XDR_ResponseApp_CollectFile_ID00001282_20230601T111303Z[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

XDR_ResponseApp_CollectFile_ID00001282_20230601T111303Z.7z
Size

100KB
MD5

59266bbf86c4eef070ef277eec64ac9d
SHA1

f1f53a3ea244e43c092a2a7727e4604925c619f1
SHA256

e8b3bc7e17f0375a9915637702ae18aa89646a0ed350b506d8ee162e30bed363
SHA512

8e5fb0fb1189cf863f482fc9ec26a5bc08b746d84bd725a41d5c9210b53bdf25c1edceb1222356cdfa2f92a1d093b0e66ca979e20a43add9cdb69f6fc54cd061
SSDEEP

3072:ImObRZ2+xm0y3OiqRVfcNV0rNyVBZXuPccjPzN:ImE03OiqXc4RyVXuk0R

Score

1^/10

Malware Config

Signatures

Files

XDR_ResponseApp_CollectFile_ID00001282_20230601T111303Z.7z
.zip

Password: s18fbcpt
APV-03.exe
.exe windows x64

Password: s18fbcpt

4b8848f5857917cdf7a7d1f20d5049ac

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:25

Not After

01/09/2022, 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:5b:d6:e1:49:fe:e0:30:57:cc:cc:f6:d7:cd:eb:7d:f2:09:0b:bd:33:0a:70:a1:7d:a6:e5:3a:94:20:31:e8
Signer

Actual PE Digest

6c:5b:d6:e1:49:fe:e0:30:57:cc:cc:f6:d7:cd:eb:7d:f2:09:0b:bd:33:0a:70:a1:7d:a6:e5:3a:94:20:31:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegNotifyChangeKeyValue
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegEnumValueA
RegOpenKeyA

kernel32

LocalSize
LocalFree
Sleep
GetCurrentProcessId
LocalUnlock
GetThreadLocale
CloseHandle
SetFilePointer
LoadLibraryA
GetProcAddress
WideCharToMultiByte
lstrcmpiA
WriteFile
WaitForMultipleObjects
CreateFileA
MultiByteToWideChar
lstrlenA
FreeLibrary
GetCurrentThreadId
CreateThread
LocalAlloc
LocalLock
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
CreateEventA
WaitForSingleObject
SetEvent
GetLastError
GetModuleFileNameA

gdi32

GetObjectA
SetStretchBltMode
StretchBlt
Pie
GetTextExtentPoint32A
CreateSolidBrush
CreateFontA
CreateCompatibleDC
BitBlt
DPtoLP
PatBlt
GetDeviceCaps
CreatePen

user32

InflateRect
ReleaseDC
GetDC
PtInRect
IntersectRect
DrawFocusRect
ScreenToClient
GetCursorPos
EnableMenuItem
LoadMenuA
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
RegisterClipboardFormatA
GetDoubleClickTime
EnableWindow
GetDlgItem
OffsetRect
UnionRect
GetDesktopWindow
KillTimer
SetTimer
CallWindowProcA
SystemParametersInfoA
SetRect
GetSubMenu
CheckMenuItem
GetMenu
GetMonitorInfoA
TranslateMessage
LoadCursorA
SetWindowLongPtrA
GetWindowLongPtrA
FillRect
ShowCursor
GetWindowRect
GetClientRect
SetDlgItemTextA
DispatchMessageA
PeekMessageA
SendMessageA
SetRectEmpty
LoadBitmapA
SetWindowPos
SetFocus
UpdateWindow
SetForegroundWindow
BeginPaint
EndPaint
PostMessageA
InvalidateRect
LoadIconA
IsDlgButtonChecked
GetMenuItemCount
AppendMenuA
RemoveMenu
MapDialogRect
WinHelpA
MessageBeep
MessageBoxA
MonitorFromRect
ShowWindow
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
WaitMessage

mfc42

ord1595
ord4609
ord2677
ord4752
ord832
ord2436
ord2037
ord4552
ord2601
ord3761
ord4138
ord2865
ord1267
ord1263
ord4592
ord5716
ord5236
ord999
ord5593
ord5594
ord5592
ord5313
ord5123
ord5391
ord5361
ord4708
ord551
ord3878
ord4869
ord2988
ord4593
ord4788
ord2073
ord5091
ord4796
ord1711
ord5717
ord1003
ord5974
ord1369
ord2932
ord3640
ord2137
ord560
ord3880
ord4750
ord822
ord2598
ord2101
ord3753
ord1883
ord4568
ord4575
ord626
ord4483
ord1040
ord3840
ord5811
ord6827
ord5822
ord6838
ord1469
ord2135
ord2885
ord2422
ord2529
ord1505
ord6768
ord1478
ord2912
ord1690
ord2688
ord6620
ord4134
ord622
ord1122
ord1287
ord852
ord6594
ord1506
ord372
ord2530
ord3662
ord620
ord624
ord1124
ord4381
ord3173
ord4087
ord4093
ord4092
ord3055
ord3175
ord3061
ord3375
ord3240
ord4824
ord3371
ord3252
ord3058
ord351
ord6472
ord3291
ord3611
ord4741
ord5222
ord4775
ord5995
ord3263
ord5901
ord1765
ord6087
ord5672
ord863
ord2559
ord2525
ord6775
ord3155
ord3149
ord5072
ord4993
ord4782
ord1835
ord4571
ord4983
ord4984
ord2857
ord1585
ord286
ord3800
ord2441
ord3752
ord303
ord6137
ord4679
ord310
ord826
ord3830
ord2463
ord1663
ord6697
ord2607
ord4554
ord2915
ord5706
ord2154
ord2471
ord5493
ord6820
ord2074
ord2682
ord4798
ord5238
ord4027
ord5719
ord4703
ord6818
ord5595
ord2407
ord2413
ord4761
ord1792
ord4375
ord4997
ord6448
ord2552
ord4415
ord4888
ord4890
ord4908
ord4910
ord4895
ord5099
ord4699
ord4691
ord5306
ord4955
ord3942
ord4789
ord5689
ord5669
ord4822
ord4868
ord594
ord6533
ord3950
ord3168
ord1023
ord1747
ord5293
ord5375
ord5378
ord5177
ord1447
ord4338
ord485
ord5872
ord963
ord1935
ord6642
ord4596
ord6223
ord1126
ord4532
ord2425
ord2793
ord2890
ord2907
ord1578
ord1660
ord3872
ord3793
ord3750
ord1659
ord336
ord6138
ord6519
ord2752
ord4631
ord4452
ord851
ord6134
ord6886
ord2343
ord4779
ord665
ord5690
ord1749
ord6358
ord3943
ord5670
ord3544
ord3771
ord337
ord5086
ord5415
ord5254
ord4730
ord5709
ord4780
ord1791
ord6445
ord5694
ord3815
ord2604
ord4553
ord2038
ord2439
ord6807
ord1787
ord911
ord4755
ord4567
ord6025
ord3186
ord6622
ord2673
ord4558
ord4633
ord6109
ord6640
ord339
ord2108
ord4979
ord4981
ord4985
ord4008
ord3467
ord4992
ord3493
ord6335
ord3500
ord5718
ord5737
ord4378
ord5729
ord3477
ord2426
ord3926
ord659
ord4482
ord2665
ord6327
ord5880
ord1341
ord5624
ord1392
ord4201
ord6078
ord2527
ord2571
ord4845
ord6819
ord2764
ord6060
ord5074
ord5731
ord1063
ord4484
ord3201
ord4543
ord2224
ord2225
ord4221
ord6077
ord2016
ord5071
ord4781
ord3898
ord598
ord1027
ord1344
ord5952
ord3287
ord3601
ord6325
ord1512
ord1527
ord4608
ord4354
ord2577
ord387
ord4471
ord2928
ord2929
ord3545
ord5846
ord1320
ord2656
ord1687
ord2683
ord5429
ord3490
ord4643
ord4826
ord890
ord4374
ord4783
ord5533
ord5530
ord3150
ord5711
ord2419
ord2762
ord5681
ord4793
ord5666
ord4815
ord4768
ord5102
ord1729
ord2655
ord2418
ord4432
ord5845
ord4355
ord2469
ord4714
ord5708
ord5677
ord5663
ord2547
ord6812
ord6564
ord613
ord2147
ord6386
ord6465
ord1036
ord647
ord2150
ord4468
ord6260
ord1053
ord3772
ord340
ord2109
ord853
ord1733
ord5511
ord6446
ord650
ord2152
ord1390
ord1852

msvcrt

_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_vsnwprintf
_itoa
rand
qsort
strstr
printf
memcpy
swscanf
_ltow
_vsnprintf
_strnicmp
towupper
_purecall
memset
__CxxFrameHandler3
_CxxThrowException
_stricmp
_setmbcp

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
GetRunningObjectTable
CLSIDFromString
StringFromGUID2
CoCreateInstance
StgOpenStorage
StgCreateDocfile
CreateBindCtx
MkParseDisplayName
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit

comdlg32

CommDlgExtendedError
GetOpenFileNameA

comctl32

ord17
ImageList_Create
ImageList_ReplaceIcon

shell32

ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

quartz

AMGetErrorTextA

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: s18fbcpt

Password: s18fbcpt

4b8848f5857917cdf7a7d1f20d5049ac

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

6c:5b:d6:e1:49:fe:e0:30:57:cc:cc:f6:d7:cd:eb:7d:f2:09:0b:bd:33:0a:70:a1:7d:a6:e5:3a:94:20:31:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42

msvcrt

ole32

oleaut32

comdlg32

comctl32

shell32

version

quartz

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 8KB - Virtual size: 26KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 44KB - Virtual size: 40KB

.reloc Size: 8KB - Virtual size: 4KB

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

6c:5b:d6:e1:49:fe:e0:30:57:cc:cc:f6:d7:cd:eb:7d:f2:09:0b:bd:33:0a:70:a1:7d:a6:e5:3a:94:20:31:e8
Signer

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 8KB - Virtual size: 26KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 44KB - Virtual size: 40KB

.reloc
Size: 8KB - Virtual size: 4KB