Extracted

• 11195651845.zip

  .zip

  Password: infected

• b3d7005a06021286c84ed7f8293cba966e0137df769e80579df7f3c6a2d3c1f3

  .dll windows x86

  Password: infected

  7a25408ea12fbf11c65d8deb43d76b38

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7d:27:33:2c:3c:b3:a3:82:a4:fd:23:2c:5c:66:a2

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  17-06-2022 00:00

  Not After

  17-06-2023 23:59

  Subject

  CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  29-03-2022 00:00

  Not After

  14-03-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e0:97:fc:7a:9b:c1:ac:42:53:02:a4:38:be:ad:86:39:34:f7:33:d8

  Signer

  Actual PE Digest

  e0:97:fc:7a:9b:c1:ac:42:53:02:a4:38:be:ad:86:39:34:f7:33:d8

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrcpyW

  lstrcmpW

  GetNumaHighestNodeNumber

  GetShortPathNameA

  ReadFile

  CreateTimerQueueTimer

  ReplaceFileA

  EraseTape

  IsDBCSLeadByteEx

  GetCurrentProcess

  WriteConsoleA

  RegisterWaitForSingleObject

  OutputDebugStringA

  VirtualAlloc

  CancelDeviceWakeupRequest

  GetFinalPathNameByHandleW

  GetDriveTypeA

  CreateJobObjectW

  GetProductInfo

  CompareStringOrdinal

  LockFile

  GetThreadPreferredUILanguages

  DeleteAtom

  AllocateUserPhysicalPages

  EnumLanguageGroupLocalesA

  GetTempPathW

  IsBadHugeReadPtr

  GetEnvironmentVariableA

  CreateMutexA

  WaitForSingleObject

  GetLongPathNameTransactedA

  CreateFileW

  QueryThreadCycleTime

  GetUserPreferredUILanguages

  DuplicateHandle

  GetACP

  OpenProcess

  ReadConsoleOutputCharacterA

  MultiByteToWideChar

  CancelSynchronousIo

  GetNumberFormatA

  CompareStringA

  CopyFileA

  GetLastError

  UpdateProcThreadAttribute

  GetConsoleProcessList

  CreateFileA

  GetSystemFileCacheSize

  DisableThreadLibraryCalls

  GetMailslotInfo

  GetCommState

  GlobalFlags

  DeleteFileA

  DeleteFileW

  EnumSystemCodePagesA

  WritePrivateProfileStringA

  CreateThread

  IsDBCSLeadByte

  ExitProcess

  DeleteFileTransactedW

  FlushConsoleInputBuffer

  WriteFileGather

  FindAtomA

  GetProcAddress

  HeapQueryInformation

  _lread

  GetFileSize

  FindAtomW

  VerSetConditionMask

  GetComputerNameW

  EnumTimeFormatsA

  GetNumaProximityNode

  VerifyVersionInfoW

  CreateProcessA

  GetComputerNameExA

  CreateMailslotA

  GetProcessPriorityBoost

  QueryPerformanceCounter

  LocalUnlock

  IsWow64Process

  WriteFile

  GetModuleHandleA

  GetVersionExA

  GlobalFree

  GetSystemInfo

  GetModuleHandleW

  GetSystemTime

  VirtualFree

  Process32First

  Process32Next

  LocalFree

  Wow64DisableWow64FsRedirection

  Wow64RevertWow64FsRedirection

  CreateProcessW

  SetLastError

  RtlUnwind

  InterlockedFlushSList

  DecodePointer

  EncodePointer

  WriteConsoleW

  SetFilePointerEx

  HeapReAlloc

  HeapSize

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetStringTypeW

  GetProcessHeap

  FreeEnvironmentStringsW

  CloseHandle

  Process32FirstW

  lstrcpyA

  GlobalAlloc

  lstrcatW

  LoadLibraryA

  Process32NextW

  Sleep

  GetSystemWow64DirectoryW

  CreateToolhelp32Snapshot

  lstrcatA

  GetSystemDirectoryW

  GetModuleFileNameW

  lstrlenA

  lstrlenW

  LoadResource

  GetModuleFileNameA

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindNextFileA

  FindFirstFileExA

  FindClose

  RaiseException

  TerminateProcess

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetFileType

  GetStdHandle

  LCMapStringW

  HeapAlloc

  HeapFree

  WideCharToMultiByte

  GetModuleHandleExW

  LoadLibraryExW

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  GetCurrentProcessId

  GetStartupInfoW

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  EnterCriticalSection

  user32

  EnumPropsA

  ScrollDC

  wvsprintfA

  ReleaseDC

  GetDoubleClickTime

  GetSystemMetrics

  GetDC

  MessageBoxA

  CreateIcon

  EnumClipboardFormats

  GetDialogBaseUnits

  FindWindowA

  GetNextDlgTabItem

  wsprintfA

  EnumWindows

  CharUpperA

  CharUpperBuffW

  wsprintfW

  FindWindowW

  SendMessageA

  gdi32

  SelectObject

  CreateCompatibleDC

  StretchBlt

  DeleteDC

  SetStretchBltMode

  DeleteObject

  GetObjectA

  GetClipBox

  CreateRectRgnIndirect

  GetDIBits

  GetTextAlign

  SelectPalette

  CreateCompatibleBitmap

  advapi32

  GetUserNameW

  RegCreateKeyExW

  shell32

  SHGetSpecialFolderPathA

  SHGetSpecialFolderPathW

  ShellExecuteA

  ole32

  CoUninitialize

  CoInitializeSecurity

  CoInitializeEx

  CoCreateGuid

  CoCreateInstance

  CoInitialize

  oleaut32

  VariantInit

  SysFreeString

  VariantClear

  SysAllocString

  shlwapi

  StrChrA

  StrStrA

  ws2_32

  htons

  recv

  connect

  socket

  send

  WSAStartup

  gethostbyname

  closesocket

  WSACleanup

  gdiplus

  GdipFree

  GdipDisposeImage

  GdipAlloc

  GdipCloneImage

  GdipLoadImageFromFile

  GdiplusStartup

  GdipGetImageEncodersSize

  GdipGetImageEncoders

  GdipSaveImageToFile

  netapi32

  NetApiBufferFree

  NetWkstaGetInfo

  Exports

  Exports

  fff

  Sections

  .text

  Size: 229KB - Virtual size: 228KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 37KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 288B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ