General

Malware Config

Signatures

Files

• 3.5.5_46010.exe

  .zip

  Password: India@2023@@

• Device/HarddiskVolume5/USERS/Administrator/AppData/Local/Temp/HYDF2AB.tmp.1644086939_permissionsCopy/updates/3.5.5_46010.exe

  .exe windows:5 windows x86 arch:x86

  
  

  Code Sign

  6f:13:bc:d5:09:63:d2:f3:09:43:9e:37:fd:45:9c:7c

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  04-10-2019 00:00

  Not After

  16-12-2022 23:59

  Subject

  CN=BitTorrent Inc,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  38:63:de:f8

  Certificate

  Issuer

  CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

  Not Before

  24-12-1999 17:50

  Not After

  24-07-2029 14:15

  Subject

  CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  58:da:13:ff:00:00:00:00:51:ce:0d:f7

  Certificate

  Issuer

  CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

  Not Before

  22-07-2015 19:02

  Not After

  22-06-2029 19:32

  Subject

  CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4

  Certificate

  Issuer

  CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

  Not Before

  22-07-2020 15:33

  Not After

  29-12-2030 16:29

  Subject

  CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  05:69:b2:bc:74:35:89:e4:bc:28:13:3a:ed:4a:78:79:52:33:e8:a8:88:42:c0:6b:db:85:d2:7a:c2:cf:c7:b5

  Signer

  Actual PE Digest

  05:69:b2:bc:74:35:89:e4:bc:28:13:3a:ed:4a:78:79:52:33:e8:a8:88:42:c0:6b:db:85:d2:7a:c2:cf:c7:b5

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 3.4MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 1.9MB - Virtual size: 1.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 124KB - Virtual size: 124KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• manifest.json