b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.zip
Size

1.1MB
MD5

1fa2b0b9d61c7cc6280453c97ce6c57b
SHA1

97d38049d7b34253668a1478359ca7da7c7ae45d
SHA256

d9ec38eb3969f4f066c8864631262547b90c1bb1653a2da964310b2ec0160c9c
SHA512

59ef575eb0f6f2d46b3ff9c01dde441be1ab20bf727337c17866d85fa50f05dc898e5856dc9b5306d8aa677ac310f043ca5f720b56822805ebb9a87aeded74ae
SSDEEP

24576:TPhPyF4NWu1KuuVfVL4zRB5tNVrtfrINd0OfaecswEd9pNXRzKvfuS08mHubpP60:TJPyF4Nr1XqtL+RBNRVry5cFs93pSfx5

Score

N/A

Malware Config

Signatures

Files

b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.zip
.zip

Password: infected
b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.exe
.exe windows x86

Password: infected

146d746009a5802d63756b726117930a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:d7:11:c6:ef:85:d0:0e:44:33:6f:af:77:3e:3d:0d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29-12-2021 00:00

Not After

29-12-2022 23:59

Subject

CN=Express Track s.r.o.,O=Express Track s.r.o.,ST=Praha\, Hlavní město,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:00:ca:14:ca:f9:6d:9d:d4:f4:a9:53:22:2b:7f:3d:c9:ec:36:0c:ff:2a:5d:ac:ee:33:de:9f:fe:d2:b2:c9
Signer

Actual PE Digest

08:00:ca:14:ca:f9:6d:9d:d4:f4:a9:53:22:2b:7f:3d:c9:ec:36:0c:ff:2a:5d:ac:ee:33:de:9f:fe:d2:b2:c9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Express Track s.r.o.,O=Express Track s.r.o.,ST=Praha\, Hlavní město,C=CZ

24-11-2022 14:54
Valid: true

Chain 1

CN=Express Track s.r.o.,O=Express Track s.r.o.,ST=Praha\, Hlavní město,C=CZ

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetCommandLineA
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CompareFileTime
CreateDirectoryW
CreateFileA
CreateFileW
FindFirstFileW
GetFileAttributesA
GetFileAttributesW
SetFileAttributesW
SetUnhandledExceptionFilter
SetErrorMode
ConnectNamedPipe
QueryPerformanceCounter
DeviceIoControl
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
OpenMutexW
OpenSemaphoreW
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
GetThreadContext
GetSystemInfo
GetLocalTime
GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryW
VirtualProtect
ReadProcessMemory
CreateFileMappingW
FindResourceExW
GetModuleHandleA
GetModuleHandleW
LoadResource
FindResourceW
LoadLibraryA
LoadLibraryW
GlobalAlloc
LocalAlloc
SetHandleCount
GetStdHandle
lstrlenA
lstrlenW
MoveFileW
IsBadWritePtr
SystemTimeToFileTime
GetConsoleCP
GetConsoleOutputCP
ReadConsoleW
WriteConsoleA
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
FlushFileBuffers
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetEndOfFile
HeapAlloc
HeapFree
WriteFile
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
VirtualAllocEx
VirtualAlloc
GetTickCount64
CreateThread
WaitForSingleObject
GetModuleFileNameA
GetWindowsDirectoryA
FindNextFileA
ExitProcess
FindFirstFileA
MulDiv
GetCommandLineW
FreeLibrary
TlsSetValue
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RtlUnwind
RaiseException
TerminateProcess
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead

user32

CreateIconIndirect
LoadIconW
SetWindowsHookExW
GetWindow
GetWindowThreadProcessId
GetDesktopWindow
IntersectRect
SetRect
MapWindowPoints
GetCursorPos
MessageBeep
MessageBoxW
GetWindowTextLengthW
SetForegroundWindow
GetSystemMetrics
TranslateAcceleratorW
SetCapture
GetKeyState
GetFocus
CharUpperW
RegisterClipboardFormatW
GetDlgItemInt
SetDlgItemInt
BringWindowToTop
DeferWindowPos
BeginDeferWindowPos
SendNotifyMessageW
RegisterWindowMessageW
LoadIconA
GetDC
GetSysColor

gdi32

CreateSolidBrush
CreatePatternBrush
CreatePenIndirect
CreateFontIndirectW
CreateBitmap
GetEnhMetaFileW
GetStockObject

advapi32

RegCloseKey
DeleteService

shell32

CommandLineToArgvW

shlwapi

PathFindExtensionA
PathGetDriveNumberA
StrToIntA
PathAppendA
PathFindOnPathA
ord155
PathFindSuffixArrayA

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

e
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

f
Size: - Virtual size: 616B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

3
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

s
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

146d746009a5802d63756b726117930a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

68:d7:11:c6:ef:85:d0:0e:44:33:6f:af:77:3e:3d:0dCertificate

Extended Key Usages

Key Usages

08:00:ca:14:ca:f9:6d:9d:d4:f4:a9:53:22:2b:7f:3d:c9:ec:36:0c:ff:2a:5d:ac:ee:33:de:9f:fe:d2:b2:c9Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 149KB - Virtual size: 149KB

e Size: 23KB - Virtual size: 22KB

f Size: - Virtual size: 616B

.data Size: 1.1MB - Virtual size: 1.1MB

.idata Size: 5KB - Virtual size: 4KB

3 Size: 512B - Virtual size: 1B

s Size: 512B - Virtual size: 96B

.rsrc Size: 351KB - Virtual size: 351KB

.reloc Size: 9KB - Virtual size: 8KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

68:d7:11:c6:ef:85:d0:0e:44:33:6f:af:77:3e:3d:0d
Certificate

08:00:ca:14:ca:f9:6d:9d:d4:f4:a9:53:22:2b:7f:3d:c9:ec:36:0c:ff:2a:5d:ac:ee:33:de:9f:fe:d2:b2:c9
Signer

24-11-2022 14:54
Valid: true

.text
Size: 149KB - Virtual size: 149KB

e
Size: 23KB - Virtual size: 22KB

f
Size: - Virtual size: 616B

.data
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 5KB - Virtual size: 4KB

3
Size: 512B - Virtual size: 1B

s
Size: 512B - Virtual size: 96B

.rsrc
Size: 351KB - Virtual size: 351KB

.reloc
Size: 9KB - Virtual size: 8KB