Change My Software 7 Edition[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Change My Software 7 Edition.zip
Size

2.5MB
MD5

5e97672ff3d461e79adaec7e644aff67
SHA1

293d71a3cc301a6c7e535cf4e82abba9cd6a36f1
SHA256

b5263cf471f3885e0417c1f72f6a7fd32903cef2514f8a34f5f706a3e58cb754
SHA512

86f9ffc901a958270b92e3b8559aeab993265a516dbfcdd1d83346452e9decf8d840ab336245a7eabc5e3fe6514152944a7863778f80f98a4fc418b7962a0a21
SSDEEP

49152:ADdF4hGqCJIS9wsseDPUS328ldH16sgJUvjbGO4oHSXsaFak1mon7gm:kFQ/CJDtse7US3ApJU7bw6QckRUm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Change My Software 7 Edition/Change My Software 7 Edition.exe

Files

Change My Software 7 Edition.zip
.zip
Change My Software 7 Edition/Change My Software 7 Edition.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Change My Software 7 Edition/cnct14.dat
Change My Software 7 Edition/device_test.dll
.dll regsvr32 windows:5 windows x86

0c137f2991b6d7df1e28d6131824a83d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64
Signer

Actual PE Digest

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData

kernel32

InterlockedExchange
DisableThreadLibraryCalls
GlobalReAlloc
GlobalSize
SetCurrentDirectoryW
LoadLibraryA
DeleteCriticalSection
LoadLibraryExW
lstrcmpiW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetFullPathNameA
FindFirstFileA
GetVersionExA
IsValidCodePage
CreateFileA
CreateFileMappingA
GetACP
SetEnvironmentVariableW
SetPriorityClass
OpenProcess
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalFree
lstrcmpW
IsDBCSLeadByte
GetCurrentDirectoryW
GetSystemDirectoryW
GetModuleHandleExW
GetSystemDefaultLangID
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetShortPathNameA
GetShortPathNameW
GetFileTime
HeapCreate
LocalAlloc
GetConsoleOutputCP
CompareStringW
EnumResourceNamesA
CreateThread
InitializeCriticalSection
SetEvent
CreateEventW
FindAtomW
FreeLibrary
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetSystemInfo
SwitchToThread
FindNextFileW
RemoveDirectoryW
GetTempPathW
GetVolumeInformationW
SetFileTime
CompareFileTime
FreeResource
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempFileNameW
CreateFileW
GetFileType
CopyFileW
DeleteFileW
GetFileSize
MoveFileW
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
GetFullPathNameW
GetVersionExW
LoadLibraryW
CloseHandle
SetFileAttributesW
FindFirstFileW
FindClose
FormatMessageW
LocalFree
GetFileAttributesW
CreateDirectoryW
GetEnvironmentVariableW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
DecodePointer
EncodePointer
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
GetCurrentProcess
FlushInstructionCache
SetLastError
GetProcAddress
GetModuleHandleW
GetLastError
MultiByteToWideChar
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
InterlockedDecrement

msvcr100

iswalpha
wcsspn
??3@YAXPAX@Z
wmemcpy_s
memcpy_s
wcsrchr
wcsnlen
free
malloc
_recalloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_strnicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wmkdir
_waccess_s
_swab
_waccess
_snwprintf_s
_CIfmod
_stricmp
_CIpow
_isnan
tolower
wprintf
_wmakepath_s
atof
sprintf_s
strncat_s
strcat_s
_ecvt_s
_ui64tow_s
_i64tow_s
_mktime64
_localtime64
_vsnwprintf
__iob_func
fwprintf
_vsnwprintf_s
printf
??0exception@std@@QAE@XZ
wcstoul
_wcstoi64
_errno
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_ultow_s
_itow_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_ltow_s
bsearch
_itow
wcstok
_wfullpath
_fullpath
_wtol
iswdigit
wcsncpy
_localtime64_s
ceil
floor
_time64
_wsplitpath_s
_wcslwr_s
_wcsicmp
wcsncmp
_wcsnicmp
wcspbrk
__CxxFrameHandler3
_CxxThrowException
memmove
memcpy
memset
??2@YAPAXI@Z
_resetstkoflw
calloc
_purecall
memmove_s
_vscwprintf
vswprintf_s
wcsstr
wcschr
wcsncpy_s
wcscpy_s
wcscat_s
wcstok_s
swprintf_s
qsort
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
iswspace

oleaut32

VarBstrFromDate
GetErrorInfo
CreateErrorInfo
SetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SafeArrayLock
SafeArrayGetVartype
SafeArrayUnlock
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
QueryPathOfRegTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLibEx
SafeArrayCreate
VarBstrCmp
VarBstrCat
VariantChangeType
VarCmp
VarBoolFromStr
VarBstrFromDec
VarDecCmp
VarDecFromStr
VarR8FromStr
VarR4FromR8
VarUI4FromR4
VarUI4FromR8
VarUI4FromDec
VarR8FromDec
VarDecFromR8
VarDecAdd
VarDecSu
VarDecMul
VarDecDiv
VarDecFix
VarDecNeg
SysReAllocStringLen
SafeArrayPutElement
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData

ole32

CoUninitialize
CoWaitForMultipleHandles
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
OleDuplicateData
CreateDataAdviseHolder
CoRegisterMessageFilter
CoInitializeEx
StringFromIID
OleFlushClipboard
CreateStreamOnHGlobal
CoCreateGuid
CoGetClassObject
IIDFromString
StringFromCLSID
CoCreateFreeThreadedMarshaler
CLSIDFromString
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

user32

IsCharAlphaNumericW
IsCharAlphaW
OpenClipboard
EmptyClipboard
CloseClipboard
LoadImageW
RegisterClipboardFormatW
IsClipboardFormatAvailable
SendDlgItemMessageW
GetDlgCtrlID
GetParent
GetDlgItem
EnableWindow
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
DialogBoxIndirectParamW
EndDialog
DialogBoxParamW
SetWindowLongW
CharNextW
UnregisterClassA
LoadStringW
IsWindowEnabled
GetActiveWindow
MessageBoxW
GetCursorPos
LoadCursorW
SetCursor
ReleaseDC
GetDC
MessageBoxIndirectW
SetWindowTextW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DestroyWindow
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetDlgItemTextW
SetFocus
SendMessageW
DispatchMessageW
ScreenToClient
DrawTextExW
IsDlgButtonChecked

comctl32

ImageList_LoadImageW
ImageList_Destroy

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mscoree

LoadLibraryShim
GetCORSystemDirectory
GetFileVersion
CorBindToCurrentRuntime
GetRealProcAddress
StrongNameKeyDelete

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

gdi32

GetTextExtentPointW
GetStockObject
SelectObject
CopyMetaFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 958KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Change My Software 7 Edition/drvindex.dat
Change My Software 7 Edition/infpub.dat
Change My Software 7 Edition/readme.htm
Change My Software 7 Edition/src_obb.dat
Change My Software 7 Edition/update.1
__MACOSX/._Change My Software 7 Edition
__MACOSX/Change My Software 7 Edition/._Change My Software 7 Edition.exe
__MACOSX/Change My Software 7 Edition/._cnct14.dat
__MACOSX/Change My Software 7 Edition/._device_test.dll
__MACOSX/Change My Software 7 Edition/._drvindex.dat
__MACOSX/Change My Software 7 Edition/._infpub.dat
__MACOSX/Change My Software 7 Edition/._readme.htm
__MACOSX/Change My Software 7 Edition/._source_data
__MACOSX/Change My Software 7 Edition/._src_obb.dat
__MACOSX/Change My Software 7 Edition/._update.1

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 249KB - Virtual size: 249KB

.sdata Size: 512B - Virtual size: 280B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

0c137f2991b6d7df1e28d6131824a83d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr100

oleaut32

ole32

user32

comctl32

version

mscoree

msvcp100

gdi32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.data Size: 65KB - Virtual size: 67KB

.rsrc Size: 958KB - Virtual size: 957KB

.reloc Size: 134KB - Virtual size: 134KB

.text
Size: 249KB - Virtual size: 249KB

.sdata
Size: 512B - Virtual size: 280B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

12:f4:23:c2:53:36:23:d9:61:23:84:41:5a:b4:49:89:5b:13:44:64
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 65KB - Virtual size: 67KB

.rsrc
Size: 958KB - Virtual size: 957KB

.reloc
Size: 134KB - Virtual size: 134KB