ZoomIt[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ZoomIt.exe
Size

1.1MB
MD5

6bce13c9d6bf52158dc3626aa597778e
SHA1

f7c4dd897e23af969a3f2eab8229fc0f5930d924
SHA256

ac5ae5968b0f3a066fd739752b94fb34624209abb6a0136f83a9d7ffffb07c83
SHA512

0c09adb2f35fe250dc4d0b084bf84812cd695d47030ba3a8002398aebebc67797f52eccb06ac163786cc36878ffeb6463bd98c90472318915dd74381fcae919b
SSDEEP

24576:h6KX/p/xWw5EQ/mR/yO0Inq+ZGBv9lcmOUd9b8j:h6Ep/xWwaDWki9vOI9b8

Score

1^/10

Malware Config

Signatures

Files

ZoomIt.exe
.exe windows x86

4756e7357e2a6f03dab2ad8e2ddfdae1

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:06:d6:0a:44:8c:34:15:ab:87:d1:08:5b:3d:73:6d:07:39:47:5d:07:fc:4e:fe:cb:ec:71:f8:f0:17:35:8a
Signer

Actual PE Digest

c9:06:d6:0a:44:8c:34:15:ab:87:d1:08:5b:3d:73:6d:07:39:47:5d:07:fc:4e:fe:cb:ec:71:f8:f0:17:35:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

gdiplus

GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFillEllipseI
GdipDrawPath
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdiplusStartup
GdipSaveImageToFile
GdipCloneImage
GdipSetPenLineJoin
GdipSetPenLineCap197819
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipAddPathLineI
GdipStartPathFigure
GdipDeletePath
GdipCreatePath
GdiplusShutdown

msimg32

AlphaBlend

kernel32

LocalFree
IsDebuggerPresent
DebugBreak
OutputDebugStringW
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
MulDiv
ExpandEnvironmentStringsW
DeleteFileW
GetFileAttributesW
Beep
SetEvent
CreateEventW
CreateEventExW
Sleep
GetCurrentProcess
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
GetVersion
GetTickCount
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcpynW
MultiByteToWideChar
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
GetProcAddress
WriteFile
GetConsoleCP
ExitProcess
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
RtlUnwind
CloseThreadpoolWait
GetModuleHandleW
CreateThreadpoolWait
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
WideCharToMultiByte
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
InitializeSRWLock
SwitchToThread
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
HeapReAlloc
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
ReadFile
LocalAlloc
HeapSize
WriteConsoleW
SetEndOfFile
LoadLibraryW
TrySubmitThreadpoolCallback
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetThreadpoolWait
EnterCriticalSection

user32

DialogBoxIndirectParamW
SendMessageW
GetDlgItem
EndDialog
SetWindowTextW
SystemParametersInfoW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
LoadIconW
FindWindowW
GetParent
GetDesktopWindow
SetRect
WindowFromPoint
MapWindowPoints
SetCursorPos
ShowCursor
MessageBoxW
RedrawWindow
InvalidateRect
ReleaseDC
GetForegroundWindow
SetActiveWindow
UpdateWindow
DrawTextW
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
CreateDialogParamW
BringWindowToTop
IsWindowVisible
PostQuitMessage
PostMessageW
SetMessageExtraInfo
GetMessageExtraInfo
UnregisterHotKey
RegisterHotKey
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
GetDC
SetWindowLongW
GetWindowLongW
OffsetRect
FillRect
ClipCursor
GetClipCursor
GetWindowRect
GetClientRect
SetWindowRgn
EndPaint
BeginPaint
SetForegroundWindow
EnableWindow
ReleaseCapture
SetCapture
GetCapture
SetWindowDisplayAffinity
SetWindowPos
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor

gdi32

SetTextColor
SetStretchBltMode
SetROP2
StretchBlt
SetBkMode
SelectObject
Rectangle
LineTo
GetCurrentObject
GetObjectW
CreatePen
MoveToEx
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
DeleteDC
GetStockObject
DeleteObject
CreateSolidBrush
CreateRectRgnIndirect
CombineRgn
Polygon
CreateDIBSection
EndPage
StartPage
CreateFontIndirectW
StartDocW
SetMapMode
GetDeviceCaps
EndDoc
Ellipse

comdlg32

PrintDlgW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetKnownFolderItem
ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoInitialize
CoGetApartmentType
CoGetObjectContext
CoCreateInstance
CoTaskMemFree

oleaut32

SetErrorInfo
SysFreeString
SysStringLen
GetErrorInfo
SysAllocString

Sections

.text
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4756e7357e2a6f03dab2ad8e2ddfdae1

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

c9:06:d6:0a:44:8c:34:15:ab:87:d1:08:5b:3d:73:6d:07:39:47:5d:07:fc:4e:fe:cb:ec:71:f8:f0:17:35:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

gdiplus

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 345KB - Virtual size: 345KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 21KB - Virtual size: 28KB

.rsrc Size: 649KB - Virtual size: 648KB

.reloc Size: 21KB - Virtual size: 20KB

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c9:06:d6:0a:44:8c:34:15:ab:87:d1:08:5b:3d:73:6d:07:39:47:5d:07:fc:4e:fe:cb:ec:71:f8:f0:17:35:8a
Signer

.text
Size: 345KB - Virtual size: 345KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 21KB - Virtual size: 28KB

.rsrc
Size: 649KB - Virtual size: 648KB

.reloc
Size: 21KB - Virtual size: 20KB