MDE_File_Sample_63e30941e8f5c4fbf3e8ddf320a353799c71566e[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_63e30941e8f5c4fbf3e8ddf320a353799c71566e.zip
Size

975KB
MD5

53a0c0739f94bee2f2d18d14b96c15e8
SHA1

0fd54aab344ea4c623550525316af84705f967e1
SHA256

0c23280b70fcdeb41a0d88af681f95c1b3806b335b415b5c302e9c4703f1f90f
SHA512

8b46ffcaa47af951189f84beda4a7ad3eab3cd02a0ea590b018fd3707a7431fffb1122fa00abfb8ede01890d1794042f4e479c437e0e3bcd29473f1b6fad4af2
SSDEEP

24576:gBoxmGll8fcHNjIhfufDoLl775L0WBCimbwLGP3W2car34ih:fll8fDfufDoByECRPVroE

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_63e30941e8f5c4fbf3e8ddf320a353799c71566e.zip
.zip

Password: infected
CCProxy.exe
.exe windows x86

Password: infected

5323003077a55548854b2026b960a179

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:d5:ca:f5:9a:3c:c6:44:c5:73:e1:3e:a0:89:2e:ab
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2015, 00:00

Not After

14/05/2018, 23:59

Subject

CN=Youngzsoft Co.\, Ltd.,OU=Software Development,O=Youngzsoft Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:97:3f:64:a8:d0:72:d6:9b:ba:17:f4:c2:9b:fb:16:24:4f:de:4a
Signer

Actual PE Digest

6c:97:3f:64:a8:d0:72:d6:9b:ba:17:f4:c2:9b:fb:16:24:4f:de:4a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Youngzsoft Co.\, Ltd.,OU=Software Development,O=Youngzsoft Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN

22/07/2016, 01:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketW
listen
shutdown
WSAGetLastError
bind
send
ntohs
socket
htons
setsockopt
getsockname
recvfrom
WSAAddressToStringW
WSAStartup
WSAAccept
WSARecvFrom
getsockopt
connect
WSAIoctl
accept
inet_addr
gethostbyname
ntohl
htonl
recv
sendto
select
closesocket
__WSAFDIsSet
inet_ntoa

kernel32

ResumeThread
SuspendThread
FileTimeToLocalFileTime
InterlockedExchange
CompareStringA
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
MoveFileW
GetStringTypeExW
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
GetShortPathNameW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesW
GetFileAttributesW
GetFileSizeEx
GetFileTime
FindResourceExW
GetCurrentDirectoryW
SetErrorMode
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
ExitProcess
VirtualAlloc
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
LCMapStringW
FatalAppExitA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
FormatMessageW
WTSGetActiveConsoleSessionId
SetThreadPriority
Process32FirstW
Process32NextW
OutputDebugStringW
DuplicateHandle
GetFileInformationByHandle
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
DeleteVolumeMountPointW
SetVolumeMountPointW
FindVolumeClose
GetVolumeInformationW
lstrlenA
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
GetCommandLineW
ReadFile
GetFileSize
GetSystemInfo
OpenProcess
ProcessIdToSessionId
SetEvent
CreateEventW
GetVersion
CreateFileW
WriteFile
GetPrivateProfileSectionA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetStartupInfoW
CreateProcessW
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
SetUnhandledExceptionFilter
GlobalLock
GlobalUnlock
FreeLibrary
GetWindowsDirectoryW
FileTimeToSystemTime
GetComputerNameW
WideCharToMultiByte
GetCurrentThread
GetProcessHeap
HeapAlloc
HeapFree
GetSystemDirectoryW
lstrcmpiW
LocalAlloc
LocalFree
GetTimeZoneInformation
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
TerminateThread
InterlockedIncrement
CreateThread
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcatW
CreateMutexW
CloseHandle
Sleep
GlobalAddAtomW
GlobalFindAtomW
GetCurrentProcess
GetTickCount
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetLastError
SetLastError
GlobalAlloc
GlobalFree
InterlockedDecrement
GetSystemTime
DeleteFileW
GetLocaleInfoW
MultiByteToWideChar
CreateDirectoryW
GetPrivateProfileIntW
lstrcpyW
CopyFileW
WritePrivateProfileStringW
GetVersionExW
EnterCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
GetLocalTime
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
VirtualProtect
GlobalSize
CreateToolhelp32Snapshot
MulDiv
InterlockedCompareExchange
SetFileTime

user32

InvalidateRgn
SetCapture
GetNextDlgGroupItem
MessageBeep
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
PostThreadMessageW
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
SetCursor
GetMessageW
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
WindowFromPoint
MapDialogRect
GetAsyncKeyState
MapVirtualKeyW
GetKeyNameTextW
GetMenuStringW
RemoveMenu
GetWindowThreadProcessId
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
CopyAcceleratorTableW
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowContextHelpId
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetClassInfoW
CreateDialogIndirectParamW
DestroyWindow
SetDlgItemTextW
InsertMenuW
SetMenu
RegisterDeviceNotificationW
UnregisterDeviceNotification
wsprintfW
GetWindow
ModifyMenuW
PeekMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
IsMenu
KillTimer
MessageBoxW
AppendMenuW
GetDC
ReleaseDC
PostQuitMessage
GetMenuItemID
EnableMenuItem
GetMenu
GetMenuItemCount
LoadMenuW
GetSubMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorPos
LoadBitmapW
UpdateWindow
MsgWaitForMultipleObjects
CharLowerW
FillRect
DefWindowProcW
LoadCursorW
RegisterClassW
RegisterHotKey
UnregisterHotKey
LoadIconW
IsWindowVisible
CharNextW
SetParent
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
ExitWindowsEx
SetWindowTextW
TranslateAcceleratorW
UnregisterClassW
DestroyIcon
DeleteMenu
CharUpperW
GetSysColorBrush
GetDialogBaseUnits
GetScrollRange
WaitMessage
GetSystemMenu
PostMessageW
PtInRect
DrawIcon
GetSystemMetrics
LoadImageW
FindWindowW
GetWindowLongW
IsIconic
ShowWindow
SetForegroundWindow
SetTimer
MoveWindow
GetWindowRect
ScreenToClient
GetDlgItem
IsWindow
GetClientRect
InvalidateRect
GetKeyState
EnableWindow
GetParent
SendMessageW
SetRect
UnionRect
IsRectEmpty
IsZoomed
SetRectEmpty
SystemParametersInfoW
CopyRect
DestroyMenu
GetWindowPlacement

gdi32

GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
PolyDraw
SetRectRgn
CombineRgn
GetMapMode
PtVisible
DPtoLP
EnumFontFamiliesExW
GetCharWidthW
CreateFontW
StretchDIBits
GetTextColor
GetRgnBox
CreateDIBPatternBrushPt
PlayMetaFileRecord
ExtSelectClipRgn
GetPixel
GetWindowExtEx
GetViewportExtEx
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
CreateBitmap
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
SelectPalette
DeleteDC
CreatePatternBrush
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetDeviceCaps
PolyBezierTo
StartDocW
PolylineTo
GetObjectW
BitBlt
SelectObject
TextOutW
CreateCompatibleDC
CreateCompatibleBitmap
GetBkColor
GetStockObject
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RectVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

CreateServiceW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
EnumServicesStatusW
QueryServiceConfigW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CreateProcessAsUserW
RegEnumKeyExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
DeleteService
RegCloseKey
StartServiceW
RegCreateKeyW
RegDeleteValueW
RegSetValueExW
OpenThreadToken
GetTokenInformation
LookupAccountSidW
ControlService
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW

shell32

DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconW
DragFinish
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
StrTrimW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoCreateInstance
CoUninitialize
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoGetClassObject
CoRegisterClassObject
OleDuplicateData
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject

oleaut32

VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarUdateFromDate
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
OleCreateFontIndirect
SysStringLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysAllocString
SysFreeString
SystemTimeToVariantTime
GetErrorInfo
SetErrorInfo
CreateErrorInfo

wsock32

getpeername
WSASetLastError
WSAAsyncSelect
WSACleanup

wininet

InternetOpenW
InternetConnectW
InternetGetLastResponseInfoW
InternetOpenUrlW
SetUrlCacheGroupAttributeW
FindFirstUrlCacheGroup
GetUrlCacheGroupAttributeW
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
GetUrlCacheEntryInfoW
InternetGetConnectedState
HttpOpenRequestW

iphlpapi

GetExtendedUdpTable
SendARP
GetAdaptersInfo
GetExtendedTcpTable

dnsapi

DnsFree
DnsQuery_W

imagehlp

MapFileAndCheckSumW

winhttp

WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpQueryHeaders

wtsapi32

WTSLogoffSession

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

crypt32

CryptUnprotectData
CryptProtectData

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 737KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5323003077a55548854b2026b960a179

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

72:d5:ca:f5:9a:3c:c6:44:c5:73:e1:3e:a0:89:2e:abCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6c:97:3f:64:a8:d0:72:d6:9b:ba:17:f4:c2:9b:fb:16:24:4f:de:4aSigner

Signature Validations

Verification

22/07/2016, 01:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

wininet

iphlpapi

dnsapi

imagehlp

winhttp

wtsapi32

setupapi

crypt32

psapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 22KB - Virtual size: 307KB

.rsrc Size: 737KB - Virtual size: 736KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

72:d5:ca:f5:9a:3c:c6:44:c5:73:e1:3e:a0:89:2e:ab
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6c:97:3f:64:a8:d0:72:d6:9b:ba:17:f4:c2:9b:fb:16:24:4f:de:4a
Signer

22/07/2016, 01:57
Valid: false

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 22KB - Virtual size: 307KB

.rsrc
Size: 737KB - Virtual size: 736KB