files[.]rar | Triage

Resubmissions

23/04/2023, 12:04

230423-n813jsdb87 7

Sharing

Copy URL Twitter E-mail

General

Target

files.rar
Size

187KB
MD5

aa4d30aacbd4d31862a3799c42613c38
SHA1

ee00e3cb177df31a00eee9251cd06e32a4f4ebf6
SHA256

ff257ea733708420ccb5cd875de0690638a2b41973d6c77d5eda8923a5384e48
SHA512

50826f3b0860646324ec1b6424dc00c983e3019c625f6f161bc54c33f3b944bf423b9d93233d23e7a944cec6681efa11142036031a15ab07ec9695d2f8e372cf
SSDEEP

3072:BA3g4Gvfn5+rw/pKuKI1Zjy84F2OWvIBDMofc8N4SIF217i+YRg:izwpKuKSZjX4Ipw1fbyF2FYRg

Score

1^/10

Malware Config

Signatures

Files

files.rar
.rar
MicrosoftServices.exe
.exe windows x86

2869678fcc1755969994fa450400ba7e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:1f:26:5b:2b:56:8e:97:e0:8f:18:f9:10:a8:a6:fb:58:d2:f4:1c
Signer

Actual PE Digest

a8:1f:26:5b:2b:56:8e:97:e0:8f:18:f9:10:a8:a6:fb:58:d2:f4:1c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2010, 04:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
_crt_debugger_hook
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_setmbcp
_ismbblead
abort
_expand
_msize
_mbschr
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
isdigit
isspace
_strdup
_splitpath_s
_makepath_s
malloc
free
_wcsicmp
_stricmp
strncpy_s
memmove
wcschr
_vsnprintf
memcpy
__CxxFrameHandler3
wcsncpy_s
??3@YAXPAX@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memset
_vsnwprintf
?_type_info_dtor_internal_method@type_info@@QAEXXZ

shell32

SHGetFolderPathA

ole32

OleLoad
GetClassFile
OleCreateLinkToFile
OleSetContainedObject
StgOpenStorageOnILockBytes
StgIsStorageILockBytes
CoBuildVersion
CoRegisterClassObject
CoRevokeClassObject
OleSave
ReadClassStg

kernel32

LoadLibraryExW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetFileAttributesW
GetVersion
lstrlenA
GetProcessHeap
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
FreeLibrary
GetSystemDefaultLCID
WriteFile
WideCharToMultiByte
GetCurrentProcessId
CloseHandle
MultiByteToWideChar
GetACP
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount
IsDBCSLeadByte
lstrlenW
RaiseException
GetSystemTime
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
lstrcmpiA
GetFileAttributesA
GetFileTime
DeleteFileA
GetTempPathA
ReadFile
SetCurrentDirectoryA
GetCurrentDirectoryA
CompareFileTime
WaitForSingleObject
IsBadReadPtr
GetProfileStringA
GetCurrentThreadId
FreeResource
LockResource
LoadResource
FindResourceW
GlobalAddAtomA
GetCurrentThread
TlsSetValue
SizeofResource
TlsGetValue
LocalAlloc
LocalFree
FindResourceA
TlsAlloc
lstrcmpA
lstrcmpW
VirtualProtect
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

GetMessageTime
CallWindowProcA
DefWindowProcA
IsWindowUnicode
GetWindowLongA
IsDialogMessageA
IsDialogMessageW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetWindowLongW
SetWindowLongW
GetMenu
IsWindowEnabled
GetLastActivePopup
GetForegroundWindow
RegisterClassA
CreateWindowExW
GetDlgCtrlID
GetTopWindow
AdjustWindowRectEx
GetClassInfoA
GetClassInfoW
RemovePropA
GetPropA
SetPropA
SetWindowsHookExA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetNextDlgTabItem
GetCursorPos
ValidateRect
GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
TranslateAcceleratorA
GetDesktopWindow
BringWindowToTop
IsWindowVisible
LoadAcceleratorsA
DestroyMenu
LoadMenuA
WinHelpA
SetMenu
EndDialog
TabbedTextOutA
DrawTextA
GrayStringA
DrawTextW
GetMessagePos
ModifyMenuW
TabbedTextOutW
GetClassNameA
UnregisterClassA
UnregisterClassW
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetAsyncKeyState
SendDlgItemMessageA
DrawFocusRect
DrawIcon
CharPrevA
DestroyWindow
IsCharAlphaNumericA
CharNextA
MapDialogRect
MessageBoxW
GetSysColor
ShowWindow
LoadMenuW
GetSystemMetrics
PeekMessageA
CreateWindowExA
MessageBeep
IsWindow
SetCursor
SetForegroundWindow
GetFocus
IsIconic
ScreenToClient
SetFocus
EnableWindow
RedrawWindow
GetClientRect
MoveWindow
PostMessageA
SetRectEmpty
LoadIconA
LoadCursorA
RegisterClassW
DefWindowProcW
PostQuitMessage
LoadStringW
LoadStringA
GetDlgItem
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
SetWindowTextA
SetWindowTextW
DialogBoxIndirectParamW
GetWindow
SendMessageA
GetDC
ReleaseDC
SetWindowLongA
GetWindowThreadProcessId
GetParent
MonitorFromWindow
GetMonitorInfoA
SystemParametersInfoA
GetWindowRect
OffsetRect
SetWindowPos
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateDialogIndirectParamW

gdi32

SetTextColor
SetMapMode
GetClipBox
PtVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
RestoreDC
SaveDC
DeleteDC
PatBlt
GetTextMetricsA
CreateFontIndirectA
GetObjectA
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
RectVisible
DeleteObject
GetTextExtentPointW
ExtTextOutW
TextOutW

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OLMAPI32.dll
.dll windows x86

f2d625db1ca3c7b0cefab187e9edcce3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA

kernel32

ReadFile
WriteFile
CloseHandle
Sleep
OpenProcess
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemInfo
DeleteFileA
GetVersionExW
GetModuleHandleA
GlobalMemoryStatus
GetPrivateProfileStringW
GetComputerNameW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
FindFirstFileExW
SetEndOfFile
WriteConsoleW
CreateFileA
FindNextFileW
IsValidCodePage
GetACP
GetSystemDirectoryW
GetCPInfo
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FindClose
HeapReAlloc
DeleteFileW
FreeEnvironmentStringsW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetConsoleMode
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetOEMCP

user32

wsprintfA
LoadStringW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetUserNameA
RegQueryValueExW

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

netapi32

NetApiBufferFree
NetGetJoinInformation

shlwapi

PathFileExistsA
ord487

Exports

Exports

?GetFileVersionInfoByHandleEx@@YGHXZ
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2869678fcc1755969994fa450400ba7e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

a8:1f:26:5b:2b:56:8e:97:e0:8f:18:f9:10:a8:a6:fb:58:d2:f4:1cSigner

Signature Validations

Verification

23/03/2010, 04:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

shell32

ole32

kernel32

advapi32

user32

gdi32

Exports

Exports

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 18KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

f2d625db1ca3c7b0cefab187e9edcce3

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

netapi32

shlwapi

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 201KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 163KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

a8:1f:26:5b:2b:56:8e:97:e0:8f:18:f9:10:a8:a6:fb:58:d2:f4:1c
Signer

23/03/2010, 04:31
Valid: false

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 18KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 202KB - Virtual size: 201KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 163KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB