3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.zip
Size

4.8MB
MD5

7937451badab414b99a91375955a746d
SHA1

9922b5f682cd551dbaa024ba3f9befb65779379f
SHA256

69146cb1a512e6a4063042d7ec5e9e1857f33fc6ac02a7bcefcd289fc79ffe93
SHA512

a6a3b90eafb0497ac08bf5aaf8dce19831d8a913ac5364caffa4c82363ff251303a1bc3cc0a7cdeb5b5e2b0ed767b722c14b3b25d14d0cbc96f24da4cff53ecd
SSDEEP

98304:GQRKh//SttTPfgHcRUXUBxduO0mMXvqMp24ZyIUsuO:GQS/UtT3XUXUBxwFhfqalZyiuO

Score

N/A

Malware Config

Signatures

Files

3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.zip
.zip

Password: infected
3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.exe
.exe windows x86

Password: infected

9721750b3ba7a6e9d244574b387cb77d

Code Sign

15:d3:b4:30:b6:23:2d:88:49:77:4c:da:cc:98:9d:81
Certificate

Issuer

CN=World Vision Foros Combo T2/S2

Not Before

11/08/2021, 14:06

Not After

12/08/2031, 14:06

Subject

CN=World Vision Foros Combo T2/S2

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:53:26:d0:f2:f0:fb:a6:42:fc:d1:6d:00:4e:68:1a:49:47:ce:e8:23:5a:65:fc:44:cb:c7:eb:34:51:9e:23
Signer

Actual PE Digest

37:53:26:d0:f2:f0:fb:a6:42:fc:d1:6d:00:4e:68:1a:49:47:ce:e8:23:5a:65:fc:44:cb:c7:eb:34:51:9e:23

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=World Vision Foros Combo T2/S2

11/11/2022, 10:44
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CloseHandle
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

__getmainargs

ws2_32

WSACleanup

advapi32

RegCloseKey

crypt32

CryptUnprotectData

gdi32

BitBlt

user32

EnumDisplayDevicesW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

┞ Quiz
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

┞ Quiz
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

┞ Quiz
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9721750b3ba7a6e9d244574b387cb77d

Code Sign

15:d3:b4:30:b6:23:2d:88:49:77:4c:da:cc:98:9d:81Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

37:53:26:d0:f2:f0:fb:a6:42:fc:d1:6d:00:4e:68:1a:49:47:ce:e8:23:5a:65:fc:44:cb:c7:eb:34:51:9e:23Signer

Signature Validations

Verification

11/11/2022, 10:44 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ws2_32

advapi32

crypt32

gdi32

user32

wtsapi32

Sections

.text Size: - Virtual size: 211KB

.data Size: - Virtual size: 56B

.rdata Size: - Virtual size: 11KB

.eh_fram Size: - Virtual size: 36KB

.bss Size: - Virtual size: 1KB

.idata Size: - Virtual size: 3KB

.CRT Size: - Virtual size: 56B

.tls Size: - Virtual size: 8B

┞ Quiz Size: - Virtual size: 2KB

┞ Quiz Size: - Virtual size: 2.8MB

┞ Quiz Size: 4.8MB - Virtual size: 4.8MB

.rsrc Size: 488KB - Virtual size: 487KB

15:d3:b4:30:b6:23:2d:88:49:77:4c:da:cc:98:9d:81
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

37:53:26:d0:f2:f0:fb:a6:42:fc:d1:6d:00:4e:68:1a:49:47:ce:e8:23:5a:65:fc:44:cb:c7:eb:34:51:9e:23
Signer

11/11/2022, 10:44
Valid: false

.text
Size: - Virtual size: 211KB

.data
Size: - Virtual size: 56B

.rdata
Size: - Virtual size: 11KB

.eh_fram
Size: - Virtual size: 36KB

.bss
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 3KB

.CRT
Size: - Virtual size: 56B

.tls
Size: - Virtual size: 8B

┞ Quiz
Size: - Virtual size: 2KB

┞ Quiz
Size: - Virtual size: 2.8MB

┞ Quiz
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 488KB - Virtual size: 487KB