General

Malware Config

Signatures

Files

• b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.zip

  .zip

  Password: infected

• b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.exe

  .exe windows x86

  Password: infected

  146d746009a5802d63756b726117930a

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  68:d7:11:c6:ef:85:d0:0e:44:33:6f:af:77:3e:3d:0d

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  29-12-2021 00:00

  Not After

  29-12-2022 23:59

  Subject

  CN=Express Track s.r.o.,O=Express Track s.r.o.,ST=Praha\, Hlavní město,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  08:00:ca:14:ca:f9:6d:9d:d4:f4:a9:53:22:2b:7f:3d:c9:ec:36:0c:ff:2a:5d:ac:ee:33:de:9f:fe:d2:b2:c9

  Signer

  Actual PE Digest

  08:00:ca:14:ca:f9:6d:9d:d4:f4:a9:53:22:2b:7f:3d:c9:ec:36:0c:ff:2a:5d:ac:ee:33:de:9f:fe:d2:b2:c9

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Express Track s.r.o.,O=Express Track s.r.o.,ST=Praha\, Hlavní město,C=CZ

  24-11-2022 14:54

  Valid: true

  Chain 1

  CN=Express Track s.r.o.,O=Express Track s.r.o.,ST=Praha\, Hlavní město,C=CZ

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetStdHandle

  GetCommandLineA

  SetEnvironmentVariableW

  ExpandEnvironmentStringsW

  CompareFileTime

  CreateDirectoryW

  CreateFileA

  CreateFileW

  FindFirstFileW

  GetFileAttributesA

  GetFileAttributesW

  SetFileAttributesW

  SetUnhandledExceptionFilter

  SetErrorMode

  ConnectNamedPipe

  QueryPerformanceCounter

  DeviceIoControl

  LeaveCriticalSection

  ReleaseSemaphore

  ReleaseMutex

  OpenMutexW

  OpenSemaphoreW

  GetCurrentProcess

  GetCurrentThread

  GetCurrentThreadId

  TlsAlloc

  TlsGetValue

  TlsFree

  GetThreadContext

  GetSystemInfo

  GetLocalTime

  GetTickCount

  GetSystemDirectoryW

  GetWindowsDirectoryW

  VirtualProtect

  ReadProcessMemory

  CreateFileMappingW

  FindResourceExW

  GetModuleHandleA

  GetModuleHandleW

  LoadResource

  FindResourceW

  LoadLibraryA

  LoadLibraryW

  GlobalAlloc

  LocalAlloc

  SetHandleCount

  GetStdHandle

  lstrlenA

  lstrlenW

  MoveFileW

  IsBadWritePtr

  SystemTimeToFileTime

  GetConsoleCP

  GetConsoleOutputCP

  ReadConsoleW

  WriteConsoleA

  WriteConsoleW

  HeapSize

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  HeapReAlloc

  SetFilePointerEx

  GetFileSizeEx

  ReadFile

  GetConsoleMode

  FlushFileBuffers

  CloseHandle

  GetFileType

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  SetEndOfFile

  HeapAlloc

  HeapFree

  WriteFile

  GetModuleFileNameW

  GetModuleHandleExW

  LoadLibraryExW

  GetProcAddress

  VirtualAllocEx

  VirtualAlloc

  GetTickCount64

  CreateThread

  WaitForSingleObject

  GetModuleFileNameA

  GetWindowsDirectoryA

  FindNextFileA

  ExitProcess

  FindFirstFileA

  MulDiv

  GetCommandLineW

  FreeLibrary

  TlsSetValue

  InitializeCriticalSectionAndSpinCount

  SetLastError

  GetLastError

  RtlUnwind

  RaiseException

  TerminateProcess

  EnterCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringEx

  GetStringTypeW

  GetCPInfo

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  GetStartupInfoW

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  InitializeSListHead

  user32

  CreateIconIndirect

  LoadIconW

  SetWindowsHookExW

  GetWindow

  GetWindowThreadProcessId

  GetDesktopWindow

  IntersectRect

  SetRect

  MapWindowPoints

  GetCursorPos

  MessageBeep

  MessageBoxW

  GetWindowTextLengthW

  SetForegroundWindow

  GetSystemMetrics

  TranslateAcceleratorW

  SetCapture

  GetKeyState

  GetFocus

  CharUpperW

  RegisterClipboardFormatW

  GetDlgItemInt

  SetDlgItemInt

  BringWindowToTop

  DeferWindowPos

  BeginDeferWindowPos

  SendNotifyMessageW

  RegisterWindowMessageW

  LoadIconA

  GetDC

  GetSysColor

  gdi32

  CreateSolidBrush

  CreatePatternBrush

  CreatePenIndirect

  CreateFontIndirectW

  CreateBitmap

  GetEnhMetaFileW

  GetStockObject

  advapi32

  RegCloseKey

  DeleteService

  shell32

  CommandLineToArgvW

  shlwapi

  PathFindExtensionA

  PathGetDriveNumberA

  StrToIntA

  PathAppendA

  PathFindOnPathA

  ord155

  PathFindSuffixArrayA

  Sections

  .text

  Size: 149KB - Virtual size: 149KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  e

  Size: 23KB - Virtual size: 22KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  f

  Size: - Virtual size: 616B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  3

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  s

  Size: 512B - Virtual size: 96B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 351KB - Virtual size: 351KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ