PosterShop[.]exe[.]zip

Resubmissions

28/06/2023, 23:50

230628-3vthwacc9y 1

28/06/2023, 23:44

230628-3rlnvscc9s 1

28/06/2023, 23:39

230628-3ne2xacc81 1

Sharing

Copy URL Twitter E-mail

General

Target

PosterShop.exe.zip
Size

7.6MB
MD5

d8e66ea8d98fdc8b9ea1b763d4415fa8
SHA1

402f7c3711b156b274aea7bfbe2137cd23c9263f
SHA256

e7e7426ca3719d3651a6d11392ed04103455b87ea70658426755652d2ee139aa
SHA512

1d0923ba18e9b79ce7545a5c2fd7d1732559804eeb10250e28c26a592d3cc60863296f9a60cd09d8e1f23cc1c9a032ce0ff564d6cc61333eaf89ce3fdc3b8c53
SSDEEP

196608:GyaUJJRg6LovVlg5pBBtZTx/O9/Io3wjk4VLFn/sz3H:vLovvyrBx493wg4Xk3H

Score

1^/10

Malware Config

Signatures

Files

PosterShop.exe.zip
.zip

Password: infected
PosterShop.exe
.exe windows x64

Password: infected

e88d073d6ef8ea06b0b99fb26dc59b97

Code Sign

05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:06:26:91:49:df:13:7a:3b:fb:18:32:51:2d:33:3c
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/07/2021, 00:00

Not After

04/08/2023, 23:59

Subject

SERIALNUMBER=4024569,CN=Onyx Graphics Inc.,O=Onyx Graphics Inc.,L=Midvale,ST=Utah,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9a:8a:ef:a8:c9:20:a8:7d:d4:22:e2:a2:01:1a:9f:d8:54:15:9c:d3
Signer

Actual PE Digest

9a:8a:ef:a8:c9:20:a8:7d:d4:22:e2:a2:01:1a:9f:d8:54:15:9c:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

GetAce

iphlpapi

GetIfTable

shell32

ILFree

hid

HidP_GetCaps

setupapi

SetupInstallFileA

dhcpcsvc

DhcpIsEnabled

dhcpcsvc6

Dhcpv6IsEnabled

psapi

EnumProcesses

wsock32

bind

ws2_32

inet_ntop

bonjour

??1CBonjourStrategy@@QEAA@XZ

libcrypto-1_1-x64

BN_new

libssl-1_1-x64

SSL_new

onyxqtsupport

??1QWinWidget@@UEAA@XZ

qtcore4

??1QDir@@QEAA@XZ

qtgui4

??1QPen@@QEAA@XZ

jdfwrapperdll

??1XMLDoc@JDF@@UEAA@XZ

jdftoolsdll

??1WString@JDF@@UEAA@XZ

logger

??0ConsoleLogger@errorlog@onyx@@QEAA@_N@Z

libxml2

xmlFree

onxctl

AboutDlg

onyxjdf

??1Customer@jdf@onyx@@QEAA@XZ

onxkernel

Oeof

onxlib

ord4000

reporter

?getInstance@UsageReport@reporter@onyx@@SAPEAV123@XZ

mfc140

ord7487

msvcp140

_Mbrtowc

wxbase314_vc_x64_onyx

??1wxDir@@QEAA@XZ

wxbase314_xml_vc_x64_onyx

??0wxXmlDocument@@QEAA@XZ

wxmsw314_core_vc_x64_onyx

??0wxApp@@QEAA@XZ

hasp_windows_x64_52775

ord5

serversetup

??1OssQueue@@QEAA@XZ

repository

?Reset@SystemRepository@repos@onyx@@SAXXZ

onxspool

??1CVPrinter@@UEAA@XZ

onxjmf

?getHPWallArtAppInfo@@YA?AUOnxJMFAppInfo@@XZ

onxmongodb

??1MongoConf@@QEAA@XZ

vcruntime140

memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

feof

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

strtok

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

rename

api-ms-win-crt-multibyte-l1-1-0

_mbsinc

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-math-l1-1-0

cos

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-process-l1-1-0

_spawnlp

api-ms-win-crt-locale-l1-1-0

_setmbcp

onxsingletonmgr

OnxSingletonMapPut

onxlssrvscp

onyx_VLSdiscover

gdiplus

GdipFree

oleaut32

VariantTimeToSystemTime

shlwapi

PathFileExistsA

comctl32

ImageList_Draw

comdlg32

CommDlgExtendedError

gdi32

DPtoLP

mpr

WNetAddConnection2A

version

VerQueryValueA

wininet

InternetOpenA

netapi32

Netbios

Exports

Exports

??0IContourMark@@QEAA@AEBV0@@Z
??0IContourMark@@QEAA@XZ
??1IContourMark@@UEAA@XZ
??4IContourMark@@QEAAAEAV0@AEBV0@@Z
??_7IContourMark@@6B@
OPENSSL_Applink

Sections

.AKS1
Size: 2.8MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKS2
Size: 6.3MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKS3
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e88d073d6ef8ea06b0b99fb26dc59b97

Code Sign

05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72Certificate

Key Usages

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:06:26:91:49:df:13:7a:3b:fb:18:32:51:2d:33:3cCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

9a:8a:ef:a8:c9:20:a8:7d:d4:22:e2:a2:01:1a:9f:d8:54:15:9c:d3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

iphlpapi

shell32

hid

setupapi

dhcpcsvc

dhcpcsvc6

psapi

wsock32

ws2_32

bonjour

libcrypto-1_1-x64

libssl-1_1-x64

onyxqtsupport

qtcore4

qtgui4

jdfwrapperdll

jdftoolsdll

logger

libxml2

onxctl

onyxjdf

onxkernel

onxlib

reporter

mfc140

msvcp140

wxbase314_vc_x64_onyx

wxbase314_xml_vc_x64_onyx

wxmsw314_core_vc_x64_onyx

hasp_windows_x64_52775

serversetup

repository

onxspool

onxjmf

onxmongodb

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
Certificate

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:06:26:91:49:df:13:7a:3b:fb:18:32:51:2d:33:3c
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

9a:8a:ef:a8:c9:20:a8:7d:d4:22:e2:a2:01:1a:9f:d8:54:15:9c:d3
Signer

.AKS1
Size: 2.8MB - Virtual size: 9.6MB

.AKS2
Size: 6.3MB - Virtual size: 8.4MB

.AKS3
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB