DCM02_2023-05-21_09_20_01[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

DCM02_2023-05-21_09_20_01.zip
Size

149KB
MD5

823e099b96625d0e91556e65bf4397b2
SHA1

a7b2ac4d251912aeecf568753a342b3c04b83936
SHA256

54eefe8aee9b98d3a0a619408f91755b0e41a3b137a2a2e8a8800c76393e4397
SHA512

2cc01e7e40c527d21161d1ea9937623b8057fcb4a2a3994ba2950c44caa19fd8f9cda2760815d38c12153cf868314860d7ee05862749ca49fe564914f32a9b09
SSDEEP

3072:prhhe57qgsIyCowc072ui/PEJUzNNlyX0bSWATHZJPnTBe9+H:NhTCc07Y/XvlyX0bSWAnPTBl

Score

1^/10

Malware Config

Signatures

Files

DCM02_2023-05-21_09_20_01.zip
.zip

Password: Sachin@123
Device/HarddiskVolume4/Windows/system32/wininit.exe
.exe windows x64

Password: Sachin@123

c8d526c4e61942e1b11ae4b7ee2dde5d

Code Sign

33:00:00:01:6b:5a:f7:a2:a5:71:41:58:27:00:00:00:00:01:6b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/07/2017, 17:49

Not After

10/07/2018, 17:49

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:32:bd:d6:42:5e:86:dc:e4:f5:44:f8:ce:3f:ef:72:60:34:93:8a:e9:5b:d2:96:a3:6c:13:99:c6:fd:de:eb
Signer

Actual PE Digest

d1:32:bd:d6:42:5e:86:dc:e4:f5:44:f8:ce:3f:ef:72:60:34:93:8a:e9:5b:d2:96:a3:6c:13:99:c6:fd:de:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
memcpy
_o_exit
_o_memset
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
strchr
wcsstr
_o__cexit
_o__exit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___p__commode
_o__wcsupr
memmove
wcschr
wcsrchr
memcmp

ntdll

NtPowerInformation
EtwEventActivityIdControl
EtwEventWriteStartScenario
RtlEnterCriticalSection
RtlGetActiveConsoleId
RtlLeaveCriticalSection
RtlPublishWnfStateData
RtlCompareUnicodeString
NtEnumerateBootEntries
RtlAllocateAndInitializeSid
RtlInitializeCriticalSection
NtQueryInformationToken
NtPrivilegeObjectAuditAlarm
NtCreatePort
NtReplyPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtAcceptConnectPort
RtlSubscribeWnfStateChangeNotification
NtDeleteWnfStateName
NtCreateWnfStateName
RtlUnsubscribeWnfNotificationWaitForCompletion
NtAllocateLocallyUniqueId
RtlUnhandledExceptionFilter
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlLengthSid
NtAdjustPrivilegesToken
NtOpenEvent
ZwQuerySystemInformation
RtlAppendUnicodeToString
RtlFreeUnicodeString
RtlGetCurrentDirectory_U
RtlInitUnicodeStringEx
ZwClose
ZwDeviceIoControlFile
ZwCreateFile
ZwOpenFile
RtlAppendUnicodeStringToString
RtlWriteRegistryValue
ZwUnloadDriver
ZwLoadDriver
ZwCreateKey
ZwDeleteKey
ZwOpenKey
NtPrivilegeCheck
NtOpenThreadToken
RtlIsMultiSessionSku
RtlQueryEnvironmentVariable_U
NtOpenProcessToken
NtShutdownSystem
NtSetThreadExecutionState
CsrClientCallServer
RtlDeregisterWaitEx
NtQueryInformationProcess
RtlDestroyEnvironment
RtlGetCurrentServiceSessionId
NtSetValueKey
NtCreateKey
RtlRegisterWait
NtClose
NtCreateUserProcess
RtlSetEnvironmentVariable
RtlCreateProcessParametersEx
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateEvent
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
EtwEventEnabled
EtwEventWrite
NtQuerySystemInformation
NtSetInformationProcess
RtlSetThreadIsCritical
RtlSetProcessIsCritical
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventRegister
RtlCreateEnvironment
RtlAdjustPrivilege
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
WinSqmIsOptedIn
WinSqmAddToStream
NtSystemDebugControl
RtlCaptureContext
NtQueryDirectoryObject
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGUIDFromString
RtlStringFromGUID
ZwQueryAttributesFile
ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenMutant
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
ZwLoadKey
RtlAddAccessAllowedAceEx
ZwDeleteValueKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
LdrGetProcedureAddress
LdrGetDllHandle
RtlInitAnsiString
ZwAllocateUuids
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
RtlCompareMemory
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtOpenFile
NtQueryValueKey
NtQueryBootEntryOrder
NtTranslateFilePath
NtOpenDirectoryObject
RtlRemovePrivileges

api-ms-win-core-heap-l1-2-0

HeapCreate
HeapSetInformation
HeapFree
GetProcessHeap
HeapDestroy
HeapAlloc

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
Sleep
WaitForSingleObjectEx
ResetEvent
SleepEx
WaitForMultipleObjectsEx
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyA
RegDeleteValueW
RegDeleteTreeW
RegQueryValueExA

api-ms-win-core-processthreads-l1-1-2

CreateProcessW
DeleteProcThreadAttributeList
CreateThread
SetPriorityClass
GetCurrentProcess
SetThreadPriority
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
CreateRemoteThread
ResumeThread
OpenProcess
OpenProcessToken
GetStartupInfoW
GetExitCodeProcess
IsProcessorFeaturePresent
CreateProcessAsUserW
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetComputerNameExW
GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
GetWindowsDirectoryW

api-ms-win-core-file-l1-2-1

GetDriveTypeW
DeleteFileW
GetTempPathW
GetShortPathNameW
CreateDirectoryW
CreateFileW
ReadFile
GetFileAttributesW
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
FindFirstFileW
FindClose

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-security-base-l1-2-0

DuplicateTokenEx
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
RevertToSelf
ImpersonateLoggedOnUser
EqualSid
SetTokenInformation
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetFileSecurityW

rpcrt4

RpcRevertToSelf
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcBindingToStringBindingW
RpcStringBindingParseW
Ndr64AsyncServerCallAll
NdrAsyncServerCall
RpcServerTestCancel
I_RpcBindingIsClientLocal
RpcAsyncAbortCall
Ndr64AsyncClientCall
RpcBindingUnbind
RpcBindingCopy
RpcAsyncCompleteCall
RpcBindingBind
RpcAsyncInitializeHandle
RpcBindingCreateW
NdrClientCall3
RpcMgmtIsServerListening
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrServerCall2
RpcServerInqCallAttributesW
NdrServerCallAll
RpcAsyncCancelCall
RpcImpersonateClient
RpcStringFreeW
RpcServerRegisterIf3
RpcBindingFree
RpcBindingServerFromClient
RpcExceptionFilter
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerInqDefaultPrincNameW
RpcEpRegisterW
UuidFromStringW
RpcServerInqBindings
RpcServerRegisterAuthInfoW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-datetime-l1-1-1

GetTimeFormatW
GetDateFormatW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetProcAddress
LoadResource
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExA
FreeLibrary
FindResourceExW
LoadLibraryExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-1

WTSGetActiveConsoleSessionId

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

profapi

ord102
ord101
ord104

kernelbase

WTSGetServiceSessionId

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-crt-string-l1-1-0

strncmp
wcsnlen
wcscmp

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Sachin@123

Password: Sachin@123

c8d526c4e61942e1b11ae4b7ee2dde5d

Code Sign

33:00:00:01:6b:5a:f7:a2:a5:71:41:58:27:00:00:00:00:01:6bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

d1:32:bd:d6:42:5e:86:dc:e4:f5:44:f8:ce:3f:ef:72:60:34:93:8a:e9:5b:d2:96:a3:6c:13:99:c6:fd:de:ebSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-heap-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-security-base-l1-2-0

rpcrt4

api-ms-win-core-heap-l2-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

profapi

kernelbase

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 194KB - Virtual size: 194KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 464B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:01:6b:5a:f7:a2:a5:71:41:58:27:00:00:00:00:01:6b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d1:32:bd:d6:42:5e:86:dc:e4:f5:44:f8:ce:3f:ef:72:60:34:93:8a:e9:5b:d2:96:a3:6c:13:99:c6:fd:de:eb
Signer

.text
Size: 194KB - Virtual size: 194KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 464B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB