1272235346f764cc597a0f6456c4b59a[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1272235346f764cc597a0f6456c4b59a.bin
Size

45.2MB
MD5

a0ba4efad1b206dda7b96e746db62327
SHA1

572f273b6b59e8cd9313a4a94c847c0a36655f43
SHA256

bebe54007e4e4f49da32435478a12f63915d99e47dc59033ccb32757f67aa2b0
SHA512

6ac0561231e7f03a82b3e10c67af9a129292da40c5210f56c0ff4afa79baae2f421e2117d1b649d437feac8626141557411332da632f0b3914641cd65218272c
SSDEEP

786432:GwDRw6n4/O3GomFFiLtDyjFTlD32Z+QhJWgMsc6MkEgWqzDvbHi52jtBuB:GjEdXmFAs5132ZDm16aPqTHRjKB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/Exexcutor/main.exe

Files

1272235346f764cc597a0f6456c4b59a.bin
.zip

Password: infected
a4efbca363ac282917e185fa67042f18c0c31b6a4fef095e45cee3cdbe8bff6e.zip
.zip

Password: infected
Exexcutor/build/log.txt
Exexcutor/dll/GameUI.dll
.dll windows:4 windows x86 arch:x86

Password: infected

4508183000872c27eae324537e9ccc1f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-11-2006 00:00

Not After

24-11-2009 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:01:58:3e:ae:27:7b:e4:8d:e9:3e:de:ca:26:bf:a8:01:95:e9:0f
Signer

Actual PE Digest

73:01:58:3e:ae:27:7b:e4:8d:e9:3e:de:ca:26:bf:a8:01:95:e9:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleHandleA
GlobalUnlock
GlobalLock
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
TerminateThread
Sleep
SetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
CreateThread
ExitThread
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetLastError
CreateMutexA
ReleaseMutex
GlobalFree
GlobalAlloc
SetEndOfFile
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
CreateFileA
FlushFileBuffers
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
WriteFile
GetEnvironmentStringsW
HeapFree
HeapAlloc
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
IsBadReadPtr
CreateDirectoryA
GetCommandLineA
GetVersion
WideCharToMultiByte
RaiseException
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetLocaleInfoW

user32

FindWindowA
EnumWindows
GetWindowTextA
PostMessageA
SetCursorPos
RegisterWindowMessageA

wsock32

closesocket
select
__WSAFDIsSet
gethostname
bind
htons
ioctlsocket
gethostbyname
ntohs
setsockopt
inet_ntoa
socket
shutdown
sendto
recvfrom
getsockname

Exports

Exports

CreateInterface

Sections

.text
Size: 572KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exexcutor/dll/RobloxPlayerBeta.dll
.dll windows:6 windows x64 arch:x64

Password: infected

8c2e412b3767a91b4bc40a068073f7b7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:0b:eb:6d:8f:b3:ee:bd:30:43:9e:2a:86:fa:49:63
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-07-2022 00:00

Not After

12-07-2024 23:59

Subject

CN=ROBLOX CORPORATION,O=ROBLOX CORPORATION,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:5e:cd:51:fe:36:64:76:ca:8c:b2:81:e1:79:fd:b7:ae:bc:e3:75
Signer

Actual PE Digest

0c:5e:cd:51:fe:36:64:76:ca:8c:b2:81:e1:79:fd:b7:ae:bc:e3:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

loader.pdb

Imports

ntdll

NtTerminateProcess
RtlCaptureContext
RtlFreeHeap
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateFileMappingW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSRWLockExclusive
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableCS
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

MessageBeep

Exports

Exports

run

Sections

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.0MB - Virtual size: 19.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.byfron1
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.byfron
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 60B

.rsrc
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exexcutor/main.exe
.exe windows:4 windows x86 arch:x86

Password: infected

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37.2MB - Virtual size: 37.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Exexcutor/scripts/script1.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

4508183000872c27eae324537e9ccc1f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

73:01:58:3e:ae:27:7b:e4:8d:e9:3e:de:ca:26:bf:a8:01:95:e9:0fSigner

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 572KB - Virtual size: 570KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 56KB - Virtual size: 147KB

.reloc Size: 72KB - Virtual size: 71KB

Password: infected

8c2e412b3767a91b4bc40a068073f7b7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

99:0b:eb:6d:8f:b3:ee:bd:30:43:9e:2a:86:fa:49:63Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0c:5e:cd:51:fe:36:64:76:ca:8c:b2:81:e1:79:fd:b7:ae:bc:e3:75Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

Exports

Exports

Sections

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 7.0MB - Virtual size: 19.3MB

.byfron1 Size: 512B - Virtual size: 4B

.byfron Size: 21.5MB - Virtual size: 21.5MB

.tls Size: 512B - Virtual size: 2B

.voltbl Size: 512B - Virtual size: 60B

.rsrc Size: 733KB - Virtual size: 732KB

.reloc Size: 23KB - Virtual size: 22KB

Password: infected

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

73:01:58:3e:ae:27:7b:e4:8d:e9:3e:de:ca:26:bf:a8:01:95:e9:0f
Signer

.text
Size: 572KB - Virtual size: 570KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 56KB - Virtual size: 147KB

.reloc
Size: 72KB - Virtual size: 71KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

99:0b:eb:6d:8f:b3:ee:bd:30:43:9e:2a:86:fa:49:63
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0c:5e:cd:51:fe:36:64:76:ca:8c:b2:81:e1:79:fd:b7:ae:bc:e3:75
Signer

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 7.0MB - Virtual size: 19.3MB

.byfron1
Size: 512B - Virtual size: 4B

.byfron
Size: 21.5MB - Virtual size: 21.5MB

.tls
Size: 512B - Virtual size: 2B

.voltbl
Size: 512B - Virtual size: 60B

.rsrc
Size: 733KB - Virtual size: 732KB

.reloc
Size: 23KB - Virtual size: 22KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 37.2MB - Virtual size: 37.2MB

.bss
Size: - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 752B