4e400e03c53b8ad9a99a5a733bd476590b45a30280231edea813240672ee73cb[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

4e400e03c53b8ad9a99a5a733bd476590b45a30280231edea813240672ee73cb.7z
Size

116KB
MD5

8059e14af4a5435fa9db10fd5e03cde8
SHA1

e3ac9e6d6e7fe40f48a6da31133963e90b053b56
SHA256

7a98c7d816b0f1a267c9dee83d1d48d5464530cd8cab5aa534c61d5ee5ff8a71
SHA512

39d1c30f6c38076f8d79707e8167586a3c42688b31d7b5c24197581cea175077cfc34e0d3b20b639517e525788d49b46f9bbcfde29de76e3a304bdb2ab143557
SSDEEP

3072:DB/vYb4O05CFRwrZz6/WWeySiNjOoE0w9op3IjYsFNJH5Z0:t/y10EF2rR6/WjiNCH0w4iLPJH5Z0

Score

N/A

Malware Config

Signatures

Files

4e400e03c53b8ad9a99a5a733bd476590b45a30280231edea813240672ee73cb.7z
.7z

Password: infected
4e400e03c53b8ad9a99a5a733bd476590b45a30280231edea813240672ee73cb
.exe windows x86

Password: infected

2481f304730138d08040e9b3ae65d04c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/09/2007, 00:00

Not After

31/10/2010, 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:d7:72:e2:78:35:66:a9:08:c9:b8:74:d2:e9:3c:70:6e:2b:ef:25
Signer

Actual PE Digest

2d:d7:72:e2:78:35:66:a9:08:c9:b8:74:d2:e9:3c:70:6e:2b:ef:25

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

20/01/2023, 15:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
select
getsockname
getpeername
ntohs
inet_addr
WSAStartup
inet_ntoa
shutdown
closesocket
listen
WSAGetLastError
htonl
htons
socket
accept
connect
gethostbyname
send
WSAAsyncSelect
WSAEventSelect
setsockopt
bind

comctl32

PropertySheetA
_TrackMouseEvent
CreatePropertySheetPageA

kernel32

GetStringTypeW
GetStringTypeA
SetFilePointer
VirtualQuery
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
GetACP
HeapSize
SetUnhandledExceptionFilter
TlsFree
HeapAlloc
HeapReAlloc
HeapFree
DeleteFileA
GetLocaleInfoA
SetStdHandle
ReadFile
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
MoveFileA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
RtlUnwind
GetTickCount
GetCurrentProcessId
SetEndOfFile
FreeConsole
AllocConsole
GetCurrentDirectoryA
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
Sleep
ResetEvent
GetLastError
GetModuleHandleA
CloseHandle
CompareStringA
CompareStringW
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsA
TlsSetValue
CreateThread
ResumeThread
GetCurrentThread
GetCurrentThreadId
TlsGetValue
WaitForSingleObject
TlsAlloc
SetEnvironmentVariableA
GlobalLock
GlobalFree
GlobalAlloc
GetModuleFileNameA
CreateFileA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForMultipleObjects
SetLastError
GlobalUnlock

user32

SetDlgItemTextA
EnableWindow
ToAscii
GetKeyboardState
PostMessageA
CallNextHookEx
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
SystemParametersInfoA
GetDesktopWindow
GetDC
ReleaseDC
SetClipboardViewer
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
SetClipboardData
EmptyClipboard
IsWindowVisible
DefWindowProcA
PostThreadMessageA
GetDlgItemTextA
EndDialog
MessageBeep
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
ShowWindow
AppendMenuA
GetSystemMenu
GetWindowLongA
GetUpdateRect
UpdateWindow
RemoveMenu
InsertMenuA
ModifyMenuA
CheckMenuItem
EnableMenuItem
MessageBoxA
SetWindowLongA
DestroyWindow
CreateDialogParamA
SendMessageA
GetDlgItem
UnregisterClassA
ShowCursor
SetScrollInfo
DialogBoxParamA
SetWindowPos
GetSystemMetrics
AdjustWindowRect
GetMessageA
TranslateMessage
LoadMenuA
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
PostQuitMessage
GetWindowTextA
CreateWindowExA
LoadImageA
RegisterClassA
BeginPaint
FillRect
EndPaint
GetClientRect
SetCursor
GetAsyncKeyState
GetCursorPos
TrackPopupMenu
GetWindowRect
InvalidateRect
ScrollWindowEx
KillTimer
SetTimer
SetWindowTextA
SetRect

gdi32

CreateCompatibleDC
GetObjectA
SelectObject
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateCompatibleBitmap
GetStockObject
BitBlt
SelectPalette
RealizePalette
ResizePalette
UnrealizeObject
SetPaletteEntries
DeleteObject
CreatePalette
GetDIBits

comdlg32

GetSaveFileNameA
CommDlgExtendedError

shell32

Shell_NotifyIconA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegNotifyChangeKeyValue
RegCreateKeyA

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2481f304730138d08040e9b3ae65d04c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3fCertificate

Extended Key Usages

Key Usages

2d:d7:72:e2:78:35:66:a9:08:c9:b8:74:d2:e9:3c:70:6e:2b:ef:25Signer

Signature Validations

Verification

20/01/2023, 15:38 Valid: false

Headers

File Characteristics

Imports

ws2_32

comctl32

kernel32

user32

gdi32

comdlg32

shell32

version

advapi32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 16KB - Virtual size: 15KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

2d:d7:72:e2:78:35:66:a9:08:c9:b8:74:d2:e9:3c:70:6e:2b:ef:25
Signer

20/01/2023, 15:38
Valid: false

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 16KB - Virtual size: 15KB