KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:93:8d:3b:2c:3a:a1:3c:a3:f8:52:00:00:00:01:93:8d
Certificate

33:00:01:93:8d:3b:2c:3a:a1:3c:a3:f8:52:00:00:00:01:93:8d
Certificate

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:cc
Signer

a5:98:5d:29:a6:f2:49:7b:fa:b3:15:8b:a1:d8:2a:74:f0:20:39:1f:93:c6:a8:39:71:f2:ed:6c:0a:66:23:cc
Signer

.text
Size: 729KB - Virtual size: 729KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 13KB - Virtual size: 18KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 39KB - Virtual size: 38KB