zoom_msetup_9oeWD[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

zoom_msetup_9oeWD.exe
Size

3.8MB
MD5

925d9a739fa267d6f06bfd16d222c48c
SHA1

7a070ec6018e188d6f0e362ff866ec031881ff5d
SHA256

d4c9a04fe9dc547289a2cbd56d3d18424ef756053c853d38a3d3bb76ad6c5591
SHA512

fbaeaf8e0ed7b007b2c3c99d38c12ba58e5b93a9b06b75ebaf0685d5a343d1589d325206e6f2278ea6ee6a422752e17df909a237f00d85d6268833c87b50ed62
SSDEEP

49152:Fzx5Oh75FZQFbaCyr/Zbps/ZIYqvxlerx9um7Ie9hOMWMj:dxe7uF1F5uyn9K

Score

N/A

Malware Config

Signatures

Files

zoom_msetup_9oeWD.exe
.exe windows x86

2bedee50d41d5e866bbad42fd6a5d9ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_W
DnsFree

powrprof

CallNtPowerInformation

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptBinaryToStringA
CertGetCertificateChain
CryptStringToBinaryA

ws2_32

WSAResetEvent
WSACloseEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
WSAEventSelect
bind
connect
getpeername
send
inet_addr
WSAEnumNetworkEvents
recv
WSACreateEvent
WSASetEvent
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
ioctlsocket
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl

normaliz

IdnToAscii
IdnToUnicode

kernel32

VerifyVersionInfoW
HeapFree
GetProcessHeap
FormatMessageW
GetTickCount64
CreateFileW
DeleteFileW
SetEndOfFile
SetFilePointer
WriteFile
CloseHandle
WaitForSingleObject
CreateThread
WaitForMultipleObjects
MoveFileExW
GetExitCodeProcess
SetEvent
CreateEventW
ReadFile
CreateDirectoryW
HeapAlloc
FreeLibrary
LoadLibraryW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSizeEx
GetTempFileNameW
GetTempPathW
GetCurrentProcess
OpenProcess
GetSystemTimeAsFileTime
GetLocalTime
GetSystemDirectoryW
IsWow64Process
GetModuleFileNameW
SizeofResource
Module32FirstW
GetTickCount
GetStdHandle
ReleaseMutex
CreateMutexW
LocalFree
AllocConsole
GlobalMemoryStatusEx
GetSystemInfo
LocalAlloc
GetVolumeInformationW
GetCurrentProcessId
GetNativeSystemInfo
GetLocaleInfoA
Process32FirstW
Process32NextW
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameW
SetLastError
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
CreateFileA
ResumeThread
ExitThread
GetFileType
SetStdHandle
HeapValidate
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VirtualQuery
InitializeSListHead
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
GetLocaleInfoEx
GetStringTypeW
FormatMessageA
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FreeResource
VerSetConditionMask
Sleep
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetCurrentThread
SetEnvironmentVariableW
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
HeapReAlloc
HeapSize
FindResourceW
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateToolhelp32Snapshot

user32

ReleaseCapture
SetCapture
GetFocus
DestroyCursor
SetCursor
ShowCursor
FrameRect
EndPaint
BeginPaint
IsWindowEnabled
GetDlgCtrlID
GetSystemMetrics
GetDC
ReleaseDC
LockWindowUpdate
SetScrollPos
ShowScrollBar
SetCursorPos
GetSysColorBrush
SetScrollInfo
DrawIconEx
FlashWindow
CharUpperW
MessageBoxW
GetCursorPos
FindWindowW
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
DefWindowProcW
UnregisterClassW
RegisterClassExW
MapDialogRect
CharLowerA
CharLowerW
EnumDisplaySettingsW
MonitorFromPoint
DrawTextW
SetFocus
FillRect
GetSysColor
GetClientRect
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
GetDlgItem
EnableWindow
UpdateWindow
SetForegroundWindow
RedrawWindow
SetWindowTextW
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetWindowTextW
GetDesktopWindow
GetParent
EnumChildWindows
LoadCursorW
PostQuitMessage
SetClassLongW
DestroyIcon
SetTimer
LoadImageW
LoadIconW
IsDialogMessageW
MoveWindow
ClientToScreen
GetWindowTextLengthW
TrackMouseEvent

gdi32

RemoveFontMemResourceEx
AddFontMemResourceEx
GetDeviceCaps
SetDIBits
GetDIBits
SetStretchBltMode
CreatePen
GetTextColor
GetBkColor
SetBkMode
SetBkColor
GetBkMode
GetStockObject
DeleteObject
CreateFontIndirectW
CreateSolidBrush
SelectObject
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetDCBrushColor
StretchBlt
BitBlt

advapi32

RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom

shell32

SHFileOperationW
SHGetFolderPathW
ord171
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitializeEx
StringFromGUID2
CreateStreamOnHGlobal

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW

shlwapi

UrlEscapeW
AssocQueryStringW
UrlEscapeA
PathFileExistsW

comctl32

InitCommonControlsEx
ord413
ord412
ord410

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipDrawImageRectI

winmm

timeSetEvent
timeKillEvent

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

msimg32

GradientFill

wininet

InternetGetLastResponseInfoW
InternetCrackUrlW

Sections

.textbss
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bedee50d41d5e866bbad42fd6a5d9ca

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

powrprof

crypt32

ws2_32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

version

shlwapi

comctl32

gdiplus

winmm

rpcrt4

msimg32

wininet

Sections

.textbss Size: - Virtual size: 1.5MB

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 403KB - Virtual size: 402KB

.data Size: 53KB - Virtual size: 69KB

.idata Size: 13KB - Virtual size: 13KB

.msvcjmc Size: 6KB - Virtual size: 6KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 108KB - Virtual size: 107KB

.textbss
Size: - Virtual size: 1.5MB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 403KB - Virtual size: 402KB

.data
Size: 53KB - Virtual size: 69KB

.idata
Size: 13KB - Virtual size: 13KB

.msvcjmc
Size: 6KB - Virtual size: 6KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 108KB - Virtual size: 107KB