t[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

t.zip
Size

264KB
MD5

3c3458fa987a02e8828ba3be85ecfb25
SHA1

8644748ea6189430b334bf6816e5ba01ea2c74de
SHA256

721ff308a706259c674adbd7c1606f5d5636674dc372ab739f1224e0be06184a
SHA512

e642de12271a7d69c4ddbfe5f960831d7ab65d0ed20b68bd810d25777817a945f06a67aca067734b900b4da9fc6237d7a9fce880bce2b3387c561bd5367ce1f3
SSDEEP

6144:/OZ9JTnmx8HSipHM7sQVNHaBcjjPPy/kAWB6C9ogmWrmSjOGAHaEhen:mZ9J6xVlVNHOKDPKkAKogvrQGgaEy

Score

1^/10

Malware Config

Signatures

Files

t.zip
.zip
t/SmadHook32.dll
.dll windows x86

04806a1eaf4e8de6f0935e3aabe9b8bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetFileSize
lstrcatA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW

Exports

Exports

StartProtect

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t/Smadav.dat
t/Smadav.exe
.exe windows x86

943bbe3653a0f79777334b7e7c9a8109

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:22:d5:c7:76:2e:5c:d0:51:e0:58:3a:fa:f6:a8:c8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-05-2017 00:00

Not After

01-05-2018 12:00

Subject

CN=Zainuddin Nafarin,O=Zainuddin Nafarin,L=Palangkaraya,ST=Central Kalimantan,C=ID

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:8a:e6:d2:30:7d:b6:64:a8:1f:94:23:d7:8e:f8:05:07:d6:d7:00
Signer

Actual PE Digest

60:8a:e6:d2:30:7d:b6:64:a8:1f:94:23:d7:8e:f8:05:07:d6:d7:00

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Zainuddin Nafarin,O=Zainuddin Nafarin,L=Palangkaraya,ST=Central Kalimantan,C=ID

08-06-2017 16:21
Valid: true

Chain 1

CN=Zainuddin Nafarin,O=Zainuddin Nafarin,L=Palangkaraya,ST=Central Kalimantan,C=ID

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
FlushFileBuffers
CloseHandle
CreateFileA
HeapSize
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

DialogBoxParamW
LoadIconW
GetWindowLongW
SetWindowLongW
EndDialog
SetWindowPos
ShowWindow
SendMessageW

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
t/setupres.dll
.dll windows x86

3430e4c5b363c903b341c71cfb360910

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoInitialize
IIDFromString
CoGetObject
StringFromGUID2

kernel32

TlsGetValue
CloseHandle
CreateFileW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetLastError
SetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
SetStdHandle
WriteConsoleW
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW

Exports

Exports

_Main@16

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04806a1eaf4e8de6f0935e3aabe9b8bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 5KB - Virtual size: 4KB

943bbe3653a0f79777334b7e7c9a8109

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:22:d5:c7:76:2e:5c:d0:51:e0:58:3a:fa:f6:a8:c8Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

60:8a:e6:d2:30:7d:b6:64:a8:1f:94:23:d7:8e:f8:05:07:d6:d7:00Signer

Signature Validations

Verification

08-06-2017 16:21 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 20KB - Virtual size: 20KB

3430e4c5b363c903b341c71cfb360910

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 5KB - Virtual size: 4KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:22:d5:c7:76:2e:5c:d0:51:e0:58:3a:fa:f6:a8:c8
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

60:8a:e6:d2:30:7d:b6:64:a8:1f:94:23:d7:8e:f8:05:07:d6:d7:00
Signer

08-06-2017 16:21
Valid: true

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB