GAP[.]zip[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

GAP.zip.7z
Size

11.1MB
MD5

6735fdfa1f07c7930813c95c3cc3514d
SHA1

090e25340e085733fc98dda2f4dcef02eb11ce67
SHA256

11e00a0a11f7e8f1bdc88767bb679f3f77fc67ce004b59485e126819fe6818d1
SHA512

555fc13c724e0124ee31e6390928c05317ca804b96f7f40c28a20891c2b8cce85415fb5c8e216535c0bf848bc94df675771d431a4939d90ff0127028eea54e33
SSDEEP

196608:pV5KcYgQu3e01VkJ+kP8wU9Ow0Yp011KoIkY9QD7vbZJ:p7/1VLkkwoe11KoIkY+HZ

Score

N/A

Malware Config

Signatures

Files

GAP.zip.7z
.7z

Password: infected
GAP.zip
.zip

Password: infected
New project Business plan - budget GAP\new.exe
.exe windows x64

Password: infected

5a2f3b96d46fb127d19f6c72d021c51a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:ae:95:f5:4c:8e:9b:d0:b6:47:68:6a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2022 01:19

Not After

20-09-2023 01:19

Subject

SERIALNUMBER=0314350615,CN=CÔNG TY TNHH THIẾT KẾ VÀ XÂY DỰNG SÂN VƯỜN NON BỘ SƠN HẢI,OU=IT Department,O=CÔNG TY TNHH THIẾT KẾ VÀ XÂY DỰNG SÂN VƯỜN NON BỘ SƠN HẢI,STREET=63 Nguyễn Văn Công\, Phường 3\, Quận Gò Vấp,L=Hồ Chí Minh,ST=Hồ Chí Minh,C=VN,1.2.840.113549.1.9.1=#0c1f746164756368756e675f6d6b7440706466736f667477617265766e2e636f6d,1.3.6.1.4.1.311.60.2.1.2=#0c0e48e1bb93204368c3ad204d696e68,1.3.6.1.4.1.311.60.2.1.3=#1302564e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:69:5b:f3:15:8f:71:79:86:d9:1d:70:b3:dc:cf:ba:c7:e8:62:10
Signer

Actual PE Digest

c6:69:5b:f3:15:8f:71:79:86:d9:1d:70:b3:dc:cf:ba:c7:e8:62:10

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=0314350615,CN=CÔNG TY TNHH THIẾT KẾ VÀ XÂY DỰNG SÂN VƯỜN NON BỘ SƠN HẢI,OU=IT Department,O=CÔNG TY TNHH THIẾT KẾ VÀ XÂY DỰNG SÂN VƯỜN NON BỘ SƠN HẢI,STREET=63 Nguyễn Văn Công\, Phường 3\, Quận Gò Vấp,L=Hồ Chí Minh,ST=Hồ Chí Minh,C=VN,1.2.840.113549.1.9.1=#0c1f746164756368756e675f6d6b7440706466736f667477617265766e2e636f6d,1.3.6.1.4.1.311.60.2.1.2=#0c0e48e1bb93204368c3ad204d696e68,1.3.6.1.4.1.311.60.2.1.3=#1302564e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

23-09-2022 10:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptProtectData
CryptUnprotectMemory
CryptProtectMemory
PFXImportCertStore
PFXExportCertStore
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CryptImportPublicKeyInfoEx2
CryptFormatObject
CertVerifyCertificateChainPolicy
CryptDecodeObject
CertVerifyTimeValidity
CertSetCertificateContextProperty
CertSerializeCertificateStoreElement
CertSaveStore
CertOpenStore
CertNameToStrW
CertGetValidUsages
CertGetNameStringW
CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCreateCertificateChainEngine
CertControlStore
CertCloseStore
CertAddCertificateLinkToStore
CertAddCertificateContextToStore
CryptFindOIDInfo
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptUnprotectData

advapi32

EventWriteTransfer
EventWrite
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
GetTokenInformation
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
EnumerateTraceGuidsEx
EventRegister
EventActivityIdControl
RegCloseKey
EventUnregister
EventSetInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
EventEnabled

bcrypt

BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenRandom
BCryptDecrypt
BCryptCreateHash
BCryptDestroyKey
BCryptDestroyHash
BCryptImportKey
BCryptExportKey
BCryptCloseAlgorithmProvider

iphlpapi

GetAdaptersAddresses
if_nametoindex
GetNetworkParams
GetPerAdapterInfo

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
InitializeSListHead
DecodePointer
EncodePointer
RtlUnwindEx
InterlockedPushEntrySList
RtlUnwind
RtlLookupFunctionEntry
GetStdHandle
GetCurrentProcess
GetConsoleCP
GetConsoleOutputCP
MultiByteToWideChar
WideCharToMultiByte
GetCPInfoExW
FormatMessageW
CloseHandle
GetExitCodeProcess
CreateProcessW
OpenProcess
K32EnumProcesses
GetProcessId
DuplicateHandle
QueryFullProcessImageNameW
CreatePipe
CancelIoEx
LoadLibraryExW
RaiseFailFastException
GetTickCount64
GetCurrentProcessorNumber
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
GetProcAddress
CloseThreadpoolIo
LCIDToLocaleName
FindNLSStringEx
CompareStringEx
FindStringOrdinal
GetUserPreferredUILanguages
InitializeConditionVariable
WakeConditionVariable
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
GetLastError
GetCPInfo
GetCurrentProcessId
GetSystemTime
LocalAlloc
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
WaitForMultipleObjectsEx
WaitForSingleObject
Sleep
GetCurrentThread
WaitForThreadpoolWaitCallbacks
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
LocaleNameToLCID
LCMapStringEx
CompareStringOrdinal
GetLocaleInfoEx
EnumSystemLocalesEx
EnumTimeFormatsEx
GetCalendarInfoEx
EnumCalendarInfoExEx
ResolveLocaleName
SleepConditionVariableCS
CopyFileExW
CreateFileW
DeleteFileW
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLongPathNameW
GetOverlappedResult
GetSystemDirectoryW
GetTempPathW
QueryUnbiasedInterruptTime
ReadFile
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
CreateMutexExW
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetConsoleMode
ReadConsoleW
WriteConsoleW
PostQueuedCompletionStatus
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsFree
FormatMessageA
VerSetConditionMask
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
CreateEventW
SetWaitableTimer
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CreateWaitableTimerA
VerifyVersionInfoA
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
GetSystemDirectoryA
LoadLibraryA
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
FindFirstFileW
FindNextFileW
GetModuleHandleW
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
RtlVirtualUnwind
SetConsoleMode
ReadConsoleA
GetTickCount
MapViewOfFile
CreateFileMappingW
GetProcessHeap
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapFree
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
FlushProcessWriteBuffers
VirtualQuery
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
TerminateProcess
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
DebugBreak
GlobalMemoryStatusEx
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
K32GetProcessMemoryInfo
RaiseException
RtlPcToFileHeader
TryAcquireSRWLockExclusive

ncrypt

NCryptDeleteKey
NCryptImportKey
NCryptOpenKey
NCryptFreeObject
NCryptOpenStorageProvider
NCryptGetProperty
NCryptSetProperty

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateGuid
CoGetApartmentType

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
LoadStringW

ws2_32

socket
WSASocketW
WSAStartup
WSACleanup
bind
closesocket
getpeername
getsockname
getsockopt
ioctlsocket
recv
select
send
setsockopt
shutdown
WSAConnect
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
getservbyport
FreeAddrInfoExW
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
GetAddrInfoExW
WSAEventSelect
__WSAFDIsSet
connect
htonl
ntohl
WSASetLastError
WSAGetLastError
WSAAddressToStringW
WSAStringToAddressW
getaddrinfo
freeaddrinfo
ntohs
gethostbyname
htons
inet_addr
inet_ntoa
gethostbyaddr
getservbyname

api-ms-win-crt-math-l1-1-0

cos
ldexp
log2
powf
frexp
__setusermatherr
modf
tan
sqrt
sin
pow
log10
ceil
floor

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_msize
_set_new_mode
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_wide_argv
_initialize_wide_environment
terminate
_get_initial_wide_environment
_exit
_initterm
raise
_initterm_e
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
signal
_errno
_endthreadex
_crt_atexit
abort
strerror_s
exit
_initialize_onexit_table
_beginthreadex
_register_onexit_function
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fclose
fgetc
ungetc
feof
ferror
_fseeki64
fputs
_get_stream_buffer_pointers
__p__commode
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
fopen
_wfopen
fsetpos
fflush
fputc
_set_fmode
fgetpos
__stdio_common_vswprintf
fgets
setvbuf
fwrite
ftell
fseek
fread
_fileno
_setmode

api-ms-win-crt-string-l1-1-0

__strncnt
_stricmp
_wcsicmp
isdigit
isspace
wcsncmp
strspn
strncmp
strncpy_s
strcpy_s
isupper
strcmp
tolower
_wcsdup
strncpy
islower
strcspn
strcat_s

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
_lock_locales
localeconv
_configthreadlocale
___lc_locale_name_func
setlocale
_unlock_locales
___lc_codepage_func
__pctype_func

api-ms-win-crt-convert-l1-1-0

strtoul
atol
atoi
strtol
strtod
strtof

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
_localtime64_s
_gmtime64

api-ms-win-crt-utility-l1-1-0

rand_s
qsort

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64i32
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

Create
CreateNativeSqliteHandler
Decode
Dispose
DisposeNativeSqliteHandler
DotNetRuntimeDebugHeader
GetData
Open
SendFile
Start

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 700KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

5a2f3b96d46fb127d19f6c72d021c51a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

37:ae:95:f5:4c:8e:9b:d0:b6:47:68:6aCertificate

Extended Key Usages

Key Usages

c6:69:5b:f3:15:8f:71:79:86:d9:1d:70:b3:dc:cf:ba:c7:e8:62:10Signer

Signature Validations

Verification

23-09-2022 10:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

advapi32

bcrypt

iphlpapi

kernel32

ncrypt

ole32

user32

ws2_32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.managed Size: 10.5MB - Virtual size: 10.5MB

.rdata Size: 9.6MB - Virtual size: 9.6MB

.data Size: 700KB - Virtual size: 876KB

.pdata Size: 831KB - Virtual size: 830KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 412KB - Virtual size: 412KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

37:ae:95:f5:4c:8e:9b:d0:b6:47:68:6a
Certificate

c6:69:5b:f3:15:8f:71:79:86:d9:1d:70:b3:dc:cf:ba:c7:e8:62:10
Signer

23-09-2022 10:48
Valid: false

.text
Size: 4.4MB - Virtual size: 4.4MB

.managed
Size: 10.5MB - Virtual size: 10.5MB

.rdata
Size: 9.6MB - Virtual size: 9.6MB

.data
Size: 700KB - Virtual size: 876KB

.pdata
Size: 831KB - Virtual size: 830KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 412KB - Virtual size: 412KB