8640176211[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8640176211.zip
Size

1.1MB
MD5

32d10775cc169c0fa6ca2cb1ec7bcf2e
SHA1

ee4a289de41c46ea822e1b91d9cec9e0057ea6be
SHA256

8b29f8b39c69fe78343e6e8ee925d11240e9e0b16179e24c2bc4ab19f6fa803d
SHA512

60b791c9118987f3b0061f3dde04b1bf36de5be9f33dde966c2eaf1fda8113f7a0f73c27e90c22c63d483d550bf9b004ebb1d47bcb247fbb685cfb2501bb417b
SSDEEP

24576:q7kUUKbDIO5VqLGPV48wiL/M8oZDMaAkuPtzZjAIWojb1+GTnd2:qorwri6dJ08eNAkuPtzLjb1+y2

Score

N/A

Malware Config

Signatures

Files

8640176211.zip
.zip

Password: infected
2cd5b918318897c9b7c2b636dd58e37a8d67cc7b416bbecdfc9c85ba13e7971c
.exe windows x64

Password: infected

5b9ce91b60292b4c7daf1312dcb34dcf

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:64:39:11:b7:b6:d9:36:76:fd:27:44:30:85:24:3b:7b:e9:b9:9b:dc:1e:66:b9:5c:6c:c1:85:83:9b:4f:bf
Signer

Actual PE Digest

34:64:39:11:b7:b6:d9:36:76:fd:27:44:30:85:24:3b:7b:e9:b9:9b:dc:1e:66:b9:5c:6c:c1:85:83:9b:4f:bf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:51
Valid: false

bb:f0:40:3f:c7:d8:1a:cc:a5:88:94:b4:ea:90:a3:81:ac:56:e0:94
Signer

Actual PE Digest

bb:f0:40:3f:c7:d8:1a:cc:a5:88:94:b4:ea:90:a3:81:ac:56:e0:94

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

01/12/2020, 07:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
PsGetProcessImageFileName
PsLookupProcessByProcessId
RtlInitUnicodeString
RtlCheckRegistryKey
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
tolower
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
PsTerminateSystemThread
RtlRandomEx
KeQueryTimeIncrement
ZwClose
RtlAppendUnicodeStringToString
RtlFreeAnsiString
ZwOpenProcess
ZwQueryInformationProcess
RtlCopyUnicodeString
ObfDereferenceObject
ZwOpenFile
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
RtlGetVersion
IoDeleteSymbolicLink
IoRegisterShutdownNotification
ProbeForRead
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
KeUnstackDetachProcess
IoUnregisterShutdownNotification
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
wcsncmp
KeStackAttachProcess
PsSetCreateThreadNotifyRoutine
ZwQuerySystemInformation
ExAllocatePool
MmIsAddressValid
_strnicmp
ZwCreateKey
_wcsnicmp
ZwReadFile
ZwDeleteValueKey
ZwSetValueKey
RtlWriteRegistryValue
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
KeDetachProcess
ZwWaitForSingleObject
RtlImageNtHeader
ZwAllocateVirtualMemory
KeBugCheckEx
ExAllocatePoolWithTag
IoDeleteDevice
towlower
__C_specific_handler

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 48.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

W0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5b9ce91b60292b4c7daf1312dcb34dcf

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bcCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

34:64:39:11:b7:b6:d9:36:76:fd:27:44:30:85:24:3b:7b:e9:b9:9b:dc:1e:66:b9:5c:6c:c1:85:83:9b:4f:bfSigner

Signature Validations

Verification

15/12/2022, 13:51 Valid: false

bb:f0:40:3f:c7:d8:1a:cc:a5:88:94:b4:ea:90:a3:81:ac:56:e0:94Signer

Signature Validations

Verification

01/12/2020, 07:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 48.4MB

.pdata Size: 1024B - Virtual size: 948B

INIT Size: 2KB - Virtual size: 2KB

W0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 512B - Virtual size: 160B

.rsrc Size: 1024B - Virtual size: 732B

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

34:64:39:11:b7:b6:d9:36:76:fd:27:44:30:85:24:3b:7b:e9:b9:9b:dc:1e:66:b9:5c:6c:c1:85:83:9b:4f:bf
Signer

15/12/2022, 13:51
Valid: false

bb:f0:40:3f:c7:d8:1a:cc:a5:88:94:b4:ea:90:a3:81:ac:56:e0:94
Signer

01/12/2020, 07:22
Valid: false

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 48.4MB

.pdata
Size: 1024B - Virtual size: 948B

INIT
Size: 2KB - Virtual size: 2KB

W0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 160B

.rsrc
Size: 1024B - Virtual size: 732B