Downloads[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Downloads.7z
Size

204KB
MD5

3a7cfbebd3f9e758a343a6d4f1055eb6
SHA1

823bd40b773ed4339dea59f1b880a76caff37050
SHA256

02614e05dd8365aebd0721deb120ac5a7438e1448b6a99a6263b6a1e6893063d
SHA512

982303767279c999ce128cefe0e3922528efb64864fe93ad0c660ceeaf1f217953818be4e1284a564163fd5434e3de82f3515ad363f28c6d54f546d28e736a34
SSDEEP

3072:XJVaeoYQzBmL6m/H08tFfQxnLEVbFZlG7UvhN47TsSyBGHkXwmrlQsC8H:BoYQzB86gt8nLEVR5NKLygKrg8H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/coreclr.dll

Files

Downloads.7z
.7z
WinDbg.exe
.exe windows x86

c2e6bbcf8c043d17c74c1e20d80c9247

Code Sign

33:00:00:00:f3:67:3d:83:61:98:0f:1c:a6:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:19

Not After

23/11/2019, 20:19

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:F6FF-2DA7-BB75,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:45:8d:65:15:ca:65:93:0d:44:38:28:58:e0:02:5b:99:e6:58:7f
Signer

Actual PE Digest

d7:45:8d:65:15:ca:65:93:0d:44:38:28:58:e0:02:5b:99:e6:58:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
CryptGenRandom
CryptAcquireContextW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptReleaseContext

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CloseHandle
GetVersionExW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
RtlUnwind
InitializeCriticalSection
LoadLibraryA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentProcess
GetModuleHandleW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetProcAddress
InterlockedCompareExchange
LoadLibraryW
LocalFree
GetCommandLineW
GetLastError
GetModuleFileNameW
CreateProcessW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
DuplicateHandle
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateThread
WaitForMultipleObjectsEx
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
WaitForMultipleObjects
WriteFile
CreateFileW
GetFileSize
ReadFile
SetFilePointer
RemoveDirectoryW
DeleteFileW
GetEnvironmentVariableW
FreeResource
FindResourceExW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
RaiseException
InterlockedExchange
GlobalFree
LockResource
GetSystemDefaultLCID
GetSystemTimeAsFileTime
DosDateTimeToFileTime
SetEndOfFile
GetFileAttributesExW
CreateDirectoryW
GetCommandLineA
GetVersionExA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
LocalAlloc

gdi32

GetObjectW
CreateFontIndirectW
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
SelectObject
SetStretchBltMode
StretchBlt
GetStockObject
SetDIBColorTable

msimg32

GradientFill

shlwapi

SHDeleteKeyW
PathAppendW
SHGetValueW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

shell32

SHFileOperationW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

comctl32

ord17
PropertySheetW
InitCommonControlsEx

user32

DialogBoxParamW
GetWindowLongW
EndDialog
HideCaret
ReleaseDC
LoadIconW
GetDlgItem
EnableWindow
PostQuitMessage
SetWindowTextW
GetWindowRect
MapWindowPoints
InvalidateRect
GetDC
ShowWindow
BeginPaint
EndPaint
IsDlgButtonChecked
IsWindowEnabled
GetMonitorInfoW
SetWindowPos
PostMessageW
LoadStringW
GetParent
FillRect
GetSysColor
MonitorFromWindow
SystemParametersInfoW
MsgWaitForMultipleObjects
DestroyWindow
SetWindowLongW
SendMessageW

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VarBstrCmp
SysFreeString
VariantInit

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coreclr.dll
.dll windows x86

d3d4006920c2c1d9a10409b75aa96228

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
DecodePointer
DeleteCriticalSection
DisableThreadLibraryCalls
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RtlUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAllocEx
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

MessageBoxA
MessageBoxW

Exports

Exports

GetCLRRuntimeHost
dfvgihkyihdlfsghh
dfyiasihfsdghtghsog
fdaskufhgbksuthlyijhrd
fghdftiyhsabfuDFERKF

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 204B

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2e6bbcf8c043d17c74c1e20d80c9247

Code Sign

33:00:00:00:f3:67:3d:83:61:98:0f:1c:a6:00:00:00:00:00:f3Certificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

d7:45:8d:65:15:ca:65:93:0d:44:38:28:58:e0:02:5b:99:e6:58:7fSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

msimg32

shlwapi

shell32

comctl32

user32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 202KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

d3d4006920c2c1d9a10409b75aa96228

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 231KB - Virtual size: 230KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 203KB - Virtual size: 206KB

.00cfg Size: 512B - Virtual size: 4B

.voltbl Size: 512B - Virtual size: 204B

.reloc Size: 9KB - Virtual size: 8KB

33:00:00:00:f3:67:3d:83:61:98:0f:1c:a6:00:00:00:00:00:f3
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

d7:45:8d:65:15:ca:65:93:0d:44:38:28:58:e0:02:5b:99:e6:58:7f
Signer

.text
Size: 203KB - Virtual size: 202KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 231KB - Virtual size: 230KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 203KB - Virtual size: 206KB

.00cfg
Size: 512B - Virtual size: 4B

.voltbl
Size: 512B - Virtual size: 204B

.reloc
Size: 9KB - Virtual size: 8KB