C0192B51F8035AEC23DD4DBB3AECFC0F[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

C0192B51F8035AEC23DD4DBB3AECFC0F.zip
Size

30KB
MD5

4877976916f6740e7102c5ee5394f56b
SHA1

baed9817f4b2c25656082c30878ebe0ad42be9c8
SHA256

5e095c8ccc1643356c9701372aa793ed03123a0b09537cfe28aa7af42a5e2cff
SHA512

1d32cc630364bc2bcf312e7690e954dc633ac44e66a72416e15d8bf2af90fff37af040ccce23dc68df7324087c14a4be2ab6d4ab438b31f7b4e64b031ed0d25b
SSDEEP

768:8+CzTFRh4VgNvv+YLUIXMx19vskIQclBHMQZ40jf3:8JTFb4SNvmYJ+1pI1HMm4A3

Score

1^/10

Malware Config

Signatures

Files

C0192B51F8035AEC23DD4DBB3AECFC0F.zip
.zip

Password: infected
details.json
svchost.exe/svchost.exe
.exe windows:10 windows x64

d8c4e4978657cea220b495778c972e64

Code Sign

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2021, 19:15

Not After

28/04/2022, 19:15

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:5f:3f:c7:f0:bd:26:d4:05:24:bd:a4:80:81:fd:4f:1e:cf:81:ec:03:07:28:8a:0d:7f:87:79:7a:42:d0:9a
Signer

Actual PE Digest

07:5f:3f:c7:f0:bd:26:d4:05:24:bd:a4:80:81:fd:4f:1e:cf:81:ec:03:07:28:8a:0d:7f:87:79:7a:42:d0:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-crt-l2-1-0

exit
_initterm_e
_initterm
__wgetmainargs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
ExitProcess
SetProcessAffinityUpdateMode
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetErrorMode
UnhandledExceptionFilter

api-ms-win-core-crt-l1-1-0

memset
qsort_s
memcpy
_wcsicmp

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDisablePredefinedCacheEx
RegQueryValueExW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetLengthSid
SetSecurityDescriptorOwner

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

EtwEventRegister
TpAllocWait
TpSetWait
RtlNtStatusToDosErrorNoTeb
TpReleaseWait
NtSetInformationProcess
EtwEventWrite
RtlAllocateHeap
RtlFreeHeap
TpSetTimerEx
TpWaitForTimer
TpReleaseTimer
TpSetTimer
TpAllocTimer
RtlQueryHeapInformation
RtlUnhandledExceptionFilter
_vsnwprintf
RtlSetProcessIsCritical
RtlImageNtHeader
RtlValidSecurityDescriptor
NtQuerySystemInformation
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
EtwEventEnabled

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d8c4e4978657cea220b495778c972e64

Code Sign

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

07:5f:3f:c7:f0:bd:26:d4:05:24:bd:a4:80:81:fd:4f:1e:cf:81:ec:03:07:28:8a:0d:7f:87:79:7a:42:d0:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-crt-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 1KB

.didat Size: 4KB - Virtual size: 192B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 148B

33:00:00:02:f4:9e:46:9c:54:13:7b:85:e0:00:00:00:00:02:f4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

07:5f:3f:c7:f0:bd:26:d4:05:24:bd:a4:80:81:fd:4f:1e:cf:81:ec:03:07:28:8a:0d:7f:87:79:7a:42:d0:9a
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 1KB

.didat
Size: 4KB - Virtual size: 192B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 148B