9773052012[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9773052012.zip
Size

86KB
MD5

4198b6045b68504eed83b53c4e19575e
SHA1

ed1ec978db5f66481d75598a8fe18dd2c0bdf3c9
SHA256

b60c69845b7a394e470303c17777845fc81f482945ff2f9607c6ed076ce2ccc8
SHA512

e9ab7a9f73ad794de788c25e99853d0185490d2bffed4e5f2f33c63e49fefeaf0d66d4e0f70860427f01dc63bcd169c76f8b1030e01373423345cd8472819ca6
SSDEEP

1536:yUvy1bMZX1Oh76uH3eQb8rjzBDwxFbR7eOEFFdnPa5Aa1gA8T7F0eOyDqfqzlwVN:y8aM/I3QDwx3unPaqaL67C422lizus

Score

1^/10

Malware Config

Signatures

Files

9773052012.zip
.zip

Password: infected
5d99efa36f34aa6b43cd81e77544961c5c8d692c96059fef92c2df2624550734
.exe windows x86

e4c615e3188c04ce80e7eaf3c297d64a

Code Sign

1b:66:11:df:9c:9a:4d:6e:cc:8e:d5:0c:9b:91:78:73
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/11/2020, 00:00

Not After

02/11/2023, 23:59

Subject

CN=3CX Ltd,O=3CX Ltd,POSTALCODE=2409,STREET=4\, Markou Drakou,L=Egkomi,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:05:d6:37:b3:16:fe:3d:9c:28:2b:69:a7:ef:d2:02:38:d5:df:a9
Signer

Actual PE Digest

86:05:d6:37:b3:16:fe:3d:9c:28:2b:69:a7:ef:d2:02:38:d5:df:a9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=3CX Ltd,O=3CX Ltd,POSTALCODE=2409,STREET=4\, Markou Drakou,L=Egkomi,C=CY

13/03/2023, 06:32
Valid: true

Chain 1

CN=3CX Ltd,O=3CX Ltd,POSTALCODE=2409,STREET=4\, Markou Drakou,L=Egkomi,C=CY

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
CreateFileW
CloseHandle
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
GetLastError
RemoveDirectoryW
MoveFileExW
CreateProcessW
WriteConsoleW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

user32

AllowSetForegroundWindow
WaitForInputIdle

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e4c615e3188c04ce80e7eaf3c297d64a

Code Sign

1b:66:11:df:9c:9a:4d:6e:cc:8e:d5:0c:9b:91:78:73Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

86:05:d6:37:b3:16:fe:3d:9c:28:2b:69:a7:ef:d2:02:38:d5:df:a9Signer

Signature Validations

Verification

13/03/2023, 06:32 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 422KB - Virtual size: 421KB

.reloc Size: 5KB - Virtual size: 4KB

1b:66:11:df:9c:9a:4d:6e:cc:8e:d5:0c:9b:91:78:73
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

86:05:d6:37:b3:16:fe:3d:9c:28:2b:69:a7:ef:d2:02:38:d5:df:a9
Signer

13/03/2023, 06:32
Valid: true

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 422KB - Virtual size: 421KB

.reloc
Size: 5KB - Virtual size: 4KB