9690208919[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9690208919.zip
Size

3.0MB
MD5

c97dfacb099ebad0b844dfd54b67ce4a
SHA1

ab2a0bf52efbeb000eb4c4165a299c9369ef97f1
SHA256

0f6475ca885b409154bcfb7a0803eb5f46d1427998fe1b3e115c665f945e3e2a
SHA512

2a8bff2df6fa87810a7c51c6d4c58e493457f4847cdb004121e0d5efedf74d875b2aa4170ac89db5b13231060d25dfb9dafbb53a38199458b8a9dba3e2be4215
SSDEEP

49152:UqVMtye3KlyQtF1vkYq7trv8sR4tGAOwK0YXvbJnU3CdaVkLqfNFI:rM136yy1Xqd8sOGAOb0YjJnU3CikefTI

Score

1^/10

Malware Config

Signatures

Files

9690208919.zip
.zip

Password: infected
9ca42a4b40b4a09155424d4d6096365c0368648f7cc0290a7cfd50cb54bc1e71
.exe windows x86

e43033b3df6d8fc0bc25a8609bdf3b23

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:03:14:b1:59:41:88:08:4e:49:48:9c:46:08:11:66
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/09/2021, 00:00

Not After

10/09/2023, 23:59

Subject

CN=TMRG\, Inc.,O=TMRG\, Inc.,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:f6:3f:27:b8:c5:5c:68:25:9d:b4:d3:86:36:82:24:46:e5:62:77
Signer

Actual PE Digest

e4:f6:3f:27:b8:c5:5c:68:25:9d:b4:d3:86:36:82:24:46:e5:62:77

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=TMRG\, Inc.,O=TMRG\, Inc.,ST=Virginia,C=US

25/08/2022, 21:07
Valid: true

Chain 1

CN=TMRG\, Inc.,O=TMRG\, Inc.,ST=Virginia,C=US

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSAGetLastError
getservbyport
gethostbyaddr
getservbyname
gethostbyname
inet_addr
ntohl
ntohs
WSASetLastError
send
socket
connect
htons
ioctlsocket
shutdown
setsockopt
closesocket
bind
listen
WSACleanup
getsockname
getsockopt
getpeername
sendto
recvfrom
inet_ntoa
gethostname
htonl
recv
__WSAFDIsSet
select
accept

wininet

HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetGetConnectedState
InternetQueryOptionA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
CommitUrlCacheEntryA
HttpSendRequestA
HttpQueryInfoA
CreateUrlCacheEntryA
InternetCheckConnectionA
DeleteUrlCacheEntry
RetrieveUrlCacheEntryStreamA
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
InternetSetOptionA

comctl32

ImageList_LoadImageA

rpcrt4

UuidCompare
UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

midiInGetNumDevs
midiOutGetNumDevs
waveInGetNumDevs
joyGetNumDevs
auxGetNumDevs
mixerGetNumDevs
waveOutGetNumDevs

iphlpapi

GetIpForwardTable
GetNetworkParams
GetAdaptersAddresses
GetAdaptersInfo

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsA

ws2_32

WSACloseEvent
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
getaddrinfo
freeaddrinfo
WSAEnumNetworkEvents
WSAResetEvent
WSAIoctl
getnameinfo
WSAAddressToStringA
WSAStringToAddressA

dnsapi

DnsQuery_A
DnsFree

dbghelp

MiniDumpWriteDump

psapi

GetModuleFileNameExA
EnumProcessModules

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCreateCertificateContext
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetNameStringA
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertDeleteCertificateFromStore
CertVerifyRevocation

wldap32

ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord60
ord50
ord143
ord22
ord211
ord217

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetLastError
LocalAlloc
LocalFree
lstrlenA
GetProcAddress
CreateFileA
DeleteFileA
FreeLibrary
GetFileSize
ReadFile
LoadLibraryA
GetCurrentThreadId
FormatMessageA
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
OpenProcess
GetModuleHandleA
GetFileAttributesA
CreateEventA
Sleep
GetTempPathA
GetTempFileNameA
CreateDirectoryA
CopyFileA
RemoveDirectoryA
GetStartupInfoA
OpenMutexA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
TerminateProcess
CreateMutexA
ReleaseMutex
SetLastError
GetCurrentProcess
GetCurrentThread
GetSystemInfo
GetComputerNameA
IsBadReadPtr
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
ResumeThread
CreateFileMappingA
CreateSemaphoreA
DuplicateHandle
InterlockedCompareExchange
HeapAlloc
HeapFree
GetProcessHeap
IsDebuggerPresent
GetThreadTimes
GetProcessTimes
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
SetUnhandledExceptionFilter
ExitProcess
InterlockedDecrement
GetDriveTypeA
FindFirstFileA
GetModuleFileNameA
SetThreadPriority
SetFileTime
FindNextFileA
FindClose
CompareFileTime
GetLogicalDriveStringsA
GetExitCodeProcess
GlobalFree
MoveFileExA
FindResourceA
SizeofResource
LoadResource
LockResource
GetUserDefaultLangID
GetLocalTime
MoveFileA
GetCommandLineA
RemoveDirectoryW
MulDiv
MapViewOfFile
UnmapViewOfFile
InterlockedExchange
FindResourceW
FindResourceExW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemDefaultLCID
SetEndOfFile
GetSystemDefaultLangID
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
VirtualFreeEx
GetSystemTime
SetFileAttributesA
GetSystemDirectoryA
ResetEvent
WritePrivateProfileStringA
InitializeSListHead
InterlockedPopEntrySList
ReadProcessMemory
Process32First
SetEvent
Process32Next
GetFullPathNameW
GetFullPathNameA
UnlockFile
LockFile
UnlockFileEx
LoadLibraryW
FormatMessageW
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
AreFileApisANSI
GetCurrentDirectoryA
SuspendThread
GetThreadContext
OutputDebugStringA
CreateDirectoryW
GlobalAlloc
RaiseException
FlushInstructionCache
GlobalLock
GlobalUnlock
TerminateThread
GetLongPathNameA
GetLogicalDrives
GetUserDefaultLCID
GetLocaleInfoA
lstrcmpiA
FileTimeToSystemTime
SystemTimeToFileTime
OpenFileMappingA
InterlockedPushEntrySList
SleepEx
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
GetFileType
GetStdHandle
FindFirstFileW
FindNextFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetVersion
OpenEventA
CreateProcessA
ReleaseSemaphore
GetModuleFileNameW
LoadLibraryExA
CreatePipe
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
DebugBreak
DosDateTimeToFileTime
GetFileTime
LocalFileTimeToFileTime
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
HeapDestroy
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
lstrcmpA
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
VirtualProtect
VirtualQuery
HeapSetInformation
GetStartupInfoW
RtlUnwind
ConvertThreadToFiberEx
ConvertFiberToThread
GetModuleHandleExW
DeleteFiber
CreateFiberEx
SwitchToFiber
InterlockedCompareExchange64
InterlockedExchangeAdd
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleW
ReadConsoleA
LCMapStringA
GetEnvironmentVariableA
GetShortPathNameA
GetWindowsDirectoryA
WaitForSingleObject
GetStringTypeExA
SetEnvironmentVariableA
GetDriveTypeW
IsValidLocale
EnumSystemLocalesA
GetCurrentDirectoryW
CloseHandle
GetTickCount
GetFileInformationByHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
FileTimeToLocalFileTime
FindFirstFileExA
LCMapStringW
GetCPInfo
CompareStringW
HeapCreate
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetHandleCount
SetStdHandle
Module32First

user32

ScreenToClient
BeginPaint
GetWindowTextLengthA
GetWindowTextA
CharNextA
IsWindowEnabled
GetDlgItem
EnableWindow
MsgWaitForMultipleObjectsEx
InvalidateRect
DrawTextA
UpdateLayeredWindow
KillTimer
SetTimer
GetClientRect
GetDesktopWindow
ReleaseDC
EndPaint
InvalidateRgn
GetDC
CreatePopupMenu
InsertMenuItemW
MessageBoxW
LoadImageA
TrackPopupMenu
GetCursorPos
ExitWindowsEx
EnumChildWindows
LoadStringA
RedrawWindow
RegisterDeviceNotificationA
SetCapture
GetWindow
IsChild
ClientToScreen
GetClassNameA
GetSysColor
DestroyIcon
DestroyMenu
FindWindowA
MsgWaitForMultipleObjects
SetWindowTextA
UpdateWindow
DestroyWindow
PeekMessageA
PostMessageA
TranslateAcceleratorA
LoadAcceleratorsA
ShowWindow
RegisterWindowMessageA
CallWindowProcA
DefWindowProcA
GetMenu
CheckMenuItem
SetForegroundWindow
DestroyAcceleratorTable
GetFocus
FillRect
CreateAcceleratorTableA
ReleaseCapture
GetClassInfoExA
CallNextHookEx
SystemParametersInfoA
GetSystemMetrics
SetClassLongA
FlashWindowEx
PostThreadMessageA
LoadMenuA
GetSubMenu
RemoveMenu
CreateDialogParamA
SetDlgItemTextA
GetParent
SetWindowPos
SetFocus
SetActiveWindow
MoveWindow
PostQuitMessage
SendMessageA
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
TranslateMessage
DispatchMessageA
GetMessageA
SetDlgItemInt
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
GetWindowRect
IsWindow
CharLowerBuffA
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExA
RegisterClassA
EndDialog
IsWindowVisible
GetUserObjectInformationW
GetProcessWindowStation
UnregisterDeviceNotification
UnregisterClassA
IsDialogMessageA

gdi32

DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
SetBkMode
SetTextColor
DeleteObject
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
GetObjectA
GetDeviceCaps
CreateFontA
GetStockObject

winspool.drv

EnumPrintersA

comdlg32

GetSaveFileNameA
FindTextA

advapi32

OpenProcessToken
RegCloseKey
RegEnumKeyExA
GetSidLengthRequired
InitializeSid
CryptDestroyKey
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersW
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
CryptAcquireContextW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateProcessAsUserA
RegCreateKeyA
DeleteService
SetFileSecurityA
DuplicateTokenEx
SetTokenInformation
RegSetKeySecurity
RegQueryInfoKeyA
SetSecurityInfo
GetTokenInformation
ConvertSidToStringSidA
CheckTokenMembership
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
RegOpenKeyExA
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
InitializeSecurityDescriptor
RegEnumValueA
LookupPrivilegeValueA
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
AddAce
RegEnumKeyA
RegNotifyChangeKeyValue
AddAccessAllowedAce
RegOpenKeyA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeAcl
RegDeleteKeyA
RegCreateKeyExA
QueryServiceStatus
ControlService
OpenServiceA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegQueryValueExA
GetUserNameA
RegDeleteValueA

shell32

SHGetSpecialFolderPathA
ShellExecuteW
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconA

ole32

OleInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
OleRun
CoCreateGuid
StringFromGUID2
CoSetProxyBlanket
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
DispGetParam
VariantClear
VariantInit
VarBstrCat
SysAllocStringByteLen
SysStringLen
SysAllocStringLen

shlwapi

SHCopyKeyA

userenv

GetProfilesDirectoryA

bcrypt

BCryptGenRandom

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e43033b3df6d8fc0bc25a8609bdf3b23

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

ca:03:14:b1:59:41:88:08:4e:49:48:9c:46:08:11:66Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

e4:f6:3f:27:b8:c5:5c:68:25:9d:b4:d3:86:36:82:24:46:e5:62:77Signer

Signature Validations

Verification

25/08/2022, 21:07 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

wininet

comctl32

rpcrt4

version

winmm

iphlpapi

setupapi

ws2_32

dnsapi

dbghelp

psapi

crypt32

wldap32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

bcrypt

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 95KB - Virtual size: 254KB

.rsrc Size: 39KB - Virtual size: 39KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

ca:03:14:b1:59:41:88:08:4e:49:48:9c:46:08:11:66
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

e4:f6:3f:27:b8:c5:5c:68:25:9d:b4:d3:86:36:82:24:46:e5:62:77
Signer

25/08/2022, 21:07
Valid: true

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 95KB - Virtual size: 254KB

.rsrc
Size: 39KB - Virtual size: 39KB