File[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

File.zip
Size

7.0MB
MD5

17276aa1bd352f1e26e6406f5284df55
SHA1

b2b0f0f0b51ccb5f46715991eabfb39bf00c1d41
SHA256

ba03e3c5a1f373995f0af45ae59f9dec351fbe48d66b51445794b31b36d171ec
SHA512

cc551fcf0a7c0b2e155f2bf2837574bb1c7422d5de40876a7d3aa33f1e2b4ceb7d8e0607c4f40179546ab2d2fe7c82b25a152ecc26e97844167d9254ffebde85
SSDEEP

196608:TjfhnB6upbVCeZwYKWVzk4RJAcMXwXehvQfLiJXbAC:vZn0upxCeZTzDRfXeeZC

Score

N/A

Malware Config

Signatures

Files

File.zip
.zip
Install.exe
.exe windows x86

e02b276fa1385eca0c7dc7a4b0d621ad

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/03/2020, 00:00

Not After

15/03/2023, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:a0:0d:b8:a4:8b:56:e9:8c:6d:88:2e:54:47:f5:6c:89:7a:b5:3d:31:d7:60:aa:6b:fa:18:ed:dd:38:b6:d4
Signer

Actual PE Digest

87:a0:0d:b8:a4:8b:56:e9:8c:6d:88:2e:54:47:f5:6c:89:7a:b5:3d:31:d7:60:aa:6b:fa:18:ed:dd:38:b6:d4

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

06/09/2022, 12:10
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
CharUpperBuffW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

≜≝��
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

≜≝��
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

≜≝��
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WMSysPr9.prx
fonts/Alakob.ttf
fonts/AlaskanNights.ttf
fonts/Arggotsc.ttf
fonts/Army Condensed.ttf
fonts/Army Thin.ttf
fonts/BELL.TTF
fonts/BELLB.TTF
fonts/BELLI.TTF
fonts/BOD_BI.TTF
fonts/BOD_BLAI.TTF
fonts/BOD_I.TTF
fonts/CALISTB.TTF
fonts/CALISTBI.TTF
fonts/CENTAUR.TTF
fonts/Cabana-Regular.ttf
fonts/baby_csp.ttf
fonts/black.ttf
fonts/bold_0.ttf
fonts/browa.ttf
fonts/browau.ttf
fonts/browauz.ttf
fonts/browaz.ttf
fonts/deathrattlebb_reg.ttf
write.exe
.exe windows x64

90a23f469ba0443719430cba4569b220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

ShellExecuteW

kernel32

TerminateProcess
GetCurrentProcess
GetStartupInfoW
HeapSetInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
Sleep

msvcrt

_commode
?terminate@@YAXXZ
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e02b276fa1385eca0c7dc7a4b0d621ad

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

87:a0:0d:b8:a4:8b:56:e9:8c:6d:88:2e:54:47:f5:6c:89:7a:b5:3d:31:d7:60:aa:6b:fa:18:ed:dd:38:b6:d4Signer

Signature Validations

Verification

06/09/2022, 12:10 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 2.0MB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 34KB

≜≝�� Size: - Virtual size: 2.7MB

≜≝�� Size: 1KB - Virtual size: 1KB

≜≝�� Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 35KB - Virtual size: 34KB

90a23f469ba0443719430cba4569b220

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

msvcrt

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 204B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 32B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

87:a0:0d:b8:a4:8b:56:e9:8c:6d:88:2e:54:47:f5:6c:89:7a:b5:3d:31:d7:60:aa:6b:fa:18:ed:dd:38:b6:d4
Signer

06/09/2022, 12:10
Valid: true

.text
Size: - Virtual size: 2.0MB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 34KB

≜≝��
Size: - Virtual size: 2.7MB

≜≝��
Size: 1KB - Virtual size: 1KB

≜≝��
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 35KB - Virtual size: 34KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 204B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 32B