Maggie[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Maggie.zip
Size

474KB
MD5

d92a764682e88cec0f079afc37b83538
SHA1

9fa98789eeecf10371eddf919966ed958e027313
SHA256

752cfdcdd2abaff01e4248970dab1cfaadd939eb58d873e1f059337048414000
SHA512

e4b51d421346afed86ac10e8e656e4560a55fe53981d0469438020e8d58532ac697bba3482ea9361065f627c577211ba627d5191ee83b223c4333295556db4aa
SSDEEP

12288:tsBYpqcE3AmavdJYYz7BbD2r+pcOKoZOf1:tsBYpREBsYYd2Kp06Of1

Score

N/A

Malware Config

Signatures

Files

Maggie.zip
.zip

Password: infected
readme.txt
samples/854bb57bbd22b64679b3574724fafd7f9de23f5f71365b1dd8757286cec87430.exe
.dll windows x64

cfd02dd9d942bd97f7772b2e0669acfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FlsFree
FlsGetValue
WideCharToMultiByte
GetCurrentProcessId
GlobalMemoryStatusEx
VirtualQueryEx
VirtualProtectEx
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
SetFileAttributesA
DeleteFileA
GetEnvironmentVariableA
CreateProcessA
ReadFile
FindNextFileA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
CreatePipe
MultiByteToWideChar
DuplicateHandle
GetModuleFileNameA
GetCurrentThread
OutputDebugStringA
Sleep
IsBadReadPtr
GetVersionExA
GetSystemInfo
LocalFree
GlobalFree
CreateThread
WaitForSingleObject
GetSystemDirectoryA
GetTickCount
WriteFile
SetFilePointer
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
CreateFileA
DeviceIoControl
CloseHandle
GlobalAlloc
FindFirstFileA
FindClose
ResumeThread
VirtualAlloc
VirtualProtect
VirtualQuery
LoadLibraryExA
LoadLibraryExW
DecodePointer
EncodePointer
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
lstrlenA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapReAlloc
IsValidCodePage
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
ExitProcess
GetModuleHandleW
HeapDestroy
HeapCreate
HeapSetInformation
SetLastError

user32

SetProcessWindowStation
GetSystemMetrics
SetUserObjectSecurity
OpenWindowStationA
GetUserObjectInformationA
GetProcessWindowStation
CloseDesktop
CloseWindowStation
PostMessageA
SetTimer
KillTimer
DefWindowProcA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
OpenDesktopA
GetUserObjectSecurity
CharLowerBuffA

advapi32

RegCreateKeyExA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
LogonUserW
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessWithTokenW
CreateProcessWithLogonW
LookupAccountNameA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAce
CopySid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetAclInformation
GetAce
IsValidSid
GetSecurityDescriptorDacl
GetFileSecurityA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

odbc32

ord41
ord43
ord11
ord18
ord13
ord27
ord4
ord36
ord9
ord31
ord24
ord75
ord39

opends60

ord42
ord41
ord26
ord25
ord40

ws2_32

WSASocketA
socket
htons
inet_addr
connect
__WSAFDIsSet
recv
send
closesocket
WSASetLastError
WSAStartup
setsockopt
WSAEventSelect
listen
bind
htonl
shutdown
WSAAccept
WSASendTo
WSASend
getsockname
WSARecv
WSARecvFrom
WSACleanup
WSAAsyncSelect
inet_ntoa
getpeername
WSAGetLastError
inet_ntop
WSAIoctl
gethostbyname
WSAAsyncGetHostByName
gethostname
ioctlsocket
select

wininet

InternetConnectA
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

GetStockObject

Exports

Exports

maggie

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/a375ae44c8ecb158895356d1519fe374dc99c4c6b13f826529c71fb1d47095c3.exe
.dll windows x64

1e0c1303f6fddc09a32e55f2a239a391

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
DuplicateHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindNextFileA
ReadFile
CreateProcessA
CreatePipe
GetCurrentThread
DeleteFileA
SetFileAttributesA
WideCharToMultiByte
GlobalMemoryStatusEx
GetStdHandle
ExitProcess
HeapDestroy
OutputDebugStringA
Sleep
IsBadReadPtr
GetVersionExA
GetSystemInfo
GetCurrentProcess
LocalFree
GlobalAlloc
GlobalFree
CreateThread
WaitForSingleObject
GetSystemDirectoryA
GetTickCount
WriteFile
SetFilePointer
GetLastError
FindFirstFileA
FindClose
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
__C_specific_handler
CreateFileA
DeviceIoControl
GetEnvironmentVariableA
CloseHandle
VirtualQueryEx
VirtualProtectEx
SuspendThread
VirtualFree
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualAlloc
VirtualProtect
GetModuleHandleW
VirtualQuery
LoadLibraryExA
LoadLibraryExW
lstrlenA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapReAlloc
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetCPInfo
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
MultiByteToWideChar
RtlPcToFileHeader
RaiseException
FlsAlloc
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
LCMapStringA

user32

PostMessageA
GetSystemMetrics
TranslateMessage
DispatchMessageA
GetMessageA
LoadIconA
LoadCursorA
RegisterClassA
SetTimer
KillTimer
DefWindowProcA
CreateWindowExA
CharLowerBuffA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
RegOpenKeyExA
RegQueryValueExA
LookupAccountSidA
GetAclInformation
GetAce
IsValidSid
GetSecurityDescriptorDacl
GetFileSecurityA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation

ole32

CoInitializeSecurity
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

opends60

ord26
ord42
ord41
ord25
ord40

ws2_32

gethostbyname
WSAIoctl
WSAGetLastError
getpeername
inet_ntoa
gethostname
WSAEventSelect
ioctlsocket
socket
htons
inet_addr
connect
select
__WSAFDIsSet
recv
send
closesocket
WSASetLastError
WSAStartup
setsockopt
WSASocketA
WSAAsyncGetHostByName
listen
bind
htonl
shutdown
WSASendTo
WSASend
getsockname
WSARecv
WSARecvFrom
WSACleanup
WSAAsyncSelect
WSAAccept

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetReadFile
InternetConnectA
InternetOpenA
InternetCrackUrlA

netapi32

NetUserEnum
NetApiBufferFree

gdi32

GetStockObject

Exports

Exports

sql_door

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/eb7b33b436d034b2992c4f40082ba48c744d546daa3b49be8564f2c509bd80e9.dll
.dll windows x86

96197e72496e42b66353e7e82c3f5782

Code Sign

02:10:36:b9:e8:0d:16:ea:7f:8c:f0:e9:06:2b:34:55
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-01-2021 00:00

Not After

11-01-2023 23:59

Subject

CN=DEEPSoft Co.\, Ltd.,O=DEEPSoft Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

56:6e:0f:47:8a:2c:1f:ac:f7:5e:89:67:db:98:e0:92:a2:06:fe:76
Signer

Actual PE Digest

56:6e:0f:47:8a:2c:1f:ac:f7:5e:89:67:db:98:e0:92:a2:06:fe:76

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DEEPSoft Co.\, Ltd.,O=DEEPSoft Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

06-10-2022 12:11
Valid: true

Chain 1

CN=DEEPSoft Co.\, Ltd.,O=DEEPSoft Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
WideCharToMultiByte
GlobalMemoryStatusEx
InterlockedCompareExchange64
InitializeCriticalSection
DeleteCriticalSection
SetFileAttributesA
LeaveCriticalSection
InterlockedIncrement
GetCurrentProcessId
GetDriveTypeA
TerminateProcess
GetCommandLineA
GetCurrentThreadId
EnterCriticalSection
GetLogicalDrives
VirtualQueryEx
VirtualProtectEx
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
DeleteFileA
GetEnvironmentVariableA
CreateProcessA
ReadFile
FindNextFileA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
CreatePipe
MultiByteToWideChar
DuplicateHandle
GetModuleFileNameA
GetCurrentThread
OutputDebugStringA
InterlockedExchange
Sleep
IsBadReadPtr
GetVersionExA
GetSystemInfo
LocalFree
GlobalFree
CreateThread
WaitForSingleObject
GetSystemDirectoryA
GetTickCount
WriteFile
SetFilePointer
GetLastError
GetModuleHandleA
InterlockedDecrement
LoadLibraryA
FindClose
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
CreateFileA
DeviceIoControl
CloseHandle
GlobalAlloc
FindFirstFileA
InterlockedCompareExchange
VirtualProtect
VirtualQuery
LoadLibraryExA
LoadLibraryExW
RtlUnwind
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
lstrlenA
SetEndOfFile
HeapReAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
ExitProcess
UnhandledExceptionFilter

user32

PostMessageA
GetSystemMetrics
SetUserObjectSecurity
SetProcessWindowStation
OpenWindowStationA
GetUserObjectInformationA
GetProcessWindowStation
CloseDesktop
CloseWindowStation
KillTimer
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
OpenDesktopA
GetUserObjectSecurity
CharLowerBuffA

advapi32

BuildExplicitAccessWithNameA
LogonUserA
RegCreateKeyExA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
GetNamedSecurityInfoA
LogonUserW
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessWithTokenW
CreateProcessWithLogonW
LookupAccountNameA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAce
CopySid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetAclInformation
GetAce
IsValidSid
GetSecurityDescriptorDacl
GetFileSecurityA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

odbc32

ord41
ord43
ord11
ord18
ord13
ord27
ord4
ord36
ord9
ord31
ord24
ord75
ord39

opends60

ord41
ord42
ord26
ord40
ord25

ws2_32

WSASocketA
socket
closesocket
htons
inet_addr
connect
select
__WSAFDIsSet
recv
send
WSASetLastError
WSAStartup
WSAEventSelect
WSACleanup
shutdown
WSASendTo
WSASend
WSAAsyncGetHostByName
WSARecv
WSARecvFrom
WSAAccept
listen
bind
htonl
getsockname
WSAAsyncSelect
inet_ntoa
getpeername
WSAGetLastError
inet_ntop
WSAIoctl
gethostbyname
setsockopt
gethostname
ioctlsocket

wininet

InternetConnectA
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

GetStockObject

Exports

Exports

maggie

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/f29a311d62c54bbb01f675db9864f4ab0b3483e6cfdd15a745d4943029dcdf14.exe
.dll windows x64

182fc115e05c85fa90776126201ce037

Code Sign

02:10:36:b9:e8:0d:16:ea:7f:8c:f0:e9:06:2b:34:55
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-01-2021 00:00

Not After

11-01-2023 23:59

Subject

CN=DEEPSoft Co.\, Ltd.,O=DEEPSoft Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:9f:00:94:06:a1:26:f1:f5:75:7c:b8:c7:7e:ec:f5:2d:c9:47:b2
Signer

Actual PE Digest

c8:9f:00:94:06:a1:26:f1:f5:75:7c:b8:c7:7e:ec:f5:2d:c9:47:b2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DEEPSoft Co.\, Ltd.,O=DEEPSoft Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

06-10-2022 12:11
Valid: true

Chain 1

CN=DEEPSoft Co.\, Ltd.,O=DEEPSoft Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalMemoryStatusEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentProcessId
FlsFree
SetFileAttributesA
LeaveCriticalSection
CreateDirectoryA
VirtualQueryEx
VirtualProtectEx
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
GetLogicalDrives
GetDriveTypeA
DeleteFileA
GetEnvironmentVariableA
CreateProcessA
ReadFile
FindNextFileA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
CreatePipe
MultiByteToWideChar
DuplicateHandle
GetModuleFileNameA
GetCurrentThread
OutputDebugStringA
Sleep
IsBadReadPtr
GetVersionExA
GetSystemInfo
LocalFree
GlobalFree
CreateThread
WaitForSingleObject
GetSystemDirectoryA
GetTickCount
WriteFile
SetFilePointer
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
CreateFileA
DeviceIoControl
CloseHandle
FindClose
GlobalAlloc
FindFirstFileA
FlsGetValue
ResumeThread
VirtualAlloc
VirtualProtect
VirtualQuery
LoadLibraryExA
LoadLibraryExW
DecodePointer
EncodePointer
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
lstrlenA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
IsValidCodePage
WriteConsoleA
HeapReAlloc
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
ExitProcess
GetModuleHandleW
HeapDestroy
HeapCreate
HeapSetInformation
SetLastError

user32

SetProcessWindowStation
GetSystemMetrics
SetUserObjectSecurity
OpenWindowStationA
GetUserObjectInformationA
GetProcessWindowStation
CloseDesktop
CloseWindowStation
PostMessageA
SetTimer
KillTimer
DefWindowProcA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
OpenDesktopA
GetUserObjectSecurity
CharLowerBuffA

advapi32

RegSetValueExA
LogonUserA
RegCreateKeyExA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
LogonUserW
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessWithTokenW
CreateProcessWithLogonW
LookupAccountNameA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAce
CopySid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetAclInformation
GetAce
IsValidSid
GetSecurityDescriptorDacl
GetFileSecurityA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

odbc32

ord41
ord43
ord11
ord18
ord13
ord27
ord4
ord36
ord9
ord31
ord24
ord75
ord39

opends60

ord42
ord41
ord26
ord25
ord40

ws2_32

WSASocketA
socket
closesocket
htons
inet_addr
connect
select
recv
send
WSASetLastError
WSAStartup
setsockopt
WSAEventSelect
listen
bind
htonl
shutdown
WSAAccept
WSASendTo
WSASend
getsockname
WSARecv
WSARecvFrom
WSACleanup
WSAAsyncSelect
inet_ntoa
getpeername
WSAGetLastError
inet_ntop
WSAIoctl
gethostbyname
WSAAsyncGetHostByName
gethostname
ioctlsocket
__WSAFDIsSet

wininet

InternetConnectA
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

GetStockObject

Exports

Exports

maggie

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

cfd02dd9d942bd97f7772b2e0669acfe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

odbc32

opends60

ws2_32

wininet

userenv

gdi32

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 26KB

.pdata Size: 8KB - Virtual size: 7KB

.detourd Size: 512B - Virtual size: 24B

.detourc Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

1e0c1303f6fddc09a32e55f2a239a391

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

opends60

ws2_32

wininet

netapi32

gdi32

Exports

Exports

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 7KB - Virtual size: 26KB

.pdata Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.detourc Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

96197e72496e42b66353e7e82c3f5782

Code Sign

02:10:36:b9:e8:0d:16:ea:7f:8c:f0:e9:06:2b:34:55Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

56:6e:0f:47:8a:2c:1f:ac:f7:5e:89:67:db:98:e0:92:a2:06:fe:76Signer

Signature Validations

Verification

06-10-2022 12:11 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 26KB

.pdata
Size: 8KB - Virtual size: 7KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 7KB - Virtual size: 26KB

.pdata
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

02:10:36:b9:e8:0d:16:ea:7f:8c:f0:e9:06:2b:34:55
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

56:6e:0f:47:8a:2c:1f:ac:f7:5e:89:67:db:98:e0:92:a2:06:fe:76
Signer

06-10-2022 12:11
Valid: true

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 23KB

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

02:10:36:b9:e8:0d:16:ea:7f:8c:f0:e9:06:2b:34:55
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

c8:9f:00:94:06:a1:26:f1:f5:75:7c:b8:c7:7e:ec:f5:2d:c9:47:b2
Signer

06-10-2022 12:11
Valid: true

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 27KB

.pdata
Size: 11KB - Virtual size: 11KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB