10492836420[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10492836420.zip
Size

748KB
MD5

5722b57c054ebcb897a091acfff8f803
SHA1

759a8ca1d635d4dbfee158893a81b71f03ff518d
SHA256

d5a4ffa0e6665d1ee2548d4d63e99dc73dcbd7f13ff193c8cbadb193bb14f2be
SHA512

2591f822d26a3a218fad23929a37a44040e3a7ec15930d1c5d23d3c3613cd1523ff3fa757fa8db5fb4ae63a58f695ddf6e96f882be72195ec047986e5210b950
SSDEEP

12288:kYQVuGmb7Vz3Kfv8hrwxjrTIj8axGqjfDa+mEkaPV5dgdIMM31N:lGcx6f5xjnIj5xGV+9kAOMFN

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/AppvIsvSubsystems64.dll
unpack002/Mso20Win32Client.DLL

Files

10492836420.zip
.zip

Password: infected
0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839
.zip
AppvIsvSubsystems64.dll
.dll windows x64

1f7e28fba8cfd212cb9f1514acd63ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_mbscmp
free
malloc
realloc
wcscmp
wcslen

Exports

Exports

AppVIsvSubsystems64_1
ColorsProvStrip
DllMain
KeyCancelParam
ParamsMonitorsNumberWow64

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.hdata
Size: 193B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Mso20Win32Client.DLL
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

LoadExprSrvDll
Mso20Win32Client_1110
Mso20Win32Client_2916
Mso20Win32Client_2919
VBAGetExprSrv

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hdata
Size: 198B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
e-yazi.docx .exe
.exe windows x64

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:47

Not After

11/05/2023, 20:47

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

Actual PE Digest

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

Digest Algorithm

sha256

PE Digest Matches

true

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

Actual PE Digest

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DllGetLCID

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 356B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e-yazi.pdf
.pdf
okxi4t.z

Sharing

General

Malware Config

Signatures

Files

Password: infected

1f7e28fba8cfd212cb9f1514acd63ab0

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 512B - Virtual size: 16B

.pdata Size: 1024B - Virtual size: 984B

.xdata Size: 1024B - Virtual size: 640B

.bss Size: - Virtual size: 93KB

.edata Size: 512B - Virtual size: 161B

.idata Size: 512B - Virtual size: 248B

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 12B

.hdata Size: 193B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 324B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 60B

.rdata Size: 1024B - Virtual size: 4KB

.hdata Size: 198B - Virtual size: 4KB

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8eSigner

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8eSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 32B

.c2r Size: 512B - Virtual size: 356B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 16B

.pdata
Size: 1024B - Virtual size: 984B

.xdata
Size: 1024B - Virtual size: 640B

.bss
Size: - Virtual size: 93KB

.edata
Size: 512B - Virtual size: 161B

.idata
Size: 512B - Virtual size: 248B

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.hdata
Size: 193B - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B

.rdata
Size: 1024B - Virtual size: 4KB

.hdata
Size: 198B - Virtual size: 4KB

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 32B

.c2r
Size: 512B - Virtual size: 356B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 160B