u[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

u.zip
Size

1.9MB
MD5

72fb827833037b5550c2f45fddde836d
SHA1

eaf01f8563375badc54a780cd4f0454c144e8c78
SHA256

2214b9c747317a99459eeb8754869c0e70c354d79b8d620dce1f449af394144d
SHA512

026fe0eef4298e3516b0129af1ef4f3e676054e971b0a5af693a9606d76896f47fb5a7f351f34acd6bbb91d37f7e72f7a107a4c0f15e6a274348089490582c4a
SSDEEP

49152:kS0NyJHhNbNrholgo8nWLblQR9hObkhDKy6dGtMngmjkm:siBH1kgZCKR9weDKD4tGkm

Score

1^/10

Malware Config

Signatures

Files

u.zip
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume5/BACKUP SECOND COPY/DASMAN USER BACKUP SECOND COPY003/F/UB_DASMAN_AG/SankarK/7-2014-2015/New Folder/u.zip
.zip

Password: S@ndb0x!2023@@
u1502.exe
.exe windows x86

Password: S@ndb0x!2023@@

baa93d47220682c04d92f7797d9224ce

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:c5:19:78:f0:ed:63:6c:a3:c5:b5:c4:d3:3d:02:2c:10
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

05/12/2012, 21:33

Not After

11/01/2016, 15:34

Subject

CN=Ultrareach Internet Corp.,O=Ultrareach Internet Corp.,L=Cheyenne,ST=WY,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:2e:11:f0:1b:8a:46:1d:dc:9b:b1:07:49:7b:31:74:ea:48:01:f8
Signer

Actual PE Digest

cd:2e:11:f0:1b:8a:46:1d:dc:9b:b1:07:49:7b:31:74:ea:48:01:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

_EXECryptor_GetHardwareID@0
_EXECryptor_IsAppProtected@0

Sections

Size: 984KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ipsvfnxo
Size: 1012KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bwxzvnjx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

baa93d47220682c04d92f7797d9224ce

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

11:21:c5:19:78:f0:ed:63:6c:a3:c5:b5:c4:d3:3d:02:2c:10Certificate

Extended Key Usages

Key Usages

cd:2e:11:f0:1b:8a:46:1d:dc:9b:b1:07:49:7b:31:74:ea:48:01:f8Signer

Headers

File Characteristics

Imports

kernel32

comctl32

Exports

Exports

Sections

Size: 984KB - Virtual size: 2.0MB

.rsrc Size: 24KB - Virtual size: 62KB

.idata Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 1.5MB

ipsvfnxo Size: 1012KB - Virtual size: 1012KB

bwxzvnjx Size: 4KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

11:21:c5:19:78:f0:ed:63:6c:a3:c5:b5:c4:d3:3d:02:2c:10
Certificate

cd:2e:11:f0:1b:8a:46:1d:dc:9b:b1:07:49:7b:31:74:ea:48:01:f8
Signer

.rsrc
Size: 24KB - Virtual size: 62KB

.idata
Size: 4KB - Virtual size: 4KB

ipsvfnxo
Size: 1012KB - Virtual size: 1012KB

bwxzvnjx
Size: 4KB - Virtual size: 4KB