MDE_File_Sample_37c781b570d54277468f1873013d36d2b1d47652[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_37c781b570d54277468f1873013d36d2b1d47652.zip
Size

1.2MB
MD5

419ae73c1bfcaefb56da235b2650078d
SHA1

1dbd4b15a1f3f65cb45cf0ecd8513dc51e3e0a1c
SHA256

76fd7a65c858362c8306cb6ee3bd00731958d052b551c2b77241c118a3c2cd0c
SHA512

90058e5a2a8209db540647fa78bef53af2b38ee19bfbf6ab5c74ca6a64179bf18d86c127e538881d7a7ce331196dee7de763cdef2dc6c507deea5ed0b39e79ec
SSDEEP

24576:U20KfAw6kyEqSrpbAqXIXBO8dhC+Ert1/tDQfal+uNabe6xs:p0KfRHyDqpbAqXmv6h9gMRgs

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_37c781b570d54277468f1873013d36d2b1d47652.zip
.zip

Password: infected
serial_ip_pirogova_5_sezon_msetup_bguGk.exe
.exe windows x86

Password: infected

dd98fed965fe8ad82dcadea38689f06b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:f4:82:c5:06:32:ed:78:d8:7c:b3:c7
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2022, 07:59

Not After

18/06/2023, 07:59

Subject

SERIALNUMBER=1157847105272,CN=Monitor LLC,O=Monitor LLC,STREET=pr-kt Grazhdanskiy\, 22A of 610,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:26:b8:87:ab:19:23:6f:ed:45:10:02:a7:22:63:3a:5e:38:9b:2f:0a:4e:ba:5a:7f:fc:21:26:62:e0:d2:1d
Signer

Actual PE Digest

ce:26:b8:87:ab:19:23:6f:ed:45:10:02:a7:22:63:3a:5e:38:9b:2f:0a:4e:ba:5a:7f:fc:21:26:62:e0:d2:1d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=1157847105272,CN=Monitor LLC,O=Monitor LLC,STREET=pr-kt Grazhdanskiy\, 22A of 610,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

27/01/2023, 06:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

crypt32

CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptBinaryToStringA

ws2_32

closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
getaddrinfo
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
htonl
WSAEventSelect
WSAResetEvent
listen
ioctlsocket
freeaddrinfo
WSAWaitForMultipleEvents

normaliz

IdnToAscii

kernel32

GetModuleHandleW
GetProcAddress
FormatMessageW
HeapFree
GetProcessHeap
GetTickCount64
DeleteFileW
CreateFileW
GetFileSizeEx
SetFilePointer
SetEndOfFile
CloseHandle
WriteFile
CreateThread
WaitForSingleObject
WaitForMultipleObjects
MoveFileExW
GetExitCodeProcess
CreateEventW
SetEvent
ReadFile
HeapAlloc
LoadLibraryW
FreeLibrary
CreateDirectoryW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetLocalTime
GetCommandLineW
GetSystemTimeAsFileTime
IsWow64Process
GetCurrentProcess
GetDiskFreeSpaceExW
SizeofResource
GlobalLock
GlobalFree
GlobalUnlock
GetTickCount
CreateMutexW
ReleaseMutex
AllocConsole
GetStdHandle
LocalFree
GlobalMemoryStatusEx
GetSystemInfo
LocalAlloc
GetNativeSystemInfo
GetLocaleInfoA
GetVolumeInformationW
K32EnumDeviceDrivers
SetLastError
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
CreateFileA
LockResource
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
TlsAlloc
TlsGetValue
LoadResource
FindResourceW
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetLastError
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringEx
DecodePointer
EncodePointer
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
HeapSize
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FreeResource
GetFileAttributesExW
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
SetEnvironmentVariableW
GetStringTypeW
GlobalAlloc
WriteConsoleW

user32

LockWindowUpdate
GetSysColorBrush
SetCursorPos
GetCursorPos
ReleaseCapture
SetCapture
GetFocus
GetSystemMetrics
EndPaint
FrameRect
BeginPaint
GetDlgCtrlID
IsWindowEnabled
SetFocus
GetDC
ReleaseDC
ShowScrollBar
SetScrollInfo
SetScrollPos
DrawIconEx
MapDialogRect
CharLowerA
MonitorFromPoint
FillRect
KillTimer
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
GetSysColor
MoveWindow
ClientToScreen
SetForegroundWindow
UpdateWindow
ShowWindow
GetDlgItem
SendMessageW
RedrawWindow
OpenClipboard
EmptyClipboard
CloseClipboard
DrawTextW
SetClipboardData
SetWindowPos
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostMessageW
EnableWindow
SetWindowTextW
DefWindowProcW
GetWindowLongW
DestroyWindow
UnregisterClassW
SetWindowLongW
CreateWindowExW
GetDesktopWindow
RegisterClassExW
GetParent
MapWindowPoints
GetWindowRect
SetTimer
ShowCursor
SetCursor
DestroyCursor
LoadCursorW
CharUpperW
MessageBoxW
FindWindowW
SetClassLongW
PostQuitMessage
LoadIconW
DestroyIcon
FlashWindow
GetClientRect
EnumChildWindows

gdi32

DeleteDC
GetBkColor
SetBkMode
GetBkMode
SetBkColor
SetDCBrushColor
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
SetDIBits
BitBlt
StretchBlt
SetStretchBltMode
CreatePen
GetTextColor
SetTextColor
DeleteObject
CreateFontIndirectW
CreateSolidBrush
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject

advapi32

CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptAcquireContextA
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

SHGetPathFromIDListW
ord171
ShellExecuteW
CommandLineToArgvW
SHGetMalloc
ShellExecuteExW
SHBrowseForFolderW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW

comctl32

ord410
ord412
InitCommonControlsEx
ord413

gdiplus

GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipAlloc
GdipFree

winmm

timeKillEvent
timeSetEvent

msimg32

GradientFill

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 782KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dd98fed965fe8ad82dcadea38689f06b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

38:f4:82:c5:06:32:ed:78:d8:7c:b3:c7Certificate

Extended Key Usages

Key Usages

ce:26:b8:87:ab:19:23:6f:ed:45:10:02:a7:22:63:3a:5e:38:9b:2f:0a:4e:ba:5a:7f:fc:21:26:62:e0:d2:1dSigner

Signature Validations

Verification

27/01/2023, 06:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

crypt32

ws2_32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

version

shlwapi

comctl32

gdiplus

winmm

msimg32

Sections

.text Size: 607KB - Virtual size: 607KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 782KB - Virtual size: 781KB

.reloc Size: 31KB - Virtual size: 31KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

38:f4:82:c5:06:32:ed:78:d8:7c:b3:c7
Certificate

ce:26:b8:87:ab:19:23:6f:ed:45:10:02:a7:22:63:3a:5e:38:9b:2f:0a:4e:ba:5a:7f:fc:21:26:62:e0:d2:1d
Signer

27/01/2023, 06:57
Valid: false

.text
Size: 607KB - Virtual size: 607KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 782KB - Virtual size: 781KB

.reloc
Size: 31KB - Virtual size: 31KB