Sample(s)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Sample(s).rar
Size

25.3MB
MD5

8e82833830e0465c007040b11ecb5fe0
SHA1

868000cbaec4e8f390dd9705716afc1e7f3feab7
SHA256

a0efb0165935acc802cfc2da23b50a7867ad7f740d747d08127fa27fa8280775
SHA512

553e5c395e14a2248e5df34ac78ad027744189fb5a1fdfe1810443f17fb29d2bc701cfae875c2c1b49de2787d3803d3925229784d1a46bee5c159089664dcb11
SSDEEP

393216:kEh6/OwK82CK5X4TyBThBizlXtgqxZ0HYr20UOs2Rs23yOy3scmEuD:th6bKrCK5ImT/wngWOwrs2u2+8cmD

Score

1^/10

Malware Config

Signatures

Files

Sample(s).rar
.rar

Password: infected
wtepktomp.exe.v
.exe windows:4 windows x86 arch:x86

Password: infected

0d97c35376278d9c189421615fbb4ed2

Code Sign

72:85:e4:6e:2e:d0:85:a4
Certificate

Issuer

CN=vpn.speed.com,O=fobwifi,C=CN

Not Before

29-05-2020 15:24

Not After

24-05-2040 15:24

Subject

CN=vpn.speed.com,O=speed,C=CN

97:47:7e:b3:ef:1b:48:0e:17:bf:d7:52:40:4f:15:8a:69:9e:c9:b6:82:0e:1b:f5:f4:99:ac:71:54:31:ec:bd
Signer

Actual PE Digest

97:47:7e:b3:ef:1b:48:0e:17:bf:d7:52:40:4f:15:8a:69:9e:c9:b6:82:0e:1b:f5:f4:99:ac:71:54:31:ec:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation

user32

ClientToScreen

gdi32

SetMapMode

comdlg32

GetSaveFileNameA

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyA

shell32

ExtractIconA

comctl32

ImageList_ReplaceIcon

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 26.6MB - Virtual size: 26.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0d97c35376278d9c189421615fbb4ed2

Code Sign

72:85:e4:6e:2e:d0:85:a4Certificate

97:47:7e:b3:ef:1b:48:0e:17:bf:d7:52:40:4f:15:8a:69:9e:c9:b6:82:0e:1b:f5:f4:99:ac:71:54:31:ec:bdSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

msvcrt

iphlpapi

psapi

Sections

.text Size: 26.6MB - Virtual size: 26.6MB

.sedata Size: 916KB - Virtual size: 916KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 180KB - Virtual size: 180KB

.sedata Size: 4KB - Virtual size: 4KB

72:85:e4:6e:2e:d0:85:a4
Certificate

97:47:7e:b3:ef:1b:48:0e:17:bf:d7:52:40:4f:15:8a:69:9e:c9:b6:82:0e:1b:f5:f4:99:ac:71:54:31:ec:bd
Signer

.text
Size: 26.6MB - Virtual size: 26.6MB

.sedata
Size: 916KB - Virtual size: 916KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 180KB - Virtual size: 180KB

.sedata
Size: 4KB - Virtual size: 4KB