D890B4D7FE4A23D24FFDD9C76E87D03C4C24450CD0130F2047CA9A18F813333A[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

D890B4D7FE4A23D24FFDD9C76E87D03C4C24450CD0130F2047CA9A18F813333A.zip
Size

243KB
MD5

7228a23d53f9ca4adcedd934c6abe24b
SHA1

6d64159be2eee2c0ffd67ef39976c8cc028f6392
SHA256

6047e2d839d81998030088f46a5e90a9443a508964644f92f008eb589292d008
SHA512

a24ddc1ba7eb687b0d8a8895d102e32bb3d111d669a754bd7eb25661e79c5152e9722eed794f7af59fbd642b121e3b16a573ca5682f6aecd1202cb8d975e3ded
SSDEEP

6144:ah10JgZS8080RbBesyUSBfKt6PpQ+p42fk4V/:g0JgZz00+oVd

Score

1^/10

Malware Config

Signatures

Files

D890B4D7FE4A23D24FFDD9C76E87D03C4C24450CD0130F2047CA9A18F813333A.zip
.zip

Password: infected
D890B4D7FE4A23D24FFDD9C76E87D03C4C24450CD0130F2047CA9A18F813333A
.exe windows x86

9132adaf0f762071751e0cb4d9095c12

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:68:4e:fe:a6:53:db:3c:8d:5e:bb
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

08/01/2020, 01:35

Not After

23/03/2022, 10:13

Subject

CN=KINGSOFT JAPAN\, INC.,OU=Administration Division,O=KINGSOFT JAPAN\, INC.,L=Minato-ku,ST=Tokyo,C=JP,1.2.840.113549.1.9.1=#0c14636f64657369676e406b696e67736f66742e6a70

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:82:68:4e:fe:a6:53:db:3c:8d:5e:bb
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

08/01/2020, 01:35

Not After

23/03/2022, 10:13

Subject

CN=KINGSOFT JAPAN\, INC.,OU=Administration Division,O=KINGSOFT JAPAN\, INC.,L=Minato-ku,ST=Tokyo,C=JP,1.2.840.113549.1.9.1=#0c14636f64657369676e406b696e67736f66742e6a70

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:52:4f:eb:43:75:b2:e7:bb:32:74:02:bf:fd:f3:1e:d7:ae:06:95:f0:d7:9a:79:69:d2:d8:37:22:ef:4f:03
Signer

Actual PE Digest

47:52:4f:eb:43:75:b2:e7:bb:32:74:02:bf:fd:f3:1e:d7:ae:06:95:f0:d7:9a:79:69:d2:d8:37:22:ef:4f:03

Digest Algorithm

sha256

PE Digest Matches

true

97:37:c2:11:80:dd:a3:0b:b7:94:8a:c5:02:e4:47:10:36:b0:66:cf
Signer

Actual PE Digest

97:37:c2:11:80:dd:a3:0b:b7:94:8a:c5:02:e4:47:10:36:b0:66:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA
GetStringTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
CloseHandle
RtlUnwind
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapAlloc
MoveFileA
GetLastError
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
SetErrorMode
GetSystemDefaultLangID
GetCPInfo
GetACP
FreeLibrary
LoadLibraryA
WinExec
WideCharToMultiByte
GetSystemDirectoryA
GetLocaleInfoA
MultiByteToWideChar
SizeofResource
LockResource
FreeResource
FindResourceA
LoadResource
SetEndOfFile
SetFilePointer
_lread
_lwrite
OpenFile
_llseek
_lclose
GetWindowsDirectoryA
GetTickCount
FatalAppExitA
GlobalFlags
LocalReAlloc
LocalUnlock
LocalLock
LocalFree
GetVersion
GetProfileStringA
lstrcmpA
GlobalHandle
RaiseException
IsDBCSLeadByte
IsBadReadPtr
LocalAlloc
lstrlenA
OutputDebugStringA
GetModuleFileNameA
lstrcmpiA
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
GlobalFree
MulDiv
lstrcpyA
GetModuleHandleA
GetOEMCP

user32

GetNextDlgTabItem
SetScrollRange
SetDlgItemTextA
GetDlgItemTextA
GetDoubleClickTime
CheckRadioButton
ReleaseCapture
SetCapture
RegisterClassW
SetMenu
SetWindowTextA
GetWindowTextA
InvalidateRgn
ScrollDC
IsZoomed
AppendMenuA
GetSystemMenu
GetClassLongA
GetClassLongW
DispatchMessageA
DispatchMessageW
GetMessageW
GetMessageA
DefWindowProcW
VkKeyScanA
GetKeyboardLayout
LoadKeyboardLayoutA
ActivateKeyboardLayout
GetKeyboardLayoutList
InvertRect
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
CloseClipboard
EmptyClipboard
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
HiliteMenuItem
GetMenuState
GetMenuItemID
DeleteMenu
DrawMenuBar
EqualRect
UnionRect
GetDesktopWindow
GetMessagePos
GetMessageTime
SetParent
GetClassInfoA
EnableWindow
MessageBoxA
DialogBoxParamA
BringWindowToTop
GetActiveWindow
SetTimer
MessageBeep
SendMessageA
GetAsyncKeyState
InvalidateRect
GetScrollPos
GetScrollRange
SetScrollPos
SetCursor
GetCursorPos
InflateRect
PtInRect
CheckDlgButton
IsWindowVisible
GetMenuItemCount
LoadStringA
IsWindowUnicode
UpdateWindow
GetMenu
FindWindowA
GetKeyState
PeekMessageA
KillTimer
DefWindowProcA
LoadIconA
LoadCursorA
IsDialogMessageA
GetSysColor
GetFocus
BeginPaint
EndPaint
ScreenToClient
GetWindowDC
FillRect
CopyRect
SetWindowLongA
DestroyWindow
CheckMenuItem
SetRectEmpty
RemoveMenu
GetSubMenu
CreateMenu
EnableMenuItem
GetMenuStringA
ModifyMenuA
InsertMenuA
TranslateMessage
wsprintfA
SetForegroundWindow
SetFocus
PostQuitMessage
PostMessageA
CreateWindowExA
RegisterClassA
GetDC
ReleaseDC
LoadMenuA
IsIconic
GetWindowLongA
ClientToScreen
GetClassNameA
DestroyMenu
IsRectEmpty
IsWindow
OffsetRect
SetWindowPos
GetClientRect
LoadBitmapA
GetParent
MoveWindow
ShowWindow
GetDlgItem
SetRect
DrawTextA
EndDialog
WindowFromDC
MapWindowPoints
IntersectRect
SystemParametersInfoA
GetWindowRect
GetSystemMetrics
GetDialogBaseUnits
IsDlgButtonChecked
ShowCursor
SendDlgItemMessageA
GetCaretBlinkTime

gdi32

SetBkColor
CreatePatternBrush
CreateBitmap
PtVisible
GetTextFaceA
CreateFontA
ExtTextOutA
LineTo
MoveToEx
SetMapMode
GetMapMode
GetCharWidthA
GetCharWidth32A
GetCharWidthW
GetCharWidth32W
GetBitmapBits
TextOutA
TextOutW
SetTextAlign
CreateCompatibleBitmap
GetTextMetricsA
Escape
CreateICA
EnumFontsA
EnumFontFamiliesExA
CreateSolidBrush
CreateRectRgn
PatBlt
SetRectRgn
CreateRectRgnIndirect
RectVisible
SetROP2
Ellipse
Polygon
Arc
CreatePen
SetMapperFlags
ExtTextOutW
GetTextExtentPoint32A
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
CloseMetaFile
RestoreDC
EnumMetaFile
SaveDC
StretchBlt
SetStretchBltMode
PlayMetaFile
SetViewportExtEx
GetMetaFileBitsEx
FillRgn
CombineRgn
Rectangle
GetStockObject
CopyMetaFileA
DeleteMetaFile
CreateCompatibleDC
DPtoLP
BitBlt
DeleteDC
GetObjectA
GetDeviceCaps
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
DeleteObject
SelectClipRgn
GetClipBox

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegSetValueA
RegEnumKeyExA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegCloseKey

ole32

CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
CoDisconnectObject
CoLockObjectExternal
OleUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CreateOleAdviseHolder
OleRegEnumFormatEtc
CreateDataAdviseHolder
WriteFmtUserTypeStg
OleTranslateAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
GetRunningObjectTable
CoGetMalloc
OleDuplicateData
ReleaseStgMedium
OleGetClipboard
WriteClassStg
OleFlushClipboard
OleSetClipboard
StgCreateDocfileOnILockBytes

oleaut32

SysFreeString

shell32

DragAcceptFiles

comctl32

ord17

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

9132adaf0f762071751e0cb4d9095c12

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:68:4e:fe:a6:53:db:3c:8d:5e:bbCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:82:68:4e:fe:a6:53:db:3c:8d:5e:bbCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

47:52:4f:eb:43:75:b2:e7:bb:32:74:02:bf:fd:f3:1e:d7:ae:06:95:f0:d7:9a:79:69:d2:d8:37:22:ef:4f:03Signer

97:37:c2:11:80:dd:a3:0b:b7:94:8a:c5:02:e4:47:10:36:b0:66:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shell32

comctl32

Sections

.text Size: 303KB - Virtual size: 303KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 31KB - Virtual size: 75KB

.rsrc Size: 426KB - Virtual size: 426KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:68:4e:fe:a6:53:db:3c:8d:5e:bb
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:82:68:4e:fe:a6:53:db:3c:8d:5e:bb
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

47:52:4f:eb:43:75:b2:e7:bb:32:74:02:bf:fd:f3:1e:d7:ae:06:95:f0:d7:9a:79:69:d2:d8:37:22:ef:4f:03
Signer

97:37:c2:11:80:dd:a3:0b:b7:94:8a:c5:02:e4:47:10:36:b0:66:cf
Signer

.text
Size: 303KB - Virtual size: 303KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 31KB - Virtual size: 75KB

.rsrc
Size: 426KB - Virtual size: 426KB