11891921213[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11891921213.zip
Size

40KB
MD5

0de9f7202f97582ceaa8e0e344ecb478
SHA1

b860c7192f83ce9642a00589344fcb802917d66c
SHA256

c64ab9ecd38f8dd40dc8d0706152fc17b77a0c03f136e8d81d0549d7bdd4c5b6
SHA512

a1cecee282dfbd0af5b3266a908ff7d5165af5b07343a0397ff8efc44d2499c275a567b042245cfd66eba9fe66be65cb4c525f8eafbff6490d2807027e577810
SSDEEP

768:Wth+3rdYaghsB8YIOGgzoj7Wqg2hZxBOJHEvgdXLuNSCBoVw3uGfxkSKX2:WerdYaBvzS7vCksLCvgBSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1146b1f38e420936b7c5f6b22212f3aa93515f3738c861f499ed1047865549cb
unpack001/9117bd328e37be121fb497596a2d0619a0eaca44752a1854523b8af46a5b0ceb
unpack001/c5b4542d61af74cf7454d7f1c8d96218d709de38f94ccfa7c16b15f726dc08c0
unpack001/e1ad173e49eee1194f2a55afa681cef7c3b8f6c26572f474dec7a42e9f0cdc9d

Files

11891921213.zip
.zip

Password: infected
1146b1f38e420936b7c5f6b22212f3aa93515f3738c861f499ed1047865549cb
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3875ed58c0d42e05c83843b32ed33d6ba5e94e18ffe8fb1bf34fd7dedf3f82a7
.exe windows:6 windows x64

b552436fca61b3d053aae8e1e0ee5d0c

Code Sign

4c:17:7a:97
Certificate

Issuer

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Not Before

04/06/2014, 21:45

Not After

07/06/2017, 10:54

Subject

CN=Netgear Inc.,O=Netgear Inc.,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:5c:20:41:ee:0e:07:a2:b3:8e:ef:a1:c8:b9:b3:29:e6:c1:46:c9
Signer

Actual PE Digest

7c:5c:20:41:ee:0e:07:a2:b3:8e:ef:a1:c8:b9:b3:29:e6:c1:46:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7495c1ea421063845eb8f4599a1c17c105f700ca0671ca874c5aa5aef3764c1c
.exe windows:6 windows x64

b552436fca61b3d053aae8e1e0ee5d0c

Code Sign

a7:5a:f1:6c:b1:56:98:23:09:5a:4c:76:e1:67:82:84
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2020, 00:00

Not After

28/04/2021, 23:59

Subject

CN=Jeromin Cody Eric,O=Jeromin Cody Eric,POSTALCODE=V6W 0B8,STREET=911-10870 No.5 rd,L=Richmond,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:ff:af:54:b0:76:fe:1d:15:b9:f4:63:1e:63:f5:f4:19:9f:2e:74
Signer

Actual PE Digest

72:ff:af:54:b0:76:fe:1d:15:b9:f4:63:1e:63:f5:f4:19:9f:2e:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9117bd328e37be121fb497596a2d0619a0eaca44752a1854523b8af46a5b0ceb
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c5b4542d61af74cf7454d7f1c8d96218d709de38f94ccfa7c16b15f726dc08c0
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e1ad173e49eee1194f2a55afa681cef7c3b8f6c26572f474dec7a42e9f0cdc9d
.exe windows:6 windows x64

b552436fca61b3d053aae8e1e0ee5d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 244B

.data Size: 9KB - Virtual size: 8KB

.pdata Size: 512B - Virtual size: 60B

.rsrc Size: 512B - Virtual size: 16B

b552436fca61b3d053aae8e1e0ee5d0c

Code Sign

4c:17:7a:97Certificate

Extended Key Usages

Key Usages

7c:5c:20:41:ee:0e:07:a2:b3:8e:ef:a1:c8:b9:b3:29:e6:c1:46:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 244B

.data Size: 9KB - Virtual size: 8KB

.pdata Size: 512B - Virtual size: 60B

.rsrc Size: 1024B - Virtual size: 864B

b552436fca61b3d053aae8e1e0ee5d0c

Code Sign

a7:5a:f1:6c:b1:56:98:23:09:5a:4c:76:e1:67:82:84Certificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

72:ff:af:54:b0:76:fe:1d:15:b9:f4:63:1e:63:f5:f4:19:9f:2e:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 244B

.data Size: 9KB - Virtual size: 8KB

.pdata Size: 512B - Virtual size: 60B

.rsrc Size: 512B - Virtual size: 16B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 176B

.data Size: 5KB - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 96B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 176B

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 512B - Virtual size: 96B

b552436fca61b3d053aae8e1e0ee5d0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 284B

.data Size: 5KB - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 9KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 16B

4c:17:7a:97
Certificate

7c:5c:20:41:ee:0e:07:a2:b3:8e:ef:a1:c8:b9:b3:29:e6:c1:46:c9
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 9KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 60B

.rsrc
Size: 1024B - Virtual size: 864B

a7:5a:f1:6c:b1:56:98:23:09:5a:4c:76:e1:67:82:84
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

72:ff:af:54:b0:76:fe:1d:15:b9:f4:63:1e:63:f5:f4:19:9f:2e:74
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 9KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 16B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 176B

.data
Size: 5KB - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 96B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 176B

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 512B - Virtual size: 96B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 284B

.data
Size: 5KB - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 84B

.rsrc
Size: 1KB - Virtual size: 1KB