112[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

112.zip
Size

60KB
MD5

4e770bd47a249237b60228e6a1a0b833
SHA1

3456fd065c2a9ad033b07ffefc1781c2bf08741d
SHA256

11db10ae8e49e84e0ecb33272b8ac13e0fcdce079ee02a54c4839d8556dc3708
SHA512

9e1bb5999ac118a57b4c37b61f36c04f0c7df1a5af2fdfde888729acdf7c9767ebbfebbbde8950cd16b93e158935b13ae79f35c29a44ae3149488f7090589357
SSDEEP

768:MZ1s4EZ/xpUXqkHi+b5cBcCXxfOcZfQvzm3XPy47lb5V6wTEEWeWSW2Z31wter8:MZ+FZZ+XqmbyNNOqXPy4ZbGA731vr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dianzifapiao

Files

112.zip
.zip
dianzifapiao
.exe windows x86

07f8cca150b9fc38860324636ce49342

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord554
ord529
ord366
ord825
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord924
ord537
ord922
ord535
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord3059
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord6822
ord6597
ord6800
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord6614
ord6691
ord4432
ord6478
ord6514
ord5260
ord4720
ord6805
ord3499
ord2515
ord355
ord1576
ord2390
ord2723
ord4242
ord1842
ord6117
ord823
ord1168

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
exit
__CxxFrameHandler
_setmbcp
__getmainargs

kernel32

GetProcAddress
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
LoadLibraryA

user32

UpdateWindow
EnableWindow

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlversion2.dll
.dll windows x86

68c3f90d54b2cf6b91865a5469b4b009

Code Sign

02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9
Certificate

Issuer

CN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

Not Before

27/11/2021, 05:19

Not After

31/12/2023, 16:00

Subject

CN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9
Certificate

Issuer

CN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

Not Before

27/11/2021, 05:19

Not After

31/12/2023, 16:00

Subject

CN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

46:c7:83:d2:46:cf:6a:4d:9d:cb:bc:76:36:44:2b:48:36:5c:6b:18:1a:ee:32:87:41:69:6b:b2:f9:21:da:5e
Signer

Actual PE Digest

46:c7:83:d2:46:cf:6a:4d:9d:cb:bc:76:36:44:2b:48:36:5c:6b:18:1a:ee:32:87:41:69:6b:b2:f9:21:da:5e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

26/04/2023, 11:41
Valid: false

1a:d7:73:3c:7d:65:b7:d4:75:3a:02:9e:a4:d8:fd:07:28:0d:86:41
Signer

Actual PE Digest

1a:d7:73:3c:7d:65:b7:d4:75:3a:02:9e:a4:d8:fd:07:28:0d:86:41

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

26/04/2023, 11:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
CloseHandle
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
CreateFileW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
IsDebuggerPresent
MultiByteToWideChar
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
WideCharToMultiByte
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
LCMapStringW
HeapSize
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType

advapi32

SetTokenInformation
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetLengthSid

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Exports

Exports

Mark_3D_verison
SQL_verify

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07f8cca150b9fc38860324636ce49342

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

wininet

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 996B

.rsrc Size: 12KB - Virtual size: 8KB

68c3f90d54b2cf6b91865a5469b4b009

Code Sign

02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9Certificate

02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9Certificate

46:c7:83:d2:46:cf:6a:4d:9d:cb:bc:76:36:44:2b:48:36:5c:6b:18:1a:ee:32:87:41:69:6b:b2:f9:21:da:5eSigner

Signature Validations

Verification

26/04/2023, 11:41 Valid: false

1a:d7:73:3c:7d:65:b7:d4:75:3a:02:9e:a4:d8:fd:07:28:0d:86:41Signer

Signature Validations

Verification

26/04/2023, 11:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 996B

.rsrc
Size: 12KB - Virtual size: 8KB

02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9
Certificate

02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9
Certificate

46:c7:83:d2:46:cf:6a:4d:9d:cb:bc:76:36:44:2b:48:36:5c:6b:18:1a:ee:32:87:41:69:6b:b2:f9:21:da:5e
Signer

26/04/2023, 11:41
Valid: false

1a:d7:73:3c:7d:65:b7:d4:75:3a:02:9e:a4:d8:fd:07:28:0d:86:41
Signer

26/04/2023, 11:41
Valid: false

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB