sample2[.]zip | Triage

Resubmissions

30/12/2022, 07:35

221230-je6cysfb76 8

29/12/2022, 16:00

221229-tfshladd74 8

Sharing

Copy URL Twitter E-mail

General

Target

sample2.zip
Size

1.1MB
MD5

2ba67a0a37e3a06ceb3e007c9adaff93
SHA1

15e8e26fc04c2b13e745ad7b36bb2c32a72951ee
SHA256

3fa1334811a714554c7d6c8d854a8a607fffb140b19d264b0ef75b34d8418e30
SHA512

6b0220b811f8deebd97eef214d6a262bea3efe44be6e31950b65252f64ad29610a4070224f568295ad9218cb62b02e9d635d9c025d94aa117a3a9a9a5772bb1d
SSDEEP

24576:6T2+yIlwHXMUGV2Xmq48JElvz83OwRqncE+/ZhlThOYZ6:6C+IH8Uo8JyvzFSG+/DFhlZ6

Score

N/A

Malware Config

Signatures

Files

sample2.zip
.zip
ACI Issuer.exe
.exe windows x86

dfd7d831cd8e1f7b24aa3868ace805bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

esvm40

EsExecuteImage
EsGetUPtr
EsInitializeImage
EsInitializeTargetInterface
EsLoadFileImage
EsMakeUnsignedInteger
EsNotifyOnPost
EsParseOptions
EsPrintf
EsReportError
EsSendMessage
EsSetGlobalHInstance
EsShutDownTargetInterface
EsShutdownImage
EsSplashShutDown
EsVMVersionString
EsVMpid

user32

BeginPaint
CallWindowProcA
CreateDialogParamA
DefWindowProcA
DestroyWindow
DispatchMessageA
EndPaint
GetDC
GetDlgItem
GetMessageA
GetSystemMetrics
GetWindowLongA
LoadImageA
MoveWindow
PostQuitMessage
PostThreadMessageA
ReleaseDC
SetWindowLongA
ShowWindow
UpdateWindow

gdi32

BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateHalftonePalette
CreatePalette
DeleteDC
DeleteObject
GetDIBColorTable
GetObjectA
RealizePalette
SelectObject
SelectPalette

kernel32

CloseHandle
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FindResourceA
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

comctl32

InitCommonControlsEx

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 254B

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ESVM40.DLL
.dll windows x86

9258e21496776f56e754af458ab65156

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:ba:25:41:ab:82:50:cb:d7:06:7f:c4:6e:69:b5:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/04/2018, 00:00

Not After

18/04/2020, 23:59

Subject

CN=Instantiations\, Inc.,O=Instantiations\, Inc.,L=Raleigh,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:6d:db:67:5e:5b:98:cd:a0:9f:27:73:5e:e6:61:04:29:83:c9:3a:54:7e:01:6b:10:13:b7:43:ae:9a:e9:1c
Signer

Actual PE Digest

e6:6d:db:67:5e:5b:98:cd:a0:9f:27:73:5e:e6:61:04:29:83:c9:3a:54:7e:01:6b:10:13:b7:43:ae:9a:e9:1c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Instantiations\, Inc.,O=Instantiations\, Inc.,L=Raleigh,ST=North Carolina,C=US

22/11/2019, 07:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerA
CharUpperA
ChildWindowFromPoint
CreateDialogParamA
CreateWindowExA
DefDlgProcA
DestroyWindow
DispatchMessageA
GetForegroundWindow
GetKeyState
GetMessageA
GetSystemMetrics
GetWindowRect
LoadCursorA
LoadIconA
LoadStringA
MessageBeep
MessageBoxA
MoveWindow
PostMessageA
PostThreadMessageA
PtInRect
RegisterClassA
SetForegroundWindow
SetWindowTextA
ShowWindow
WaitMessage
WindowFromPoint
wsprintfA

kernel32

AllocConsole
CloseHandle
CompareStringW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FindResourceA
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetFinalPathNameByHandleW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetPriorityClass
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MapViewOfFile
MapViewOfFileEx
MultiByteToWideChar
OpenFileMappingA
OpenMutexA
QueryPerformanceCounter
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpA
lstrcmpiA

gdi32

AngleArc
EnumFontFamiliesA
SetMiterLimit

Exports

Exports

EsAddCallback
EsAllObjectsDo
EsAllocateFixedObject
EsAllocateMemory
EsAllocateObject
EsBasicHash
EsBasicSize
EsCloseSharedLibrary
EsComputeMemorySizes
EsComputeNewMemorySizes
EsDaysFrom1901
EsEnumFontFamilies
EsExecuteImage
EsFileClose
EsFileOpen
EsFileRead
EsFileSeek
EsFileUnlink
EsFileWrite
EsFlushCache
EsFreeMemory
EsGGC
EsGetAlternateRSSegment
EsGetClass
EsGetDouble
EsGetI32
EsGetImageUserField
EsGetString
EsGetU32
EsGetUPtr
EsInitializeImage
EsInitializeTargetInterface
EsLinearToSelectorOffset
EsLoadFileImage
EsLogMemoryAllocationError
EsMakeDouble
EsMakeSignedInt64
EsMakeSignedInteger
EsMakeString
EsMakeUnsignedInt64
EsMakeUnsignedInteger
EsMessage
EsNewObjectsDo
EsNotifyOnPost
EsOpenSharedLibrary
EsParseOptions
EsPostAsyncMessage
EsPostAsyncMessageThruGlobal
EsPostNMI
EsPrintf
EsPrivateCall
EsPrivateIsCharacters
EsRememberObjectStore
EsRemoveCallback
EsReportError
EsReportWarning
EsScavenge
EsSelectorOffsetToLinear
EsSendMessage
EsSetGlobalHInstance
EsSetImageUserField
EsSharedLibraryLookupName
EsShutDownTargetInterface
EsShutdownImage
EsSplashPrintf
EsSplashShutDown
EsVMVersion
EsVMVersionString
EsVMpid
EsVerifyImage
EsVerifyMemorySpaces
EsVerifyVMSlots
bytecodesDo
pool_do
pool_kill
pool_new
pool_newElement
pool_nextDo
pool_numElements
pool_removeElement
pool_sortFree
pool_startDo

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 1024B - Virtual size: 579B

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dfd7d831cd8e1f7b24aa3868ace805bd

Headers

DLL Characteristics

File Characteristics

Imports

esvm40

user32

gdi32

kernel32

comctl32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 4B

.gfids Size: 512B - Virtual size: 188B

.voltbl Size: 512B - Virtual size: 254B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

9258e21496776f56e754af458ab65156

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

06:ba:25:41:ab:82:50:cb:d7:06:7f:c4:6e:69:b5:62Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

e6:6d:db:67:5e:5b:98:cd:a0:9f:27:73:5e:e6:61:04:29:83:c9:3a:54:7e:01:6b:10:13:b7:43:ae:9a:e9:1cSigner

Signature Validations

Verification

22/11/2019, 07:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 507KB - Virtual size: 507KB

.data Size: 30KB - Virtual size: 53KB

.00cfg Size: 512B - Virtual size: 4B

.eh_fram Size: 512B - Virtual size: 336B

.gfids Size: 512B - Virtual size: 468B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 1024B - Virtual size: 579B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 4B

.gfids
Size: 512B - Virtual size: 188B

.voltbl
Size: 512B - Virtual size: 254B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

06:ba:25:41:ab:82:50:cb:d7:06:7f:c4:6e:69:b5:62
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

e6:6d:db:67:5e:5b:98:cd:a0:9f:27:73:5e:e6:61:04:29:83:c9:3a:54:7e:01:6b:10:13:b7:43:ae:9a:e9:1c
Signer

22/11/2019, 07:30
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 507KB - Virtual size: 507KB

.data
Size: 30KB - Virtual size: 53KB

.00cfg
Size: 512B - Virtual size: 4B

.eh_fram
Size: 512B - Virtual size: 336B

.gfids
Size: 512B - Virtual size: 468B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 1024B - Virtual size: 579B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 78KB - Virtual size: 77KB