9538530937[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9538530937.zip
Size

50KB
MD5

1e2ed29cf06a7ea3ea71219e3e2e9119
SHA1

7b5e8359ecc0d4e60a01dca17c518a1b7d6e4f72
SHA256

276c8139b67034980f5296940345aa360f7e5bbcdf4d12ef9edef9006f1e433b
SHA512

4b832b3a3ccf639ba7e8527aa42eae87f0b09422a0f0b778f03870b458512ef91e9c15b282f40c9cc7e00686e8b3920cae57ac02373997f512f0cd8fcd51c531
SSDEEP

768:zEsWxFFKicB9+7BAoyIRDRSxgu4+7+ivhoYeMpFGJpdoo6gbetrm/5rxOdZQutA:ze/FKiBr7xRSTVD1eMp8JkrgbetkUztA

Score

1^/10

Malware Config

Signatures

Files

9538530937.zip
.zip

Password: infected
28eccab0efdfd1f1b5c375b56b6216cd2f31e8b97139e1dfea37ecf20804741b
.exe windows x86

61ab475141b574e1d7a0e2958a868828

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:f1:94:9c:08:c1:a7:3f:12:34:fd:a3:d3:ce:b6:55:20:60:b5:93
Signer

Actual PE Digest

62:f1:94:9c:08:c1:a7:3f:12:34:fd:a3:d3:ce:b6:55:20:60:b5:93

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

09/07/2017, 05:58
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapFree
VirtualProtect
GetProcessHeap
HeapAlloc
GlobalMemoryStatusEx
GetModuleHandleA
GetLastError
CreateProcessA
GetProcAddress
GetCurrentProcess
FreeLibrary
ReadFile
ExitProcess
GetVersionExA
GetTickCount
WinExec
LocalAlloc
LocalSize
LocalFree
GetModuleFileNameA
GetFileAttributesA
CopyFileA
MoveFileExA
CreateDirectoryA
SetFileAttributesA
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
lstrcatA
GetLocalTime
GetSystemDirectoryA
CreateFileA
GetFileSize
SetFilePointer
lstrlenA
WriteFile
CreateThread
OutputDebugStringA
lstrcpyA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
VirtualFree
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GetVersion
GetCurrentThreadId
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
GetCPInfo
GetOEMCP

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
GetTopWindow
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetLastInputInfo
GetSystemMetrics
ChangeDisplaySettingsA
FindWindowA
GetClassNameA
GetWindow
GetKeyState
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
UnhookWindowsHookEx
LoadStringA
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
wsprintfA

advapi32

OpenSCManagerA
ChangeServiceConfig2A
UnlockServiceDatabase
StartServiceA
RegOpenKeyA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegQueryValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenServiceA
DeleteService
OpenEventLogA
ClearEventLogA
CloseEventLog
CreateServiceA
LockServiceDatabase

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

msvcrt

_strcmpi
_stricmp
memcpy
_mbschr
_mbslwr
??3@YAXPAX@Z
ceil
_ftol
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
_mbscmp
rand
exit
strstr
strncpy
strrchr
system
atoi
strcspn
malloc
_except_handler3
memmove
free
_beginthreadex
strchr
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
memcmp
_msize
_expand
realloc
_strupr

ws2_32

WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send

comctl32

ord17

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xran@std@@YAXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

gdi32

SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
CreateBitmap
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
ScaleWindowExtEx
GetClipBox

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

61ab475141b574e1d7a0e2958a868828

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fdCertificate

Extended Key Usages

Key Usages

62:f1:94:9c:08:c1:a7:3f:12:34:fd:a3:d3:ce:b6:55:20:60:b5:93Signer

Signature Validations

Verification

09/07/2017, 05:58 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

comctl32

msvcp60

urlmon

wininet

gdi32

winspool.drv

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 20KB

.code Size: 4KB - Virtual size: 4KB

.code Size: 4KB - Virtual size: 4KB

.code Size: 4KB - Virtual size: 4KB

.code Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

62:f1:94:9c:08:c1:a7:3f:12:34:fd:a3:d3:ce:b6:55:20:60:b5:93
Signer

09/07/2017, 05:58
Valid: false

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 20KB

.code
Size: 4KB - Virtual size: 4KB

.code
Size: 4KB - Virtual size: 4KB

.code
Size: 4KB - Virtual size: 4KB

.code
Size: 4KB - Virtual size: 4KB