General

Malware Config

Signatures

Files

• 01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.zip

  .zip

  Password: infected

• 01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993.exe

  .exe windows x86

  Password: infected

  50a420668550f98372c95025cc500359

  
  

  Code Sign

  48:04:2a:d2:76:ae:97:74:be:39:ab:b8:ac:3e:3a:da

  Certificate

  Issuer

  CN=OHZOIPIFGKOQRMDDPN

  Not Before

  23-06-2020 09:20

  Not After

  31-12-2039 23:59

  Subject

  CN=OHZOIPIFGKOQRMDDPN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  01-08-2030 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  74:67:80:95:03:47:80:f5:6a:a3:80:28:20:29:9d:9f:6c:c1:9d:d2

  Signer

  Actual PE Digest

  74:67:80:95:03:47:80:f5:6a:a3:80:28:20:29:9d:9f:6c:c1:9d:d2

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=OHZOIPIFGKOQRMDDPN

  09-03-2023 18:53

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLastError

  SetPriorityClass

  GetPriorityClass

  GetCurrentProcess

  IsDebuggerPresent

  UnhandledExceptionFilter

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  SetUnhandledExceptionFilter

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  GetWindowsDirectoryA

  DeleteFileA

  CopyFileExW

  GetDateFormatA

  OpenProcess

  GetPrivateProfileIntA

  SetMessageWaitingIndicator

  IsDBCSLeadByteEx

  BuildCommDCBAndTimeoutsW

  OutputDebugStringW

  RtlMoveMemory

  GetDiskFreeSpaceW

  DeleteAtom

  Module32FirstW

  GetDefaultCommConfigA

  IsValidLanguageGroup

  SetInformationJobObject

  GetThreadPriorityBoost

  CreateDirectoryA

  GetExitCodeThread

  GetProfileSectionA

  RequestDeviceWakeup

  GetProfileIntW

  WritePrivateProfileSectionA

  SetConsoleTextAttribute

  WaitForMultipleObjects

  VirtualProtectEx

  FoldStringA

  EnumCalendarInfoExW

  VerifyVersionInfoA

  CreateMailslotW

  GetTimeZoneInformation

  GetACP

  VirtualFree

  VirtualAlloc

  GetSystemInfo

  GetVersion

  VirtualQuery

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenW

  lstrcpynW

  LoadLibraryExW

  GetThreadLocale

  GetStartupInfoA

  GetProcAddress

  GetModuleHandleW

  GetModuleFileNameW

  GetLocaleInfoW

  GetCommandLineW

  FreeLibrary

  FindFirstFileW

  FindClose

  ExitProcess

  ExitThread

  CreateThread

  CompareStringW

  WriteFile

  RtlUnwind

  RaiseException

  GetStdHandle

  CloseHandle

  TlsSetValue

  TlsGetValue

  LocalAlloc

  lstrcpyW

  WriteProcessMemory

  WritePrivateProfileStringW

  WinExec

  WaitForSingleObject

  WaitForMultipleObjectsEx

  VirtualQueryEx

  VirtualProtect

  SwitchToThread

  SizeofResource

  SignalObjectAndWait

  SetThreadLocale

  SetLastError

  SetFilePointer

  SetFileAttributesW

  SetEvent

  SetErrorMode

  SetEndOfFile

  SearchPathW

  ResumeThread

  ResetEvent

  ReadFile

  MulDiv

  LockResource

  LocalFree

  LoadResource

  LoadLibraryW

  LeaveCriticalSection

  IsValidLocale

  IsBadReadPtr

  InitializeCriticalSection

  HeapDestroy

  HeapCreate

  GlobalFindAtomW

  GlobalDeleteAtom

  GlobalAddAtomW

  GetWindowsDirectoryW

  GetVersionExW

  GetTempPathW

  GetTempFileNameW

  GetPrivateProfileStringW

  GetLocalTime

  GetFullPathNameW

  GetFileAttributesW

  GetEnvironmentVariableW

  GetDateFormatW

  GetCurrentThread

  GetCPInfo

  FreeResource

  InterlockedIncrement

  InterlockedExchangeAdd

  InterlockedDecrement

  FormatMessageW

  FlushInstructionCache

  FindResourceW

  FindNextFileW

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  EnumCalendarInfoA

  EnterCriticalSection

  DeleteFileW

  DeleteCriticalSection

  CreateProcessW

  CreateFileW

  CreateEventW

  CreateDirectoryW

  CompareStringA

  GetModuleHandleA

  LoadLibraryA

  VirtualAllocEx

  user32

  ScreenToClient

  ChangeDisplaySettingsExA

  GetTabbedTextExtentW

  DdeImpersonateClient

  VkKeyScanW

  ScrollWindowEx

  EnumDisplaySettingsW

  MonitorFromRect

  SetCaretBlinkTime

  MessageBeep

  ShowCursor

  OemToCharBuffW

  CallWindowProcA

  WINNLSGetEnableStatus

  CloseClipboard

  CreateAcceleratorTableW

  SetMenuInfo

  DefFrameProcA

  GetKeyboardType

  LoadStringW

  MessageBoxA

  CharNextW

  CreateWindowExW

  WindowFromPoint

  WaitMessage

  UpdateWindow

  UnregisterClassW

  UnhookWindowsHookEx

  TranslateMessage

  TranslateMDISysAccel

  TrackPopupMenu

  SystemParametersInfoW

  ShowWindow

  ShowScrollBar

  ShowOwnedPopups

  SetWindowRgn

  SetWindowsHookExW

  SetWindowTextW

  SetWindowPos

  SetWindowPlacement

  SetWindowLongW

  SetTimer

  SetScrollRange

  SetScrollPos

  SetScrollInfo

  SetRect

  SetPropW

  SetParent

  SetMenuItemInfoW

  SetMenu

  SetForegroundWindow

  SetFocus

  SetCursor

  SetClassLongW

  SetCapture

  SetActiveWindow

  SendMessageA

  SendMessageW

  ScrollWindow

  RemovePropW

  RemoveMenu

  ReleaseDC

  ReleaseCapture

  RegisterWindowMessageW

  RegisterClipboardFormatW

  RegisterClassW

  RedrawWindow

  PostQuitMessage

  PostMessageW

  PeekMessageA

  PeekMessageW

  OffsetRect

  MsgWaitForMultipleObjectsEx

  MsgWaitForMultipleObjects

  MessageBoxW

  MapWindowPoints

  MapVirtualKeyW

  LoadKeyboardLayoutW

  LoadIconW

  LoadCursorW

  LoadBitmapW

  KillTimer

  IsZoomed

  IsWindowVisible

  IsWindowUnicode

  IsWindowEnabled

  IsWindow

  IsIconic

  IsDialogMessageA

  IsDialogMessageW

  IsChild

  InvalidateRect

  IntersectRect

  InsertMenuItemW

  InsertMenuW

  InflateRect

  GetWindowThreadProcessId

  GetWindowTextW

  GetWindowRect

  GetWindowPlacement

  GetWindowLongW

  GetWindowDC

  GetTopWindow

  GetSystemMetrics

  GetSystemMenu

  GetSysColorBrush

  GetSysColor

  GetSubMenu

  GetScrollRange

  GetScrollPos

  GetScrollInfo

  GetPropW

  GetParent

  GetWindow

  GetMessagePos

  GetMenuStringW

  GetMenuState

  GetMenuItemInfoW

  GetMenuItemID

  GetMenuItemCount

  GetMenu

  GetLastActivePopup

  GetKeyboardState

  GetKeyboardLayoutNameW

  GetKeyboardLayoutList

  GetKeyboardLayout

  GetKeyState

  GetKeyNameTextW

  GetIconInfo

  GetForegroundWindow

  GetFocus

  GetDesktopWindow

  GetDCEx

  GetDC

  GetCursorPos

  GetCursor

  GetClipboardData

  GetClientRect

  GetClassLongW

  GetClassInfoW

  GetCapture

  GetActiveWindow

  FrameRect

  FindWindowExW

  FindWindowW

  FillRect

  EnumWindows

  EnumThreadWindows

  EnumChildWindows

  EndPaint

  EnableWindow

  EnableScrollBar

  EnableMenuItem

  DrawTextExW

  DrawTextW

  DrawMenuBar

  DrawIconEx

  DrawIcon

  DrawFrameControl

  DrawEdge

  DispatchMessageA

  DispatchMessageW

  DestroyWindow

  DestroyMenu

  DestroyIcon

  DestroyCursor

  DeleteMenu

  DefWindowProcW

  DefMDIChildProcW

  DefFrameProcW

  CreatePopupMenu

  CreateMenu

  CreateIcon

  ClientToScreen

  CheckMenuItem

  CharUpperBuffW

  CharToOemW

  CharLowerBuffW

  CharLowerW

  CallWindowProcW

  CallNextHookEx

  BeginPaint

  AdjustWindowRectEx

  ActivateKeyboardLayout

  DrawTextA

  DefWindowProcA

  LoadIconA

  LoadCursorA

  GetDialogBaseUnits

  OemKeyScan

  WindowFromDC

  gdi32

  GdiSetBatchLimit

  ScaleViewportExtEx

  GetEUDCTimeStampExW

  EngDeleteClip

  GetNearestPaletteIndex

  GetCharacterPlacementW

  CreateBrushIndirect

  PlayEnhMetaFile

  CreateColorSpaceW

  GdiPlayDCScript

  GetCharABCWidthsI

  Arc

  EngCreatePalette

  GetPolyFillMode

  GetGlyphOutlineA

  UnrealizeObject

  StretchDIBits

  StretchBlt

  SetWindowOrgEx

  SetWinMetaFileBits

  SetViewportOrgEx

  SetTextColor

  SetStretchBltMode

  SetROP2

  SetPixel

  SetEnhMetaFileBits

  SetDIBColorTable

  SetBrushOrgEx

  SetBkMode

  SetBkColor

  SelectPalette

  SelectObject

  SaveDC

  RestoreDC

  ResizePalette

  Rectangle

  RectVisible

  RealizePalette

  Polyline

  PatBlt

  MoveToEx

  MaskBlt

  LineTo

  IntersectClipRect

  GetWindowOrgEx

  GetWinMetaFileBits

  GetTextMetricsW

  GetTextExtentPoint32W

  GetSystemPaletteEntries

  GetStockObject

  GetRgnBox

  GetPixel

  GetPaletteEntries

  GetObjectType

  GetObjectW

  GetEnhMetaFilePaletteEntries

  GetEnhMetaFileHeader

  GetEnhMetaFileBits

  GetDeviceCaps

  GetDIBits

  GetDIBColorTable

  GetDCOrgEx

  GetCurrentPositionEx

  GetCurrentObject

  GetClipBox

  GetBrushOrgEx

  GetBitmapBits

  FrameRgn

  ExcludeClipRect

  DeleteObject

  DeleteEnhMetaFile

  DeleteDC

  CreateSolidBrush

  CreateRoundRectRgn

  CreateRectRgn

  CreatePenIndirect

  CreatePalette

  CreateHalftonePalette

  CreateFontIndirectW

  CreateDIBitmap

  CreateDIBSection

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreateBitmap

  CopyEnhMetaFileW

  BitBlt

  GetEnhMetaFileW

  advapi32

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  RegFlushKey

  RegCreateKeyExW

  OpenProcessToken

  GetUserNameW

  CreateProcessAsUserW

  UnlockServiceDatabase

  StartServiceW

  QueryServiceStatus

  QueryServiceLockStatusW

  OpenServiceW

  OpenSCManagerW

  LockServiceDatabase

  CloseServiceHandle

  ChangeServiceConfigW

  shell32

  SHChangeNotify

  ExtractIconExA

  SHGetSpecialFolderPathA

  ShellExecuteEx

  ShellHookProc

  SHGetIconOverlayIndexW

  SHGetSettings

  SHAppBarMessage

  SHAddToRecentDocs

  SHLoadInProc

  Shell_NotifyIcon

  DoEnvironmentSubstW

  ExtractAssociatedIconExW

  SHGetDesktopFolder

  SHCreateProcessAsUserW

  SHFileOperationW

  SHPathPrepareForWriteW

  DoEnvironmentSubstA

  SHGetFileInfo

  ShellExecuteW

  SHGetSpecialFolderPathW

  shlwapi

  StrRChrW

  StrChrA

  StrCmpNIA

  StrRStrIW

  StrStrIA

  StrStrA

  StrStrIW

  comctl32

  InitializeFlatSB

  FlatSB_SetScrollProp

  FlatSB_SetScrollPos

  FlatSB_SetScrollInfo

  FlatSB_GetScrollPos

  FlatSB_GetScrollInfo

  _TrackMouseEvent

  ImageList_SetIconSize

  ImageList_GetIconSize

  ImageList_Write

  ImageList_Read

  ImageList_GetDragImage

  ImageList_DragShowNolock

  ImageList_DragMove

  ImageList_DragLeave

  ImageList_DragEnter

  ImageList_EndDrag

  ImageList_BeginDrag

  ImageList_Remove

  ImageList_DrawEx

  ImageList_GetBkColor

  ImageList_SetBkColor

  ImageList_Add

  ImageList_SetImageCount

  ImageList_GetImageCount

  ImageList_Destroy

  ImageList_Create

  winmm

  PlaySoundA

  Sections

  .text

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata4

  Size: 39KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata3

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata2

  Size: 41KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 149B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 42KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 122KB - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ