Nueva carpeta (3)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Nueva carpeta (3).zip
Size

47KB
MD5

4899157a1ad7712f18cba650832e7bd6
SHA1

20fd722d868748bc8ff0350feb40956d9c01f639
SHA256

f710066483b16a02ddc870782f8b8a078de282cf71c94acf5a8e193745aee1a5
SHA512

d205aef71457b75bd9effab2d67e84495248d5fc3494ba5d866f6204a99764df9b47782d2e31d019d7e016f670ac29a4cf3bbcd38898c005a316a2b395a02284
SSDEEP

768:6HWbY//XRA4kGyzlbAFWofzJM1itaWemk/pgTI8nBHLdSHCRx1vrHi2ZSwvBmNXF:6HW83XRA41yzBOziOBeNpOnnBrdPRnGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nueva carpeta (3)/regsvr32.exe
unpack001/Nueva carpeta (3)/rundll32.exe

Files

Nueva carpeta (3).zip
.zip
Nueva carpeta (3)/dllhost.exe
.exe windows:10 windows x86

b6a6c5247efbd2610e3dea44649d7041

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:06:ee:39:90:35:35:25:94:d2:c1:6e:be:f2:40:98:ba:b9:15:77:a4:de:2d:38:33:2a:49:ac:52:e6:af:b5
Signer

Actual PE Digest

7c:06:ee:39:90:35:35:25:94:d2:c1:6e:be:f2:40:98:ba:b9:15:77:a4:de:2d:38:33:2a:49:ac:52:e6:af:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_terminate
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtSetInformationProcess

api-ms-win-core-com-private-l1-1-0

CoRegisterSurrogateEx

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
IIDFromString

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nueva carpeta (3)/regsvr32.exe
.exe windows:10 windows x86

99bbf1337f3da5cfab67854df4ade1d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wprintf
_except_handler4_common
_controlfp
_initterm
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcsncpy_s
strcat_s
__wargv
__setusermatherr
__p__fmode
swprintf_s
wcscat_s
wcscpy_s
_wsplitpath_s
__argc
_cexit
?terminate@@YAXXZ
memset

ntdll

RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
EtwEventWriteNoRegistration
NtSetInformationProcess

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
CreateProcessW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
LoadLibraryExW
GetModuleHandleW
LoadStringW
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
SetFilePointer

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-misc-l1-1-0

LocalAlloc
lstrcmpW

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2W

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nueva carpeta (3)/rundll32.exe
.exe windows:10 windows x86

30b6d4aa5b2b125b0abca749b5d12b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__wgetmainargs
__dllonexit
exit
?terminate@@YAXXZ
_amsg_exit
_controlfp
_except_handler4_common
_exit
_cexit
__p__fmode
__p__commode
_vsnwprintf
_unlock
_lock
__setusermatherr
_initterm
_wcmdln
_onexit
_XcptFilter
free
_purecall
_wtoi
memcpy_s
__CxxFrameHandler3
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoInitializeEx
CoResumeClassObjects
CoInitializeSecurity
CoCreateInstance
CoRegisterClassObject
CoWaitForMultipleHandles
CoUninitialize
CoRevokeClassObject
CLSIDFromString
CoAddRefServerProcess

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
GetFileAttributesW
CreateFileW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
LoadStringW
GetModuleHandleExW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateEventW
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetCurrentProcessId
ExitProcess
GetCurrentProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ReleaseActCtx
CreateActCtxW
ActivateActCtx
QueryActCtxW

api-ms-win-downlevel-shlwapi-l1-1-0

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-0

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtSetInformationToken
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
NtSetInformationProcess
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6a6c5247efbd2610e3dea44649d7041

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

7c:06:ee:39:90:35:35:25:94:d2:c1:6e:be:f2:40:98:ba:b9:15:77:a4:de:2d:38:33:2a:49:ac:52:e6:af:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 904B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 372B

99bbf1337f3da5cfab67854df4ade1d8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 856B

30b6d4aa5b2b125b0abca749b5d12b3a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-1-0

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7c:06:ee:39:90:35:35:25:94:d2:c1:6e:be:f2:40:98:ba:b9:15:77:a4:de:2d:38:33:2a:49:ac:52:e6:af:b5
Signer

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 904B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 372B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 856B

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 136B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB