malwarebytes[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

malwarebytes.zip
Size

366.9MB
MD5

43559a9f8d70ae9223e13d4d0734c59b
SHA1

2bf98d479c5119c77e9b26030f08aeacc7d70879
SHA256

8165eebaf2eae1704b1bed0062b81e872bf2ef4d11e7cec1c2ca8d994227920d
SHA512

8634ba58edba5e79dc6deb698bf6916d159e2b5dbb1d8aacd2c95e9aae196d9bf56ec4b588f69d0188d6e4c336508de5139b2e9e4bf817946f324ee26838e173
SSDEEP

6291456:XhpIbT6AhS7Pt+otSrzGy/eExCOoI1EmRCas+5UNZkGJTDiDQczle7hFKp3rRy0:XaSZLErzGy/eiCDQRCabSNZHJTDiDQcV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Malwarebytes.Premium.v4.5.29.RePack.by.xetrin.exe

Files

malwarebytes.zip
.zip
Malwarebytes.Premium.v4.5.29.RePack.by.xetrin.exe
.exe windows x86

ea498fe198e91fc6fa5f09d6bb3dad3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
Setup/malwarebytes_setup_offline.exe
.exe windows x86

bc8fbef8c5110b03981bd53fcee487a5

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:0a:b5:c6:e7:d7:19:6c:d6:24:06:00:00:00:00:0a:b5
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 01,O=Microsoft Corporation,C=US

Not Before

17/05/2023, 16:07

Not After

20/05/2023, 16:07

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:0a:b5:c6:e7:d7:19:6c:d6:24:06:00:00:00:00:0a:b5
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 01,O=Microsoft Corporation,C=US

Not Before

17/05/2023, 16:07

Not After

20/05/2023, 16:07

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:06:4a:1a:fa:cf:05:61:6a:74:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS EOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7e
Signer

Actual PE Digest

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7e

Digest Algorithm

sha256

PE Digest Matches

true

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7e
Signer

Actual PE Digest

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
GetCurrentProcess
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
CreateFileW
DeviceIoControl
CloseHandle
GetCurrentThreadId
SetLastError
LockResource
FindResourceExW
Sleep
GlobalFree
LocalFree
FormatMessageW
LocalAlloc
CallNamedPipeW
GetWindowsDirectoryW
GetModuleHandleW
GetCommandLineW
DecodePointer
CreateMutexW
GetNativeSystemInfo
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
CreateProcessW
FindNextFileW
GlobalAlloc
GlobalLock
SetThreadUILanguage
LoadLibraryW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
OpenProcess
ResumeThread
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
GetCurrentDirectoryW
GetCurrentProcessId
OutputDebugStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeLibrary
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetCurrentDirectoryW
MulDiv
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
DeleteFileW
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
RemoveDirectoryW
AreFileApisANSI
CopyFileW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
TryEnterCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitProcess
GetModuleHandleExW
ExitThread
GetStdHandle
WriteFile
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage

dwmapi

DwmGetWindowAttribute

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate
UuidToStringA
RpcStringFreeA

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 307.0MB - Virtual size: 307.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/malwarebytes_setup_offline.md5
Silent Installing.cmd
.cmd .vbs

Sharing

General

Malware Config

Signatures

Files

ea498fe198e91fc6fa5f09d6bb3dad3a

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 93KB - Virtual size: 93KB

.itext Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 149KB - Virtual size: 149KB

bc8fbef8c5110b03981bd53fcee487a5

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2Certificate

Extended Key Usages

Key Usages

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:0a:b5:c6:e7:d7:19:6c:d6:24:06:00:00:00:00:0a:b5Certificate

Extended Key Usages

Key Usages

33:00:00:0a:b5:c6:e7:d7:19:6c:d6:24:06:00:00:00:00:0a:b5Certificate

Extended Key Usages

Key Usages

33:00:00:00:06:4a:1a:fa:cf:05:61:6a:74:00:00:00:00:00:06Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7eSigner

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dwmapi

crypt32

rpcrt4

Sections

.text Size: 707KB - Virtual size: 707KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 17KB - Virtual size: 23KB

.rsrc Size: 307.0MB - Virtual size: 307.0MB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 149KB - Virtual size: 149KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:0a:b5:c6:e7:d7:19:6c:d6:24:06:00:00:00:00:0a:b5
Certificate

33:00:00:0a:b5:c6:e7:d7:19:6c:d6:24:06:00:00:00:00:0a:b5
Certificate

33:00:00:00:06:4a:1a:fa:cf:05:61:6a:74:00:00:00:00:00:06
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7e
Signer

d8:1e:2b:2a:a4:f3:b0:e8:c7:a3:38:ad:f8:66:c5:1f:cc:f7:a8:97:13:20:bf:67:2b:a3:af:21:8d:e0:a5:7e
Signer

.text
Size: 707KB - Virtual size: 707KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 17KB - Virtual size: 23KB

.rsrc
Size: 307.0MB - Virtual size: 307.0MB

.reloc
Size: 41KB - Virtual size: 41KB