zt[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

zt.exe
Size

8.0MB
MD5

f52123cc6868b8717cb0ed9a31c96536
SHA1

cfba9ca0686e245721f07e12dc7b54fb207bde0a
SHA256

12d9c4cd2c38ca5e7b19a5233784ae8bf703057d32129b39d8b0290c9697719c
SHA512

98e604a14f88100405a841993858bcbe494d5ad32b1e182d7c0fdd449dd947ef359f819b2d0e4f6ed051ee560ee6354fa7dec64e0b64fe83982d7c164fc8b579
SSDEEP

98304:DB6BSu+EpOAuxdXgpu+7WDSqYYA1hYKvH4iH0fhcb9HuJbPPPPPPPPPXom+5sMTR:DySu+Ebu/k7WDSqYYchYKWh+VRH1

Score

1^/10

Malware Config

Signatures

Files

zt.exe
.exe windows x86

ed50004eb4d18dc9c26f04e7e7c4bb47

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:d4:0a:e6:5c:46:dd:b1:37:6f:a2:8c:09:64:bd:28:d8:27:6f:df
Signer

Actual PE Digest

6d:d4:0a:e6:5c:46:dd:b1:37:6f:a2:8c:09:64:bd:28:d8:27:6f:df

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
ExitProcess

advapi32

RegCreateKeyA

gdi32

CreateCompatibleDC

user32

MessageBoxA

version

GetFileVersionInfoA

d3d9

D3DPERF_EndEvent

winmm

timeGetDevCaps

shell32

SHGetSpecialFolderPathA

msvcr80

__getmainargs

d3dx9_32

D3DXCreateFontA

dsound

ord9

mss32

_AIL_close_3D_listener@4

imm32

ImmNotifyIME

binkw32

_BinkSetVolume@12

ole32

CoUninitialize

oleaut32

VariantClear

ws2_32

send

ipworks5

NetCode_Get

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

stxt774
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stxt371
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ed50004eb4d18dc9c26f04e7e7c4bb47

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6d:d4:0a:e6:5c:46:dd:b1:37:6f:a2:8c:09:64:bd:28:d8:27:6f:dfSigner

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

version

d3d9

winmm

shell32

msvcr80

d3dx9_32

dsound

mss32

imm32

binkw32

ole32

oleaut32

ws2_32

ipworks5

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 388KB - Virtual size: 387KB

.data Size: 32KB - Virtual size: 224KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

stxt774 Size: 12KB - Virtual size: 8KB

stxt371 Size: 16KB - Virtual size: 13KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6d:d4:0a:e6:5c:46:dd:b1:37:6f:a2:8c:09:64:bd:28:d8:27:6f:df
Signer

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 388KB - Virtual size: 387KB

.data
Size: 32KB - Virtual size: 224KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

stxt774
Size: 12KB - Virtual size: 8KB

stxt371
Size: 16KB - Virtual size: 13KB