18C909A2B8C5E16821D6EF908F56881AA0ECCEEACCB5FA1E54995935FCFD12F7[.]zip

Resubmissions

30-08-2023 01:08

230830-bhgj1aca3w 1

30-08-2023 01:06

230830-bgjb7sgh94 1

Sharing

Copy URL

Twitter E-mail

General

Target

18C909A2B8C5E16821D6EF908F56881AA0ECCEEACCB5FA1E54995935FCFD12F7.zip
Size

29KB
MD5

b938806a0b986827510c2ebbdc112442
SHA1

e219ac201e441904c03b0020c1bd73d92aa7793b
SHA256

45e11f455c4c972ca0e9ea5724cb676f42d11ec8532585d4129a87336206a236
SHA512

f5b1282c4a8fe0e3a4b9251feb2d1cd299d92128249d8f7374e55bbd6fefe2a03a8bdb4581b5c76514a210f37402dbebe44c7203b5127f75df4e8f1f24e7027e
SSDEEP

768:JMINVa0Cnm1WbVIe+WofNaOmxe4PbEp827Q+mpQu1eHthXbXpDoxItw9m6c2bcl:JneNm1smfNnaem886WLcNhXbdTtw9fcX

Score

1^/10

Malware Config

Signatures

Files

18C909A2B8C5E16821D6EF908F56881AA0ECCEEACCB5FA1E54995935FCFD12F7.zip
.zip

Password: infected
18C909A2B8C5E16821D6EF908F56881AA0ECCEEACCB5FA1E54995935FCFD12F7
.exe windows x64

Password: infected

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

02-01-2014 07:01

Not After

04-02-2015 15:04

Subject

CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek,O=GMEREK Systemy Komputerowe Przemyslaw Gmerek,L=Katowice,ST=Katowice,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

Actual PE Digest

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsProcessType
IoDeleteSymbolicLink
ExFreePoolWithTag
strncmp
_snwprintf
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
KeUnstackDetachProcess
KeDetachProcess
IoDriverObjectType
wcsrchr
ExAllocatePool
ZwClose
KeBugCheck
IofCompleteRequest
ObReferenceObjectByHandle
KeAttachProcess
PsGetVersion
PsThreadType
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByName
IoCreateDevice
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupThreadByThreadId
KeClearEvent
IoGetBaseFileSystemDeviceObject
IoBuildSynchronousFsdRequest
_wcsnicmp
ZwReadFile
wcsncpy
KeInitializeEvent
ZwSetInformationFile
strncpy
IoGetDeviceObjectPointer
NtClose
KeWaitForSingleObject
ZwDeleteFile
RtlCompareUnicodeString
ObfReferenceObject
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
IofCallDriver
wcschr
MmUnmapLockedPages
_stricmp
_strnicmp
RtlVolumeDeviceToDosName
ZwMapViewOfSection
MmGetSystemRoutineAddress
ZwQuerySystemInformation
KeReleaseSpinLock
ZwOpenThread
IoFreeMdl
KeDelayExecutionThread
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
IoGetCurrentProcess
MmProbeAndLockPages
ZwOpenProcess
MmUnlockPages
ZwQueryInformationProcess
ZwCreateSection
wcsncmp
ZwTerminateProcess
ZwQueryInformationThread
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
ZwQuerySymbolicLinkObject
KeSetEvent
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
IoFreeIrp
IoAllocateIrp
IoGetDeviceInterfaces
IoCreateNotificationEvent
ObQueryNameString
ZwWaitForSingleObject
ZwQueryDirectoryFile
KeResetEvent
KdDebuggerNotPresent
PsCreateSystemThread
PsTerminateSystemThread
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4aCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7bSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 872B

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 872B