logMeIn[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

logMeIn.zip.zip
Size

238KB
MD5

5d313649d114b8d9c8aa5eb8e70098d5
SHA1

ed7be0a4c2caf8fa4a6482dab6d58e61393b20cc
SHA256

9dde3eee0c1559682d1bf68c522e7596b783735402dba025728f82bc9a7ca919
SHA512

d0a6160b6a939cab4ac7b1a648aeb059b766886d28d83e4b94d35d6c35382760543f19014bcb262a4897db15a7ef247ec768c3d0ee9d994e6f69ed1a1fcd5b48
SSDEEP

6144:TQ90qPxlIXqpsvssSayksDQgcKWxHmfWDrlOv0zITR:k9fYXhvVtgcfUfWPtId

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/logMeIn/script/DonwloadAndRun.exe

Files

logMeIn.zip.zip
.zip

Password: infected
logMeIn.zip
.zip
logMeIn/checksum
logMeIn/images/icon-logmein-disabled.png
.png
logMeIn/images/icon-logmein.png
.png
logMeIn/images/integration-logmein-logo.png
.png
logMeIn/jsp/generatePinCode.jsp
.js
logMeIn/jsp/sendPinCodeViaAgent.jsp
.js
logMeIn/lib/logMeIn-22.4.45.jar
.jar
logMeIn/logMeInAddonLicense.xml
.xml
logMeIn/metadata.json
logMeIn/ondemand_metadata.json
logMeIn/script/DonwloadAndRun.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logMeIn/script/PsExec.exe
.exe windows x86

7d320143a97f5ff2b2c22306359754be

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fc
Signer

Actual PE Digest

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/04/2014, 21:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

SetConsoleTitleW
DuplicateHandle
GetCurrentProcessId
TransactNamedPipe
SetNamedPipeHandleState
SetConsoleCtrlHandler
CreateEventW
GetExitCodeProcess
ResumeThread
SetProcessAffinityMask
GetEnvironmentVariableW
WaitForMultipleObjects
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
CopyFileW
SetFileAttributesW
WaitNamedPipeW
GetFileTime
ReadConsoleW
GetFileAttributesW
DisconnectNamedPipe
SetEvent
ConnectNamedPipe
GetModuleFileNameW
GetVersion
GetCurrentProcess
MultiByteToWideChar
GetComputerNameW
GetSystemDirectoryW
DeleteFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetConsoleScreenBufferInfo
LoadLibraryExW
FormatMessageA
GetStdHandle
FreeLibrary
SetEnvironmentVariableA
CreateFileW
GetTickCount
Sleep
SetLastError
GetCurrentThread
GetLastError
WaitForSingleObject
CloseHandle
GetCommandLineW
LocalAlloc
GetModuleHandleW
WriteFile
ReadFile
LocalFree
SetPriorityClass
LoadLibraryW
GetProcAddress
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetFullPathNameW
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
RtlUnwind
CreateFileA
FlushFileBuffers
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringA

user32

LoadCursorW
SetCursor
SetWindowTextW
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
InflateRect

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

CryptDestroyKey
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
LogonUserW
ImpersonateLoggedOnUser
RegConnectRegistryW
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptAcquireContextW
CryptReleaseContext
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
SetTokenInformation
GetSecurityInfo
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
SetSecurityInfo
FreeSid
LsaOpenPolicy
LsaEnumerateAccountRights
LookupPrivilegeValueW
LsaFreeMemory
LsaClose

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
logMeIn/text/addon_text.properties

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

7d320143a97f5ff2b2c22306359754be

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fcSigner

Signature Validations

Verification

28/04/2014, 21:45 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

netapi32

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 182KB

.rsrc Size: 187KB - Virtual size: 186KB

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fc
Signer

28/04/2014, 21:45
Valid: false

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 182KB

.rsrc
Size: 187KB - Virtual size: 186KB