MDE_File_Sample_dbaf1eeb1794d203b1117778aa71259d9af64500[.]zip

Resubmissions

31/10/2023, 12:30

231031-ppynraga5x 1

31/10/2023, 12:11

231031-pcyszshh49 1

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_dbaf1eeb1794d203b1117778aa71259d9af64500.zip
Size

1.1MB
MD5

a70eabe080c6f6243f585e92c76ec94e
SHA1

75cde09df52dacfbb8af3737214b2ac5e676ac14
SHA256

90a3904ab16b67f09f17e3e1915449bef05bb68d53bb88c7a30071b53edb582a
SHA512

2b8fc9d03c1c5587a17212823b8a3a0a58999e0413e12fe16e4d01cd3c4a5a3f514a2cf63b9b241f63cee488dd4f9c3d6d9f8b9203213e621c55545617ea94d2
SSDEEP

12288:4bqul/UUDTALrJAPS1LvdaURtWIqwx8FBI0SmAyzEDrEhw+TGVGmz6rY9EalE08u:Ful8UDTA/K8dhtrOBd4+agY9lEZ5r2Z3

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_dbaf1eeb1794d203b1117778aa71259d9af64500.zip
.zip

Password: 123
SPClientSvc47350.exe
.exe windows:6 windows x86

Password: 123

c44704e88a6d5e3efa9a66308a534a67

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cf:d0:8a:3c:ee:97:36:73:d5:22:54:d4:32:ba:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/04/2022, 00:00

Not After

11/05/2023, 23:59

Subject

CN=Veriato\, Inc.,O=Veriato\, Inc.,L=Palm Beach Gardens,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:31:95:f5:eb:8c:23:6d:d3:bd:35:0b:c1:d3:48:f0:e4:ce:b2:4a
Signer

Actual PE Digest

4a:31:95:f5:eb:8c:23:6d:d3:bd:35:0b:c1:d3:48:f0:e4:ce:b2:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetStockObject
GetDeviceCaps
DeleteDC
CreateDCA

wsock32

gethostname
ntohl
ntohs
ioctlsocket
accept
bind
closesocket
inet_ntoa
setsockopt
getpeername
getsockname
getsockopt
htonl
htons
shutdown
WSAStartup
listen
WSACleanup
WSASetLastError
WSAGetLastError
gethostbyname
ord1142
ord1141

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA
WTSEnumerateSessionsW
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetWkstaGetInfo

user32

wsprintfW
EnumDisplaySettingsA
UnregisterClassA
wsprintfA
GetForegroundWindow
GetSystemMetrics
GetCursorPos
MessageBoxA
GetWindowTextA
MapVirtualKeyExA
MapVirtualKeyA
GetKeyNameTextA
SetCursor
LoadCursorA
MessageBoxW
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
SetTimer
GetKeyboardLayout
LoadStringA
KillTimer
PostMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
SetPropA
GetPropA
LoadIconA
PostQuitMessage
IsWindow
ShowWindow
CreateDialogParamA
EndDialog
UpdateWindow
CharNextW
CharPrevW
EnumDisplayMonitors

advapi32

FreeSid
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetValueExW
RegOpenKeyExW
RegGetValueW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegEnumValueW
RegQueryValueExW
LookupPrivilegeValueA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetFileSecurityA
RegDeleteValueA
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
GetSecurityInfo
SetEntriesInAclA
GetTokenInformation
InitiateSystemShutdownA
RegConnectRegistryA
RegEnumKeyExA
GetSecurityDescriptorSacl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
GetSecurityDescriptorControl
SetSecurityDescriptorSacl
IsValidSecurityDescriptor
RegGetKeySecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
OpenProcessToken
CreateProcessAsUserA
AdjustTokenPrivileges
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus

shlwapi

PathAppendA
PathRemoveFileSpecA
PathAddBackslashA
PathFileExistsA

ws2_32

WSASend
WSASocketW
WSAAddressToStringW
getaddrinfo
freeaddrinfo
getnameinfo
WSAStringToAddressA
__WSAFDIsSet
connect
recv
recvfrom
select
send
sendto
socket
WSARecv
WSARecvFrom
WSAPoll
WSASendTo

iphlpapi

GetTcp6Table2
GetTcpTable2

kernel32

FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFullPathNameW
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
HeapSize
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
RtlUnwind
ExitThread
GetVersionExW
SetFileAttributesW
GetCurrentDirectoryW
CreatePipe
GetConsoleWindow
GetStdHandle
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
GetStringTypeW
LoadLibraryExW
InterlockedFlushSList
GetCommandLineW
DecodePointer
RaiseException
GetLastError
DeleteTimerQueueTimer
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
CreateFileA
CloseHandle
DeviceIoControl
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SleepEx
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ProcessIdToSessionId
LocalFree
FormatMessageA
CreateWaitableTimerA
VerifyVersionInfoA
WideCharToMultiByte
DeleteFileA
OutputDebugStringA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSize
GetFileTime
ReadFile
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileTime
WriteFile
SetThreadPriority
ResumeThread
GetTickCount
GetSystemDirectoryA
CopyFileA
MoveFileA
VerifyVersionInfoW
GetCurrentProcess
IsWow64Process
GetVolumeInformationA
LoadLibraryA
TerminateProcess
GetExitCodeProcess
OpenProcess
GetTickCount64
Sleep
GetCurrentProcessId
CreateProcessA
lstrlenA
GetComputerNameA
RemoveDirectoryA
GetWindowsDirectoryA
WinExec
MoveFileExA
GetTempPathA
GetTempFileNameA
ReleaseMutex
CreateMutexA
CreateThread
GetComputerNameW
ResetEvent
GetSystemTime
GetLocalTime
GetCurrentThreadId
GetExitCodeThread
MultiByteToWideChar
CreateNamedPipeA
DuplicateHandle
DisconnectNamedPipe
CreateEventW
GetOverlappedResult
ConnectNamedPipe
SetNamedPipeHandleState
CreateFileW
WaitNamedPipeW
FlushFileBuffers
Process32NextW
CreateProcessW
CreateWaitableTimerW
CancelWaitableTimer
CreateToolhelp32Snapshot
Process32FirstW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
CreateNamedPipeW
LocalAlloc
GetModuleFileNameW
GetModuleHandleW
SetFilePointerEx
CreateMutexW
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
TryEnterCriticalSection
LocalReAlloc
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualQuery
CreateDirectoryA
GetDriveTypeA
GetProcessHeap
GetThreadPriority
GetSystemInfo
SetUnhandledExceptionFilter
CreateDirectoryW
ExpandEnvironmentStringsA
GetSystemWow64DirectoryA
GetACP
IsDebuggerPresent
OutputDebugStringW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
QueryPerformanceFrequency
FormatMessageW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
InterlockedPushEntrySList
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
WaitNamedPipeA
InitializeCriticalSectionEx

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoInitialize

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderPathA

oleaut32

SysFreeString
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocString

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

c44704e88a6d5e3efa9a66308a534a67

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:cf:d0:8a:3c:ee:97:36:73:d5:22:54:d4:32:ba:dbCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

4a:31:95:f5:eb:8c:23:6d:d3:bd:35:0b:c1:d3:48:f0:e4:ce:b2:4aSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

wsock32

wtsapi32

netapi32

user32

advapi32

shlwapi

ws2_32

iphlpapi

kernel32

ole32

shell32

oleaut32

secur32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 627KB - Virtual size: 627KB

.data Size: 22KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 115KB - Virtual size: 114KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:cf:d0:8a:3c:ee:97:36:73:d5:22:54:d4:32:ba:db
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

4a:31:95:f5:eb:8c:23:6d:d3:bd:35:0b:c1:d3:48:f0:e4:ce:b2:4a
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 627KB - Virtual size: 627KB

.data
Size: 22KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 115KB - Virtual size: 114KB