File_pass1234[.]zip

Resubmissions

02/03/2023, 15:36

230302-s13cvsdb2x 10

02/03/2023, 14:00

230302-ra5vmacg9y 10

Sharing

Copy URL Twitter E-mail

General

Target

File_pass1234.zip
Size

6.2MB
MD5

af9510efee19900c3171e98e72829c02
SHA1

cf3398a0fe1731b5afde7adfa6082c513211f437
SHA256

4072861d04196482855d98a25ba69c77da6fa9b16117f5dc061b330bd11418cc
SHA512

3977b4640ac6e0874c947da5229aa5e25e328e616e8b46ba577de4b70b028399c94befd8ebd0c9a6a164faedee352882a3b00819da4da22ce771fd3f73f0494e
SSDEEP

98304:7tw9D0r17x1TEPh/VZeN9LVhczP6aeqHi8NICPwPM43QT2DOr5C2oAgf:7tU04PvZ89PzbvDTWUhf

Score

1^/10

Malware Config

Signatures

Files

File_pass1234.zip
.zip

Password: 1234
Install.exe
.exe windows x86

Password: 1234

20fcca9c4f6d6a96b55e9305c9ac59ff

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

Issuer

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

Not Before

27/02/2023, 19:26

Not After

28/02/2033, 19:26

Subject

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:8c:4a:44:e7:d7:b3:f2:e1:1f:f4:1c:cf:a2:e5:dc:2e:22:89:b4:f0:48:90:76:1d:3b:cf:ec:13:6b:87:f0
Signer

Actual PE Digest

0b:8c:4a:44:e7:d7:b3:f2:e1:1f:f4:1c:cf:a2:e5:dc:2e:22:89:b4:f0:48:90:76:1d:3b:cf:ec:13:6b:87:f0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

27/02/2023, 09:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
lstrlenA
lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
Sleep
GetModuleHandleExA
GetFileAttributesA
GetBinaryTypeA
QueryFullProcessImageNameA
GetSystemDirectoryA
GlobalAlloc
lstrcpyA
SetFileAttributesA
VerSetConditionMask
WideCharToMultiByte
VerifyVersionInfoW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcAddress
lstrcpynA
GetProcessHeap
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
FindClose
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WriteConsoleW
CloseHandle
CreateFileA
GetLastError
CreateFileW
SetFilePointer
WriteFile
UnlockFileEx
ReadFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
SetFilePointerEx
GetFileInformationByHandleEx
QueryPerformanceFrequency
LCMapStringEx
EncodePointer
DecodePointer
GetCPInfo
GetStringTypeW
SetLastError
GetThreadTimes
GetCurrentThread
InterlockedPushEntrySList
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
IsValidCodePage
VirtualQuery
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp%_%-
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp%_%-
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
prnfldr.dll
.dll regsvr32 windows x86

Password: 1234

10c64957194e6ae79c80652183d62334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
_except_handler4_common
??1type_info@@UAE@XZ
_lock
free
??1exception@@UAE@XZ
_unlock
memmove
__dllonexit
_CxxThrowException
_onexit
memcmp
?what@exception@@UBEPBDXZ
_purecall
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
_wtoi
_vsnwprintf
wcschr
??3@YAXPAX@Z
_wcsicmp
memcpy
memset

oleaut32

SysAllocString
VariantClear
SysFreeString
SysStringLen
VariantCopy
SysAllocStringLen
VariantInit

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
InitializeSRWLock
DeleteCriticalSection
SetEvent
LeaveCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
InitializeCriticalSection
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LoadStringW
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
LoadStringA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
InitOnceExecuteOnce
WakeAllConditionVariable

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-com-l1-1-0

CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CLSIDFromProgID

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-path-l1-1-0

PathIsUNCEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ole32

ReleaseStgMedium
CreateBindCtx

gdi32

DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleDC

user32

SetMenuInfo
SendNotifyMessageW
GetAncestor
ReleaseDC
GetDC
GetMenuItemCount
RegisterClipboardFormatW
DestroyMenu
PostMessageW
SetForegroundWindow
GetSubMenu
LoadMenuW
RemoveMenu
SetMenuDefaultItem
SetMenuItemInfoW
DeleteMenu
GetMenuItemInfoW
DestroyIcon
GetSystemMetrics
GetMenuInfo
TrackPopupMenuEx

shell32

ord256
ord67
ShellExecuteExW
SHCreateDefaultContextMenu
AssocGetDetailsOfPropKey
ord19
ord100
ord155
SHGetIconOverlayIndexW
SHChangeNotify
ord25
ord18
SHGetKnownFolderIDList
SHCreateShellItemArrayFromIDLists
ShellExecuteW
SHCreateDataObject
ord102
SHBindToParent
ord147
SHBindToObject
ord190
SHGetFolderLocation
ord744
ord76
ord237
ord702
SHCreateDefaultExtractIcon
ord264
ord69
ord172
ord866

ntdll

NtQueryInformationToken
WinSqmAddToStream
WinSqmIncrementDWORD

shlwapi

ord437
ord256
ord388
ord16
ord176
ord219
StrChrW
IntlStrEqWorkerW
StrCmpIW
ord619
StrStrIW
PathRemoveBlanksW
SHStrDupW
AssocCreate
ord158
ord157
SHRegGetValueW
ord217
StrDupW
StrRetToBufW
ord236
PathFindFileNameW
ord186
ord209
ord197
ord211
ord210
ord208

propsys

PSFormatForDisplay
VariantToPropVariant
InitVariantFromResource
VariantToBuffer

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalSize
GlobalLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profapi.dll
.dll windows x86

Password: 1234

4d72dddccfa1b0652771d21854f8c720

Code Sign

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:45:63:64:d0:f3:4b:8f:52:a0:70:23:d8:6b:24:5b:b2:93:db:03:44:fe:fd:a5:d3:7e:e5:5b:64:8b:b7:bf
Signer

Actual PE Digest

90:45:63:64:d0:f3:4b:8f:52:a0:70:23:d8:6b:24:5b:b2:93:db:03:44:fe:fd:a5:d3:7e:e5:5b:64:8b:b7:bf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memcpy
_o__wcsicmp
_o_free
_except_handler4_common
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__CxxFrameHandler3
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
InitializeSRWLock
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
GetCurrentThread
OpenProcessToken
SetThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegLoadKeyW
RegEnumValueW
RegOpenCurrentUser
RegCopyTreeW
RegCreateKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

CopySid
GetAce
AddAce
GetLengthSid
GetTokenInformation
IsWellKnownSid
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateSelf
ImpersonateLoggedOnUser
SetFileSecurityW
PrivilegeCheck
MakeAbsoluteSD

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindClose
GetShortPathNameW
CreateDirectoryW
FindNextFileW
GetFileAttributesW
FindFirstFileW
WriteFile
ReadFile
CreateFileW
DeleteFileW
SetFileAttributesW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlAdjustPrivilege
RtlCreateEnvironment
RtlDestroyEnvironment
RtlExpandEnvironmentStrings
RtlSetEnvironmentVar
RtlNtStatusToDosError
RtlQueryEnvironmentVariable
RtlGetAppContainerParent
RtlGetAppContainerSidType
RtlFreeSid
RtlQueryPackageClaims
RtlEqualSid
NtQueryInformationToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

20fcca9c4f6d6a96b55e9305c9ac59ff

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2aCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

0b:8c:4a:44:e7:d7:b3:f2:e1:1f:f4:1c:cf:a2:e5:dc:2e:22:89:b4:f0:48:90:76:1d:3b:cf:ec:13:6b:87:f0Signer

Signature Validations

Verification

27/02/2023, 09:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wtsapi32

Sections

.text Size: - Virtual size: 2.0MB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 34KB

.vmp%_%- Size: - Virtual size: 3.3MB

.vmp%_%- Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

Password: 1234

10c64957194e6ae79c80652183d62334

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

ole32

gdi32

user32

shell32

ntdll

shlwapi

propsys

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

0b:8c:4a:44:e7:d7:b3:f2:e1:1f:f4:1c:cf:a2:e5:dc:2e:22:89:b4:f0:48:90:76:1d:3b:cf:ec:13:6b:87:f0
Signer

27/02/2023, 09:36
Valid: false

.text
Size: - Virtual size: 2.0MB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 34KB

.vmp%_%-
Size: - Virtual size: 3.3MB

.vmp%_%-
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 112B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

90:45:63:64:d0:f3:4b:8f:52:a0:70:23:d8:6b:24:5b:b2:93:db:03:44:fe:fd:a5:d3:7e:e5:5b:64:8b:b7:bf
Signer

27/02/2023, 09:36
Valid: false

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 68B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 3KB