10154304538[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10154304538.zip
Size

5.6MB
MD5

cff3a8990292d314527251ec9e20707a
SHA1

7e3164264e7db0c4be7c86c88a0c9f44092c0b30
SHA256

e42d92ca96147e6100e7379c3a4edf22a075871c24ae4bb35a19c0eeab0f74c6
SHA512

369cafb5531a33d04ecdfb5ea4e75c42713ba8dc031ce3759f942406733d0de0a68af811e358a7932f13bb9fb8c8d76dc78c81dcea16a9e560d7628ebaf89ad8
SSDEEP

98304:2ljIARqz8QDJH1tW8nj16mWEQLUVoogaeXN+fpS+vwrM7NqOFg1JLL1NppX4bNFm:2GBVVt5ZmHzo8Mhlvwq4Xx4bNaP

Score

1^/10

Malware Config

Signatures

Files

10154304538.zip
.zip

Password: infected
4acf4b26c9292bf17eb250944837d53f4768993058a13b59057f0c9b58fe2ee6
.exe windows x64

a2a79441ebb1352ef051b0615d2a307b

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:19:17:d4:95:5f:d1:46:65:73:99:1d:d0:aa:ec:80
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

05/10/2021, 00:00

Not After

05/10/2022, 23:59

Subject

SERIALNUMBER=91110105668410720R,CN=北京东方海达网络科技有限责任公司,O=北京东方海达网络科技有限责任公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:19:17:d4:95:5f:d1:46:65:73:99:1d:d0:aa:ec:80
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

05/10/2021, 00:00

Not After

05/10/2022, 23:59

Subject

SERIALNUMBER=91110105668410720R,CN=北京东方海达网络科技有限责任公司,O=北京东方海达网络科技有限责任公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:ad:cc:16:dc:d6:95:c9:a9:a5:63:86:63:73:f6:2e:7f:8a:ee:47:27:47:1d:36:cc:79:c5:5d:1f:53:9d:a0
Signer

Actual PE Digest

46:ad:cc:16:dc:d6:95:c9:a9:a5:63:86:63:73:f6:2e:7f:8a:ee:47:27:47:1d:36:cc:79:c5:5d:1f:53:9d:a0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110105668410720R,CN=北京东方海达网络科技有限责任公司,O=北京东方海达网络科技有限责任公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

25/05/2022, 02:33
Valid: true

Chain 1

SERIALNUMBER=91110105668410720R,CN=北京东方海达网络科技有限责任公司,O=北京东方海达网络科技有限责任公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

22:91:20:df:8a:d4:a3:97:02:9f:13:b9:20:f9:28:97:ca:3d:4a:2b
Signer

Actual PE Digest

22:91:20:df:8a:d4:a3:97:02:9f:13:b9:20:f9:28:97:ca:3d:4a:2b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110105668410720R,CN=北京东方海达网络科技有限责任公司,O=北京东方海达网络科技有限责任公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

25/05/2022, 02:33
Valid: true

Chain 1

SERIALNUMBER=91110105668410720R,CN=北京东方海达网络科技有限责任公司,O=北京东方海达网络科技有限责任公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
DeleteFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
HeapQueryInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
SetFilePointerEx
GetFileInformationByHandle
CreateEventW
CreateFileW
RtlPcToFileHeader
RtlUnwindEx
GetStringTypeW
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
OutputDebugStringW
GetUserDefaultLCID
GetCPInfo
GetOEMCP
VirtualProtect
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
GetThreadLocale
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
RtlCaptureContext
FormatMessageA
MulDiv
LocalFree
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleW
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
LoadLibraryExW
GetVersionExA
GetCurrentThread
GetCurrentThreadId
FindResourceA
GlobalFree
GlobalLock
GlobalUnlock
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
GetACP
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObjectEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
MoveFileExA
FormatMessageW
SetLastError
GetEnvironmentVariableA
MultiByteToWideChar
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
Sleep
GetTickCount
QueryPerformanceCounter
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
IsWow64Process
GetLocalTime
OpenProcess
TerminateProcess
DecodePointer
ExitProcess
CreateMutexA
DeleteFileA
GetCurrentProcess
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
GetDriveTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
GetScrollPos
RedrawWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
WinHelpA
MonitorFromWindow
GetMonitorInfoA
IsIconic
SendMessageA
UnregisterClassA
BeginDeferWindowPos
ShowWindow
MoveWindow
SetTimer
EnableWindow
GetSystemMetrics
GetSystemMenu
AppendMenuA
DrawIcon
SetForegroundWindow
GetClientRect
MessageBoxA
LoadIconA
LoadIconW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostMessageA
PostQuitMessage
SetCursor
GetWindowThreadProcessId
SetWindowTextA
IsDialogMessageA
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorA
KillTimer
InvalidateRect
SetCapture
ReleaseCapture
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
GetLastActivePopup
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
GetSubMenu
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
CopyRect
DestroyMenu
GetMenuItemID
GetMenuItemCount
CharUpperA
UnhookWindowsHookEx
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
PostThreadMessageA
CharUpperBuffW

gdi32

GetObjectA
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetTextColor
SetMapMode
DeleteDC
CreateBitmap
GetDeviceCaps
DeleteObject
Escape
GetClipBox
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SetBkColor
GetStockObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptEncrypt
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFileExistsA

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
OleInitialize
OleUninitialize

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

oledlg

ord8

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
bind
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
send
recv
closesocket
accept
connect
getpeername
gethostname
ioctlsocket
htonl
freeaddrinfo
getaddrinfo
sendto
recvfrom
ntohl
listen
WSACleanup
WSAStartup
getsockname
inet_pton
WSAIoctl
setsockopt
ntohs
htons
getsockopt
WSAEventSelect

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.)6C
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.`Cp
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

."u5
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a2a79441ebb1352ef051b0615d2a307b

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

42:19:17:d4:95:5f:d1:46:65:73:99:1d:d0:aa:ec:80Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

42:19:17:d4:95:5f:d1:46:65:73:99:1d:d0:aa:ec:80Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

46:ad:cc:16:dc:d6:95:c9:a9:a5:63:86:63:73:f6:2e:7f:8a:ee:47:27:47:1d:36:cc:79:c5:5d:1f:53:9d:a0Signer

Signature Validations

Verification

25/05/2022, 02:33 Valid: true

Chain 1

22:91:20:df:8a:d4:a3:97:02:9f:13:b9:20:f9:28:97:ca:3d:4a:2bSigner

Signature Validations

Verification

25/05/2022, 02:33 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

crypt32

version

ws2_32

oleacc

Sections

.text Size: - Virtual size: 853KB

.rdata Size: - Virtual size: 256KB

.data Size: - Virtual size: 35KB

.pdata Size: - Virtual size: 44KB

_RDATA Size: - Virtual size: 252B

.)6C Size: - Virtual size: 3.5MB

.`Cp Size: 6KB - Virtual size: 5KB

."u5 Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 512B - Virtual size: 232B

.rsrc Size: 71KB - Virtual size: 80KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

42:19:17:d4:95:5f:d1:46:65:73:99:1d:d0:aa:ec:80
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

42:19:17:d4:95:5f:d1:46:65:73:99:1d:d0:aa:ec:80
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

46:ad:cc:16:dc:d6:95:c9:a9:a5:63:86:63:73:f6:2e:7f:8a:ee:47:27:47:1d:36:cc:79:c5:5d:1f:53:9d:a0
Signer

25/05/2022, 02:33
Valid: true

22:91:20:df:8a:d4:a3:97:02:9f:13:b9:20:f9:28:97:ca:3d:4a:2b
Signer

25/05/2022, 02:33
Valid: true

.text
Size: - Virtual size: 853KB

.rdata
Size: - Virtual size: 256KB

.data
Size: - Virtual size: 35KB

.pdata
Size: - Virtual size: 44KB

_RDATA
Size: - Virtual size: 252B

.)6C
Size: - Virtual size: 3.5MB

.`Cp
Size: 6KB - Virtual size: 5KB

."u5
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 512B - Virtual size: 232B

.rsrc
Size: 71KB - Virtual size: 80KB