アーカイブ[.]zip

Resubmissions

09-02-2023 02:28

230209-cyewsaga48 10

09-02-2023 02:18

230209-crm9ksff67 10

Sharing

Copy URL

Twitter E-mail

General

Target

アーカイブ.zip
Size

407KB
MD5

a485068b0daccf32769e755e5a9393f6
SHA1

3e2af52c587b32f8fc7765fed0e2aaf169aec7d9
SHA256

e3fba6f1efac5f32c35baf0337c0b951bae84fd5e8e71708405d59610b5de19e
SHA512

ec761ddc3fa070925ca7727a71808c9ee515f9924bcb3f61d6a3e2fad84f5714212a0fc43d2470a9607ab42a98a40b9f994220690a653dca1bf76a9fe4aae55c
SSDEEP

12288:tGZTuOENdG2UIh21dHxp03+HPU9Ar5qRrRDhSQ:cuzodRakPw4qdBj

Score

1^/10

Malware Config

Signatures

Files

アーカイブ.zip
.zip
__MACOSX/._c75f4e1fd464e21826c37e5abf7fed93b48c721625f700f49aa71cbce377ee8a-1.exe
__MACOSX/._entomology.srt
c75f4e1fd464e21826c37e5abf7fed93b48c721625f700f49aa71cbce377ee8a-1.exe
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

Sections

.traneen
Size: 6KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uvid
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jerez
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.spirity
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.astroph
Size: 6KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.interwo
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pregeol
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrabu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.moniker
Size: 5KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.blazy
Size: 5KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.medical
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stylele
Size: 5KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
entomology.srt
.dll windows x86

c56ea0f36b0a72751d5902f37565311d

Code Sign

2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27
Certificate

Issuer

CN=YIYEBWXQHAHXTYLOTE

Not Before

14-06-2020 19:26

Not After

31-12-2039 23:59

Subject

CN=YIYEBWXQHAHXTYLOTE

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4d:8e:b1:3e:6d:ab:31:88:ff:4c:9e:67:f2:ef:ae:c9:0a:a9:52:04
Signer

Actual PE Digest

4d:8e:b1:3e:6d:ab:31:88:ff:4c:9e:67:f2:ef:ae:c9:0a:a9:52:04

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YIYEBWXQHAHXTYLOTE

07-02-2023 20:48
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetTickCount
RtlUnwind
Sleep
ExitProcess
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
VirtualFree
HeapCreate
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetLastError
lstrcmpW
GetModuleHandleA
GetVersionExA
GetProcessHeap
HeapAlloc
FreeResource
GlobalFree
CreateEventA
ResumeThread
SetEvent
lstrlenA
MultiByteToWideChar
MulDiv
DeleteFileA
lstrcpyA
CreateProcessA
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForSingleObject
GetWindowsDirectoryA
GetPrivateProfileStringA
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
WideCharToMultiByte
GetCurrentProcessId
OpenProcess
GetExitCodeProcess
TerminateProcess
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
SetCurrentDirectoryA
SetLastError
FindFirstFileA
FindClose
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
LCMapStringW
CreateDirectoryA

user32

LoadIconA

gdi32

GetStockObject
EndPage
GetLayout
GetDCBrushColor
GetROP2
FillPath
GetFontLanguageInfo
EndPath
GetTextColor
GetEnhMetaFileW

advapi32

RegOpenKeyA
RegQueryValueExW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.traneen Size: 6KB - Virtual size: 68KB

.uvid Size: 4KB - Virtual size: 67KB

.jerez Size: 4KB - Virtual size: 3KB

.spirity Size: 6KB - Virtual size: 5KB

.astroph Size: 6KB - Virtual size: 68KB

.interwo Size: 6KB - Virtual size: 6KB

.pregeol Size: 6KB - Virtual size: 5KB

.extrabu Size: 4KB - Virtual size: 3KB

.moniker Size: 5KB - Virtual size: 68KB

.blazy Size: 5KB - Virtual size: 67KB

.medical Size: 4KB - Virtual size: 4KB

.stylele Size: 5KB - Virtual size: 67KB

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 512B - Virtual size: 280B

.data Size: 264KB - Virtual size: 326KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 7KB - Virtual size: 6KB

c56ea0f36b0a72751d5902f37565311d

Code Sign

2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

4d:8e:b1:3e:6d:ab:31:88:ff:4c:9e:67:f2:ef:ae:c9:0a:a9:52:04Signer

Signature Validations

Verification

07-02-2023 20:48 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 512B - Virtual size: 103B

.data Size: 171KB - Virtual size: 171KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 628B

.traneen
Size: 6KB - Virtual size: 68KB

.uvid
Size: 4KB - Virtual size: 67KB

.jerez
Size: 4KB - Virtual size: 3KB

.spirity
Size: 6KB - Virtual size: 5KB

.astroph
Size: 6KB - Virtual size: 68KB

.interwo
Size: 6KB - Virtual size: 6KB

.pregeol
Size: 6KB - Virtual size: 5KB

.extrabu
Size: 4KB - Virtual size: 3KB

.moniker
Size: 5KB - Virtual size: 68KB

.blazy
Size: 5KB - Virtual size: 67KB

.medical
Size: 4KB - Virtual size: 4KB

.stylele
Size: 5KB - Virtual size: 67KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 512B - Virtual size: 280B

.data
Size: 264KB - Virtual size: 326KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 6KB

2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

4d:8e:b1:3e:6d:ab:31:88:ff:4c:9e:67:f2:ef:ae:c9:0a:a9:52:04
Signer

07-02-2023 20:48
Valid: false

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 512B - Virtual size: 103B

.data
Size: 171KB - Virtual size: 171KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 628B