12237282232[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

12237282232.zip
Size

1.3MB
MD5

82de33bfe9e83d8e341ffd8544a217b2
SHA1

2277e5c928245601f84753234e9f95e365b5070b
SHA256

877f2d2d1fa8ee9939c34f4171ae43a40018775ed5b07533bc30dab157357643
SHA512

5d06fd5ea905cb873b62499593eea60530b27c1f05f220fef22eee8522d4065bd48d89c09c6c97c606122938b44b44b4dc5ef8e4d9a0036c3f45be35bf1aa64d
SSDEEP

24576:cA2EejIwg0BKI8orVH8unlZRLRehFD5M2Xir5RNlbwlHAZZ:cA2EejIwZD8Hunl7cD5jXHRAZZ

Score

1^/10

Malware Config

Signatures

Files

12237282232.zip
.zip

Password: infected
214f92c9d3995471c807c114f2f6d330ba661ecaf57a9cf742e3e29483eb94e3
.exe windows:5 windows x86

29ea8aad87705808616f41b14ff18514

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

28/12/2022, 22:16

Not After

28/12/2023, 22:16

Subject

SERIALNUMBER=1242287,CN=Mack Digital Marking\, LLC,O=Mack Digital Marking\, LLC,L=Louisville,ST=Kentucky,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084b656e7475636b79,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:cd:33:6f:4d:6b:c5:b8:18:56:f7:6f:f5:56:e1:9f:da:4c:9a:ec:cd:5d:0e:d3:6d:bc:c6:dc:a2:b5:28:47
Signer

Actual PE Digest

d7:cd:33:6f:4d:6b:c5:b8:18:56:f7:6f:f5:56:e1:9f:da:4c:9a:ec:cd:5d:0e:d3:6d:bc:c6:dc:a2:b5:28:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

timeGetTime

comctl32

ImageList_Destroy
ImageList_Add
ImageList_GetImageCount
ImageList_Read
ImageList_DragMove
ImageList_GetIcon
ImageList_DrawIndirect
ImageList_GetBkColor
_TrackMouseEvent
ImageList_Draw
ImageList_Create
FlatSB_GetScrollInfo
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_Write
ImageList_SetIconSize
FlatSB_SetScrollProp
ImageList_BeginDrag
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
ImageList_DragEnter
InitializeFlatSB
ImageList_SetImageCount
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_EndDrag
FlatSB_GetScrollPos
ImageList_Remove
ImageList_DrawEx

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

user32

DispatchMessageA
IsIconic
UnregisterClassW
CharLowerBuffW
GetWindowRect
GetSystemMetrics
DefFrameProcW
ReleaseCapture
SystemParametersInfoW
SetForegroundWindow
SetClassLongW
AdjustWindowRectEx
GetWindowPlacement
GetDC
SetWindowPos
EnumChildWindows
SwitchToThisWindow
EnumWindows
CreatePopupMenu
SetWindowPlacement
GetMenuItemInfoW
CharNextW
DestroyWindow
SetFocus
EnableMenuItem
CharLowerW
InsertMenuItemW
LoadCursorW
SetMenuItemInfoW
GetScrollPos
SetWindowLongW
GetPropW
GetClassNameW
GetScrollRange
IsWindowUnicode
EnumThreadWindows
CreateIcon
ShowOwnedPopups
GetCursorPos
CharUpperW
DestroyMenu
GetDCEx
GetParent
MapVirtualKeyW
FindWindowExW
IsDialogMessageW
LoadStringW
SetPropW
CreateIconIndirect
TrackPopupMenu
MsgWaitForMultipleObjectsEx
LoadBitmapW
EnableScrollBar
GetMenuState
SetScrollPos
PostQuitMessage
DefWindowProcW
PeekMessageA
EnumClipboardFormats
DestroyCursor
GetDesktopWindow
DrawFrameControl
GetMenuStringW
IsWindow
GetClassInfoW
IsZoomed
CallWindowProcW
LoadIconW
ShowWindow
ActivateKeyboardLayout
DrawIcon
CreateMenu
GetClientRect
EndPaint
UnhookWindowsHookEx
GetMessagePos
SetWindowRgn
GetForegroundWindow
GetSubMenu
FillRect
CheckMenuItem
GetKeyboardLayoutList
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetWindowTextW
GetCursor
TranslateMDISysAccel
SetParent
GetIconInfo
RemoveMenu
SetMenu
IsDialogMessageA
KillTimer
SetScrollInfo
GetKeyNameTextW
DrawMenuBar
ShowCaret
GetFocus
GetLastActivePopup
UpdateWindow
EnumDisplayMonitors
GetMonitorInfoW
FindWindowW
GetScrollInfo
DefMDIChildProcW
SetCapture
ClientToScreen
GetKeyboardLayout
IsWindowEnabled
RegisterWindowMessageW
RedrawWindow
EnableWindow
GetMenu
GetKeyboardLayoutNameW
RegisterClassW
WindowFromPoint
BeginPaint
IsWindowVisible
MonitorFromPoint
DrawTextW
CreateWindowExW
GetTopWindow
PostMessageW
SetCursorPos
GetDlgCtrlID
EndMenu
WaitMessage
DispatchMessageW
DrawTextExW
CharUpperBuffW
SetCursor
SetRect
SendMessageA
DrawEdge
GetWindowDC
LoadKeyboardLayoutW
SetTimer
ShowScrollBar
GetClipboardData
SendMessageW
GetMessageExtraInfo
ScreenToClient
DeleteMenu
GetCapture
MessageBoxW
GetSysColor
SetActiveWindow
MessageBeep
ReleaseDC
GetMenuItemCount
InvalidateRect
GetActiveWindow
SetScrollRange
DrawFocusRect
HideCaret
ScrollWindow
CopyImage
DestroyIcon
GetWindowLongW
GetWindow
GetSystemMenu
MapWindowPoints
GetMenuItemID
CallNextHookEx
InsertMenuW
GetKeyboardState
IsChild
DrawIconEx
FrameRect
GetWindowThreadProcessId
MsgWaitForMultipleObjects
TranslateMessage
SetWindowsHookExW
PeekMessageW
GetClassLongW
MonitorFromWindow
RemovePropW
GetKeyState
SetWindowTextW
GetSysColorBrush

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleaut32

SysReAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantInit
SysFreeString
VariantClear
SysAllocStringLen
SafeArrayCreate
VariantCopy
GetErrorInfo
VariantChangeType

advapi32

RegOpenKeyExW
RegCloseKey
OpenProcessToken
QueryServiceStatus
OpenSCManagerW
RegFlushKey
AdjustTokenPrivileges
GetUserNameW
OpenServiceW
RegQueryValueExW
LookupPrivilegeValueW

netapi32

NetApiBufferFree
NetWkstaGetInfo

msvcrt

memcpy

winhttp

WinHttpWriteData
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSetOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpQueryOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest

kernel32

FindFirstFileW
GlobalFree
ExitProcess
HeapAlloc
FindClose
LoadLibraryExW
WideCharToMultiByte
HeapCreate
FileTimeToSystemTime
GetACP
GetDriveTypeW
GetUserDefaultUILanguage
DeleteCriticalSection
TerminateThread
GetCurrentThread
GetCurrentThreadId
GetSystemInfo
GetCurrentProcessId
GetLastError
GetStdHandle
HeapDestroy
GetFileSize
HeapFree
GetModuleFileNameW
SetThreadLocale
MulDiv
ResetEvent
IsDebuggerPresent
RaiseException
CloseHandle
SwitchToThread
IsValidLocale
EnterCriticalSection
DeviceIoControl
GetSystemDefaultUILanguage
UnhandledExceptionFilter
CreateEventW
GetCommandLineW
FreeLibrary
GlobalHandle
EnumResourceNamesW
CompareStringW
InitializeCriticalSection
GetFullPathNameW
GetProcAddress
TlsSetValue
GetStartupInfoW
CreateThread
GlobalUnlock
GetDateFormatW
GetCurrentProcess
QueryPerformanceFrequency
GetModuleHandleW
GlobalAddAtomW
QueryPerformanceCounter
CreateDirectoryW
SetEvent
MoveFileW
GetLocaleInfoW
SizeofResource
VerifyVersionInfoW
RtlUnwind
GetThreadPriority
Sleep
GetTempPathW
CreateFileW
GetLocalTime
VirtualProtect
GlobalAlloc
LocalAlloc
lstrlenW
EnumCalendarInfoW
GetVersion
GetCPInfo
SuspendThread
ResumeThread
LoadResource
GetEnvironmentVariableW
VirtualQuery
GlobalFindAtomW
VirtualFree
WaitForMultipleObjectsEx
SetThreadPriority
VirtualAlloc
FindNextFileW
GetFileAttributesW
LocalFree
ReadFile
GetThreadLocale
FindResourceW
FreeResource
VirtualQueryEx
SetFilePointer
LoadLibraryA
MultiByteToWideChar
LockResource
GetVersionExW
GetTimeZoneInformation
GlobalDeleteAtom
WriteFile
LCMapStringW
WaitForSingleObject
LeaveCriticalSection
GetExitCodeThread
GlobalLock
FormatMessageW
GetCPInfoExW
GlobalSize
SetEndOfFile
SetErrorMode
ExitThread
TlsGetValue
GetDiskFreeSpaceW
SetLastError
GetComputerNameW
CreateMutexW
VerSetConditionMask
GetTickCount
LoadLibraryW

ole32

CoInitialize
CoTaskMemAlloc
CoUninitialize
IsEqualGUID
OleInitialize
CoTaskMemFree
OleUninitialize
CoCreateInstance

gdi32

Chord
RestoreDC
SelectPalette
Rectangle
GetStretchBltMode
PolyBezierTo
DeleteObject
DeleteDC
GetPixel
ExtTextOutW
CreateDIBSection
ArcTo
SetWindowOrgEx
CreateHalftonePalette
Polygon
SetBrushOrgEx
StretchBlt
CreateBitmap
CreatePalette
DeleteEnhMetaFile
GetClipBox
CreateCompatibleDC
CopyEnhMetaFileW
GetCurrentPositionEx
UnrealizeObject
SetStretchBltMode
CreateSolidBrush
GetBitmapBits
SetEnhMetaFileBits
Ellipse
GetEnhMetaFilePaletteEntries
RectVisible
GetEnhMetaFileDescriptionW
LineTo
PlayEnhMetaFile
CreateRectRgn
PatBlt
SetTextColor
GetWindowOrgEx
GetEnhMetaFileBits
RealizePalette
FrameRgn
CreatePenIndirect
GetBrushOrgEx
PolyBezier
SetDIBits
GetTextMetricsW
GetDIBits
SelectObject
Pie
SetPixel
SetRectRgn
SetDIBColorTable
GetWinMetaFileBits
AngleArc
GetDeviceCaps
SetBkColor
RoundRect
CreateBrushIndirect
SetViewportOrgEx
GdiFlush
GetStockObject
GetTextExtentPoint32W
SaveDC
GetRgnBox
SetROP2
BitBlt
CreateDIBitmap
CreateFontIndirectW
GetNearestPaletteIndex
EnumFontFamiliesExW
Arc
GetEnhMetaFileHeader
ExcludeClipRect
SetWinMetaFileBits
ExtFloodFill
Polyline
MaskBlt
MoveToEx
GetSystemPaletteEntries
GetTextExtentPointW
GetPaletteEntries
GetObjectW
CreateCompatibleBitmap
IntersectClipRect
GetDIBColorTable
SetBkMode

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

29ea8aad87705808616f41b14ff18514

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6cCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d7:cd:33:6f:4d:6b:c5:b8:18:56:f7:6f:f5:56:e1:9f:da:4c:9a:ec:cd:5d:0e:d3:6d:bc:c6:dc:a2:b5:28:47Signer

Headers

File Characteristics

Imports

winmm

comctl32

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

winhttp

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 133KB - Virtual size: 133KB

.bss Size: - Virtual size: 27KB

.idata Size: 12KB - Virtual size: 12KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 149B

.tls Size: - Virtual size: 88B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 271KB - Virtual size: 271KB

.rsrc Size: 132KB - Virtual size: 132KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d7:cd:33:6f:4d:6b:c5:b8:18:56:f7:6f:f5:56:e1:9f:da:4c:9a:ec:cd:5d:0e:d3:6d:bc:c6:dc:a2:b5:28:47
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 133KB - Virtual size: 133KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 12KB - Virtual size: 12KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 149B

.tls
Size: - Virtual size: 88B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 271KB - Virtual size: 271KB

.rsrc
Size: 132KB - Virtual size: 132KB