0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839

Sharing

Copy URL

Twitter E-mail

General

Target

0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839
Size

748KB
MD5

854e5c592e93b69b8ab08dbc8a0b673f
SHA1

1615e1f0413086d0fe82e4a4756535645ddd99ea
SHA256

0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839
SHA512

91dd4df316bfedd85c92a34e8aceefd319906c5049dad431793fd535c0c69a12583febc538c16e7527a82535e7e1f46512b28d66f80aaf8338f78d4aeb95ed7d
SSDEEP

12288:Rnxlf7T53Uyy8v9lnj0Ge3Q4iaOApS5b1kPBgS4++1teAs8ryTPMJN:RrjT53Uae3ZOMS8Zx+teAs8rOPMJN

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AppvIsvSubsystems64.dll
unpack001/Mso20Win32Client.DLL

Files

0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839
.zip

Password: infected
AppvIsvSubsystems64.dll
.dll windows x64

Password: infected

1f7e28fba8cfd212cb9f1514acd63ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_mbscmp
free
malloc
realloc
wcscmp
wcslen

Exports

Exports

AppVIsvSubsystems64_1
ColorsProvStrip
DllMain
KeyCancelParam
ParamsMonitorsNumberWow64

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.hdata
Size: 193B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Mso20Win32Client.DLL
.dll windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

LoadExprSrvDll
Mso20Win32Client_1110
Mso20Win32Client_2916
Mso20Win32Client_2919
VBAGetExprSrv

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hdata
Size: 198B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
e-yazi.docx .exe
.exe windows x64

Password: infected

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:47

Not After

11-05-2023 20:47

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

Actual PE Digest

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15-05-2023 13:32
Valid: false

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

Actual PE Digest

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15-05-2023 13:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DllGetLCID

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 356B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e-yazi.pdf
.pdf

Password: infected
okxi4t.z

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1f7e28fba8cfd212cb9f1514acd63ab0

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 512B - Virtual size: 16B

.pdata Size: 1024B - Virtual size: 984B

.xdata Size: 1024B - Virtual size: 640B

.bss Size: - Virtual size: 93KB

.edata Size: 512B - Virtual size: 161B

.idata Size: 512B - Virtual size: 248B

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 12B

.hdata Size: 193B - Virtual size: 4KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 324B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 60B

.rdata Size: 1024B - Virtual size: 4KB

.hdata Size: 198B - Virtual size: 4KB

Password: infected

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8eSigner

Signature Validations

Verification

15-05-2023 13:32 Valid: false

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8eSigner

Signature Validations

Verification

15-05-2023 13:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 32B

.c2r Size: 512B - Virtual size: 356B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 160B

Password: infected

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 16B

.pdata
Size: 1024B - Virtual size: 984B

.xdata
Size: 1024B - Virtual size: 640B

.bss
Size: - Virtual size: 93KB

.edata
Size: 512B - Virtual size: 161B

.idata
Size: 512B - Virtual size: 248B

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.hdata
Size: 193B - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B

.rdata
Size: 1024B - Virtual size: 4KB

.hdata
Size: 198B - Virtual size: 4KB

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

15-05-2023 13:32
Valid: false

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

15-05-2023 13:32
Valid: false

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 32B

.c2r
Size: 512B - Virtual size: 356B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 160B