10104818510[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10104818510.zip
Size

21.3MB
MD5

ac9a0491ea0830a5cb6913d077a5b9a1
SHA1

708fa706d9c3fb5e16f26d6f3ffcaa19a02ede41
SHA256

bf359abbb83a06325690e3ec3849eac6f947bd0ce9b22f0a3f500b2fac502a78
SHA512

f25e477d74326b692681fa269cf0a2e25f50414e10bd4597aa7cc5fc64fab857283ed7eff091e9410a5a8a37232563c028178d73b4cafb4c598a84f19af961a1
SSDEEP

393216:dfVng1X1bBand2vBS1Rr5oyFaEPqEQ1/Csvd73YLGcr1Gr6u07DUVyKC:ZV4FbB8KS1Rr5oWK/CslchGrKIVyKC

Score

1^/10

Malware Config

Signatures

Files

10104818510.zip
.zip

Password: infected
b1dcc2593b86e08647068c596b897ad8961dfc9e04f67387a4421a2ea59d157b
.exe windows x64

e3f40a82fc13460b8f3e7de84c0289eb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:38:8d:20:03:57:ff:e0:81:a9:80:c7:9f:a5:9e:1f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/12/2021, 00:00

Not After

04/02/2025, 23:59

Subject

CN=Deep Instinct Ltd,O=Deep Instinct Ltd,L=TEL AVIV,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:f4:1f:64:b5:40:9e:9e:3d:ab:cd:d9:28:53:5e:73:c4:e5:db:cb:ea:7b:68:53:7a:78:f8:d8:9e:48:08
Signer

Actual PE Digest

03:aa:f4:1f:64:b5:40:9e:9e:3d:ab:cd:d9:28:53:5e:73:c4:e5:db:cb:ea:7b:68:53:7a:78:f8:d8:9e:48:08

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Deep Instinct Ltd,O=Deep Instinct Ltd,L=TEL AVIV,C=IL

13/04/2023, 18:10
Valid: true

Chain 1

CN=Deep Instinct Ltd,O=Deep Instinct Ltd,L=TEL AVIV,C=IL

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW
RpcExceptionFilter
NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree

crypt32

CryptDecodeObject
CertRDNValueToStrW
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CertCreateCertificateContext
CertFreeCertificateContext
CertGetIssuerCertificateFromStore
CertVerifySubjectCertificateContext
CryptImportPublicKeyInfo
CertOpenStore
CertFreeCertificateChain
CryptBinaryToStringA
CertGetCertificateChain
CertCloseStore
CertAddCertificateContextToStore

shlwapi

UrlEscapeW
PathStripPathA
PathStripPathW
StrStrIW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW

fltlib

FilterGetDosName

winhttp

WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpConnect
WinHttpQueryOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpOpen

kernel32

CreateSymbolicLinkW
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetFileInformationByHandleEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetFileType
WriteConsoleW
WriteFile
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
OutputDebugStringW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
ReadFile
ReadConsoleW
CreateHardLinkW
MoveFileExW
CopyFileW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFilePointerEx
SetFileInformationByHandle
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetCPInfoExW
GetStringTypeW
WideCharToMultiByte
FormatMessageA
FindCloseChangeNotification
K32GetDeviceDriverFileNameW
K32GetDeviceDriverBaseNameW
K32EnumDeviceDrivers
GetProcessId
GetCurrentProcess
CreateDirectoryW
DeleteFileW
GlobalFree
DebugBreak
GetProcessHeap
HeapAlloc
FormatMessageW
GetCurrentThreadId
GetModuleHandleExW
HeapFree
GetModuleFileNameA
LocalFree
MultiByteToWideChar
GetSystemTime
GetTickCount64
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetSystemTimeAsFileTime
SetLastError
WaitForMultipleObjects
Sleep
ResetEvent
SetEvent
CreateEventW
CloseHandle
QueryDosDeviceA
FreeLibrary
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
ExitProcess
WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockShared
RtlUnwind
TryEnterCriticalSection
GetExitCodeProcess
Wow64DisableWow64FsRedirection
ProcessIdToSessionId
SystemTimeToTzSpecificLocalTime
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
RemoveDirectoryW
FindFirstFileW
ReleaseSemaphore
CreateSemaphoreW
GetTickCount
VerifyVersionInfoW
lstrlenA
ReplaceFileW
FindNextChangeNotification
FindFirstChangeNotificationW
RtlCaptureContext
DeleteFileA
GetFileSize
LockFile
LockFileEx
SetFilePointer
UnlockFile
GetOverlappedResult
ReleaseMutex
CreateMutexA
CreateMutexW
SignalObjectAndWait
OpenProcess
GetSystemInfo
GetVersion
VirtualAlloc
CreateFileMappingW
MapViewOfFileEx
FlushViewOfFile
UnmapViewOfFile
OpenMutexA
GetTempFileNameW
MoveFileW
GetFileTime
GetComputerNameW
GetComputerNameExW
GetNativeSystemInfo
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessTimes
K32GetProcessImageFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
VerSetConditionMask

user32

wsprintfW

advapi32

CryptGetHashParam
QueryServiceConfig2W
ChangeServiceConfig2W
TraceMessage
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
RegSetKeySecurity
RegQueryValueExW
RegSetKeyValueW
RegGetValueW
RegNotifyChangeKeyValue
EventAccessControl
ControlTraceW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueA
SetFileSecurityA
ConvertSidToStringSidW
GetUserNameW
OpenProcessToken
RegFlushKey
CryptGenRandom
CryptHashData
CryptVerifySignatureW
FreeSid
LookupAccountNameW
CheckTokenMembership
LookupAccountSidW
ConvertStringSidToSidA
CreateServiceW
OpenServiceW
ImpersonateLoggedOnUser
RevertToSelf
AllocateAndInitializeSid
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
GetTokenInformation
ConvertSidToStringSidA
CloseServiceHandle
StartServiceW
QueryServiceStatus
ControlService
DeleteService
ChangeServiceConfigW
SetServiceObjectSecurity
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptGetKeyParam
OpenSCManagerW

shell32

ShellExecuteExW

ntdll

NtMapViewOfSection
NtCreateSection
NtClose

wintrust

WinVerifyTrustEx
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
WinVerifyTrust

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

ws2_32

WSAAddressToStringA
inet_ntoa
WSAGetLastError
InetPtonW
WSAStartup
ntohl

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToGuid
GetIpAddrTable
GetIpForwardTable

ole32

CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocString

fwpuclnt

FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmFilterDestroyEnumHandle0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmFilterDeleteById0
FwpmGetAppIdFromFileName0
FwpmTransactionAbort0
FwpmFilterAdd0
FwpmEngineClose0
FwpmFilterEnum0
FwpmFilterCreateEnumHandle0
FwpmTransactionCommit0
FwpmFreeMemory0

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 715KB - Virtual size: 715KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44.1MB - Virtual size: 44.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e3f40a82fc13460b8f3e7de84c0289eb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:38:8d:20:03:57:ff:e0:81:a9:80:c7:9f:a5:9e:1fCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

03:aa:f4:1f:64:b5:40:9e:9e:3d:ab:cd:d9:28:53:5e:73:c4:e5:db:cb:ea:7b:68:53:7a:78:f8:d8:9e:48:08Signer

Signature Validations

Verification

13/04/2023, 18:10 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

crypt32

shlwapi

fltlib

winhttp

kernel32

user32

advapi32

shell32

ntdll

wintrust

wtsapi32

ws2_32

iphlpapi

ole32

oleaut32

fwpuclnt

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 715KB - Virtual size: 715KB

.data Size: 25KB - Virtual size: 47KB

.pdata Size: 99KB - Virtual size: 99KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 44.1MB - Virtual size: 44.1MB

.reloc Size: 8KB - Virtual size: 8KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:38:8d:20:03:57:ff:e0:81:a9:80:c7:9f:a5:9e:1f
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

03:aa:f4:1f:64:b5:40:9e:9e:3d:ab:cd:d9:28:53:5e:73:c4:e5:db:cb:ea:7b:68:53:7a:78:f8:d8:9e:48:08
Signer

13/04/2023, 18:10
Valid: true

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 715KB - Virtual size: 715KB

.data
Size: 25KB - Virtual size: 47KB

.pdata
Size: 99KB - Virtual size: 99KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 44.1MB - Virtual size: 44.1MB

.reloc
Size: 8KB - Virtual size: 8KB