ProcessExplorer[.]zip[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

ProcessExplorer.zip.7z
Size

1.6MB
MD5

181dc962ed1a714248a32a88c090a8d1
SHA1

b124a4dbcc61586ad62f32ea0cebc413206f559d
SHA256

5e2e9bb53e06f45ff1eff3aa80b05384720c86f87fad92c9ace8dc421163e10f
SHA512

45a636d7ca383064d229d7206ee623f8cfb5ce3e5e7ce7aeee451e4d722886e7d058a0f05e2d86a65637773b9553e59ea24ea74e67d0a96908db317c2563dcba
SSDEEP

49152:ywM2rDPJb+k6Qk/PBrbjV3wXh2QaZuezR+S:XMu5OZr/5ZQfeQS

Score

1^/10

Malware Config

Signatures

Files

ProcessExplorer.zip.7z
.7z

Password: infected
ProcessExplorer.zip
.zip
Eula.txt
procexp.chm
.chm
procexp.exe
.exe windows x86

28006e813fb35a41640d0ecb88fa2ced

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:ca:f1:8a:c8:1b:bd:ce:c7:40:77:c0:ef:a3:9b:86:c0:8e:9a:73
Signer

Actual PE Digest

f3:ca:f1:8a:c8:1b:bd:ce:c7:40:77:c0:ef:a3:9b:86:c0:8e:9a:73

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07/06/2010, 23:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getservbyport
htons
ntohs
ntohl
WSAStartup
gethostbyaddr
htonl

mpr

WNetGetConnectionA

comctl32

ImageList_Destroy
CreateToolbarEx
CreatePropertySheetPageA
ord6
PropertySheetA
ord17
ImageList_Create
ImageList_DrawEx
InitCommonControlsEx
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

CreateFileA
SetLastError
GetCommandLineW
OpenEventA
InterlockedIncrement
GetTickCount
lstrcatA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
InterlockedDecrement
ReadProcessMemory
GetDateFormatA
lstrcmpA
lstrcmpiA
GetEnvironmentVariableA
MulDiv
CreateProcessA
ExpandEnvironmentStringsA
SearchPathA
GetFileAttributesA
GetNumberFormatA
lstrcpynA
GetSystemDirectoryA
GetProcessAffinityMask
Sleep
SetThreadAffinityMask
GetCurrentThread
DeleteFileA
GetCommandLineA
VirtualQueryEx
OpenProcess
SetFilePointer
ReadFile
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
PulseEvent
GlobalMemoryStatus
WaitForMultipleObjects
SetErrorMode
GetCurrentProcessId
SetPriorityClass
FindClose
FindFirstFileA
SetEnvironmentVariableA
CreateEventA
GlobalUnlock
GlobalAlloc
GlobalLock
FindResourceA
SetProcessWorkingSetSize
GetLocaleInfoA
FormatMessageA
OutputDebugStringA
TerminateProcess
GetProcessWorkingSetSize
DeviceIoControl
GetDriveTypeA
GetCurrentDirectoryA
GetFileTime
GetExitCodeThread
DuplicateHandle
VirtualFree
VirtualAlloc
GetPriorityClass
GetThreadContext
ResetEvent
MultiByteToWideChar
GlobalAddAtomA
GetSystemInfo
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
FatalAppExitA
HeapDestroy
HeapCreate
GetStartupInfoA
ResumeThread
CreateThread
GetCurrentThreadId
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
lstrlenW
RaiseException
InterlockedExchange
LoadResource
SizeofResource
LockResource
GetCurrentProcess
IsBadStringPtrA
lstrlenA
InitializeCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetSystemTimeAsFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetModuleHandleA
WaitForSingleObject
TerminateThread
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32First
CloseHandle
Module32Next
GetVersion
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
LocalFree
LocalAlloc
GetModuleFileNameA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
GlobalReAlloc
GetLocaleInfoW

user32

CheckMenuRadioItem
GetDlgItemTextA
ReleaseCapture
CreateDialogParamA
DispatchMessageA
IsDialogMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RedrawWindow
ExitWindowsEx
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawMenuBar
RemoveMenu
CreateMenu
RegisterWindowMessageA
GetDlgCtrlID
SendMessageTimeoutA
GetWindow
GetUserObjectSecurity
SetUserObjectSecurity
GetKeyState
CheckRadioButton
MsgWaitForMultipleObjects
PeekMessageA
ScrollWindowEx
SetScrollInfo
GetScrollInfo
IntersectRect
GetUpdateRgn
GetClassLongA
wsprintfA
GetMenuCheckMarkDimensions
ShowWindowAsync
SetForegroundWindow
CheckMenuItem
FindWindowExA
IsIconic
GetWindowDC
SetMenuItemInfoA
SetClassLongA
FillRect
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
DeleteMenu
EnableWindow
CheckDlgButton
IsDlgButtonChecked
GetWindowPlacement
ModifyMenuA
CreatePopupMenu
TrackPopupMenuEx
AppendMenuA
GetMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
DestroyIcon
FrameRect
GetDoubleClickTime
InvalidateRgn
MessageBoxA
SetFocus
SetTimer
WindowFromPoint
KillTimer
LoadStringA
LoadImageA
RegisterClassExA
RegisterClassA
FindWindowA
SetWindowPlacement
UpdateWindow
DialogBoxIndirectParamA
SetWindowTextA
PostQuitMessage
DrawIconEx
LoadMenuA
InsertMenuA
TrackPopupMenu
GetCapture
SetCapture
GetDesktopWindow
DrawEdge
InflateRect
DefDlgProcA
DefFrameProcA
DefMDIChildProcA
ClientToScreen
SystemParametersInfoA
CreateIconIndirect
MapWindowPoints
DestroyWindow
CreateWindowExA
IsWindowVisible
GetFocus
DrawTextA
GetDC
ReleaseDC
GetCursorPos
SetWindowPos
PostMessageA
SendMessageA
ShowWindow
IsZoomed
PtInRect
BeginPaint
EndPaint
DrawFrameControl
CallWindowProcA
CopyRect
SetWindowLongA
SetPropA
GetPropA
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
GetClientRect
GetSystemMetrics
OffsetRect
UnionRect
GetParent
GetClassNameA
GetWindowLongA
DeferWindowPos
ScreenToClient
DefWindowProcA
DialogBoxParamA
EndDialog
GetDlgItem
GetWindowRect
MoveWindow
SetDlgItemTextA
LoadCursorA
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
LoadIconA

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
GetTextExtentPoint32A
ExtTextOutA
SetTextAlign
GetDeviceCaps
Rectangle
CreatePen
SetROP2
SaveDC
Ellipse
CreateCompatibleBitmap
LineTo
MoveToEx
GetTextMetricsA
Polyline
GetBkColor
SelectClipRgn
CreateRectRgnIndirect
RectInRegion
CreateRectRgn
EndPage
SetMapMode
StartDocA
CreateFontIndirectA
SetBkMode
SetTextColor
RestoreDC
SelectObject
EndDoc
SetBkColor
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
StartPage

comdlg32

PrintDlgA
ChooseFontA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
FindTextA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
SysStringLen
VariantInit
SysAllocStringByteLen
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

28006e813fb35a41640d0ecb88fa2ced

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

f3:ca:f1:8a:c8:1b:bd:ce:c7:40:77:c0:ef:a3:9b:86:c0:8e:9a:73Signer

Signature Validations

Verification

07/06/2010, 23:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

mpr

comctl32

version

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 18KB - Virtual size: 138KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 40KB - Virtual size: 39KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

f3:ca:f1:8a:c8:1b:bd:ce:c7:40:77:c0:ef:a3:9b:86:c0:8e:9a:73
Signer

07/06/2010, 23:14
Valid: false

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 18KB - Virtual size: 138KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 40KB - Virtual size: 39KB