9000176228[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9000176228.zip
Size

2.9MB
MD5

bb48d930ba07275f8b1f3691367d9331
SHA1

50eb52de7df51ac2a32e1644ff4d16c61e1c4bdc
SHA256

a243804d986be413b8bc27586bae09538a684447005a32d1a87d6dee0fcc6034
SHA512

b471f5c6ec19d4fb297b6fe2a0c3ea3e9388848239d21695aa4d8c0c9c1f244f680fd573497392ef465515ef8c854eb2ac202f18f3b9d7a0a67d99891b50691b
SSDEEP

49152:vYuFu+oG8tnpN/Vyz0C5yWHdvd8wLafNmfrOPOBJFGSG2Km6H2awBcs002uNc5+u:gEu+oG+npN/84CoWxdsf8T6OBfGTJVaS

Score

N/A

Malware Config

Signatures

Files

9000176228.zip
.zip

Password: infected
93773a2a36c041959e20ce9b4c5d1451058b1ba4a3b0bc40ae2293bea1f452b3
.exe windows x86

2d17d82ea08a4f178a6a3360e43ce5fd

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:d0:a7:d2:fa:e6:f1:1a:dd:74:60:33:61:26:52:1a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26/03/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Chongqing Zhongcheng Network Technology Co. Ltd.,O=Chongqing Zhongcheng Network Technology Co. Ltd.,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:44:e8:08:3e:ac:6c:5f:92:f8:b3:67:dd:42:01:89:1b:ab:c6:56:f7:e3:c5:48:b9:5c:c9:65:7b:b1:ac:1c
Signer

Actual PE Digest

3c:44:e8:08:3e:ac:6c:5f:92:f8:b3:67:dd:42:01:89:1b:ab:c6:56:f7:e3:c5:48:b9:5c:c9:65:7b:b1:ac:1c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Chongqing Zhongcheng Network Technology Co. Ltd.,O=Chongqing Zhongcheng Network Technology Co. Ltd.,ST=重庆市,C=CN

05/01/2023, 08:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFolderPathW
SHGetFolderLocation
CommandLineToArgvW

shlwapi

UrlIsW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathIsFileSpecW
PathAddExtensionW
PathRenameExtensionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

HeapSize
HeapQueryInformation
SetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
VirtualQuery
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
CreateMutexW
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
GetUserDefaultLangID
GetLocalTime
OpenMutexW
LoadLibraryExA
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
MoveFileExW
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
SearchPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
SetErrorMode
SetFileAttributesW
GetFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
GlobalGetAtomNameW
FileTimeToSystemTime
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalFlags
GetThreadLocale
lstrcmpiW
UnlockFile
SetFilePointer
LockFile
GetVolumeInformationW
GetFileSize
FlushFileBuffers
CopyFileW
FormatMessageW
GlobalSize
GlobalFindAtomW
LoadLibraryA
DecodePointer
EncodePointer
RaiseException
GetModuleHandleA
OutputDebugStringA
lstrcpyW
SetDllDirectoryW
SetThreadPriority
FreeResource
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThread
InterlockedExchange
GetVersion
GetFileType
GetEnvironmentVariableW
GetStdHandle
GetExitCodeThread
GetFileSizeEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindNextFileW
FindFirstFileW
GetFileAttributesW
RemoveDirectoryW
GetTempPathW
FindClose
SetFilePointerEx
SetEndOfFile
lstrlenW
DisconnectNamedPipe
GetOverlappedResult
ReadFile
CreateNamedPipeW
ConnectNamedPipe
TerminateThread
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
ResumeThread
WriteProcessMemory
DeleteFileW
GetWindowsDirectoryW
DuplicateHandle
VirtualProtectEx
FlushInstructionCache
GetModuleFileNameW
GetSystemDirectoryW
CreateProcessW
SetThreadContext
GetThreadContext
ExitProcess
Sleep
GetTickCount
GetDiskFreeSpaceExW
SetLastError
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
LocalFree
GetCurrentProcessId
LocalAlloc
GetVersionExW
OpenProcess
GetCurrentProcess
FreeLibrary
GetFullPathNameW
CreateThread
CloseHandle
WaitForMultipleObjects
CreateEventW
GlobalFree
MultiByteToWideChar
CreateFileW
WriteFile
SetEvent
WaitForSingleObject
GetCurrentThreadId
LockResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceW
GetProcAddress
GetLastError
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetModuleHandleW
GetSystemWindowsDirectoryW
IsValidLocale

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
RoundRect
OffsetRgn
SetDIBColorTable
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
CreateDIBSection
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
DPtoLP
SetRectRgn
GetMapMode
GetTextMetricsW
GetRgnBox
GetTextColor
GetBkColor
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreatePatternBrush
CreateHatchBrush
CreateBitmap
GetStockObject
SetPixel
CreateCompatibleBitmap
BitBlt
SetTextColor
DeleteDC
CreateFontIndirectW
GetDeviceCaps
StretchBlt
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
SetMapMode
Rectangle
CreateRectRgn
CreatePen
SetViewportExtEx

advapi32

OpenServiceW
OpenProcessToken
CreateWellKnownSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
SetEntriesInAclW
QueryServiceStatusEx
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
ConvertSidToStringSidW
LookupAccountSidW
CreateProcessAsUserW
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
CheckTokenMembership
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
RegQueryValueExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ole32

CoCreateInstance
CoCreateGuid
StgCreateDocfileOnILockBytes
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
OleCreateMenuDescriptor
OleLockRunning
StgOpenStorageOnILockBytes
DoDragDrop
OleRun
CoInitializeEx
StringFromGUID2
CoRegisterMessageFilter
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
CoRevokeClassObject
OleUninitialize
CreateILockBytesOnHGlobal
OleInitialize
CoFreeUnusedLibraries
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
CoDisconnectObject
OleDestroyMenuDescriptor
CLSIDFromProgID
CoInitialize
CLSIDFromString

oleaut32

SafeArrayUnaccessData
VarBstrFromDate
LoadTypeLi
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
GetErrorInfo
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
VariantChangeType
VariantCopy
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString

gdiplus

GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipLoadImageFromStream
GdiplusStartup
GdipReleaseDC
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipFree
GdipDrawImageRectRect
GdiplusShutdown
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipDrawImageI

Exports

Exports

_CreateProcessWithTokenW@36

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2d17d82ea08a4f178a6a3360e43ce5fd

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:d0:a7:d2:fa:e6:f1:1a:dd:74:60:33:61:26:52:1aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

3c:44:e8:08:3e:ac:6c:5f:92:f8:b3:67:dd:42:01:89:1b:ab:c6:56:f7:e3:c5:48:b9:5c:c9:65:7b:b1:ac:1cSigner

Signature Validations

Verification

05/01/2023, 08:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

userenv

kernel32

gdi32

advapi32

comctl32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 560KB - Virtual size: 560KB

.data Size: 31KB - Virtual size: 65KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 491KB - Virtual size: 490KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:d0:a7:d2:fa:e6:f1:1a:dd:74:60:33:61:26:52:1a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

3c:44:e8:08:3e:ac:6c:5f:92:f8:b3:67:dd:42:01:89:1b:ab:c6:56:f7:e3:c5:48:b9:5c:c9:65:7b:b1:ac:1c
Signer

05/01/2023, 08:52
Valid: false

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 560KB - Virtual size: 560KB

.data
Size: 31KB - Virtual size: 65KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 491KB - Virtual size: 490KB