8818bf6863dbbcc8ac968c90e802b8c274bc52a911501ec650b473c681494b48[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8818bf6863dbbcc8ac968c90e802b8c274bc52a911501ec650b473c681494b48.exe.zip
Size

7.7MB
MD5

072364d818a98b846adde3bb62200882
SHA1

3ca2dbd88e5c856bb3ff3a0ec4e5caac34a2b8ef
SHA256

d6bfd2e4aaae026059ca0d151acafc88be536e30171da312e80848f0089a994c
SHA512

7b47b685b950cf3daf36478da0f70cfb0597fefb159ebc2127881d84255497253a00b0118d7038fb42a50629a5c63e1ef87e7c70d1accd775be1985ca3ab806c
SSDEEP

196608:77f+zJrCih+B059k/cIcX+mUt62Ia+98QIQp6LhM6J9Rag5:fGz5Ci19k/PmUU2Ia+98QI6eGq9RaG

Score

1^/10

Malware Config

Signatures

Files

8818bf6863dbbcc8ac968c90e802b8c274bc52a911501ec650b473c681494b48.exe.zip
.zip

Password: infected
8818bf6863dbbcc8ac968c90e802b8c274bc52a911501ec650b473c681494b48.exe
.exe windows:5 windows x86

fffc6dd4af0305a60591eac0b5f08a63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:a9:af:38:6e:ba:bc:2c:e1:c4:da:d2:13:b5:ee:6a
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/11/2011, 00:00

Not After

13/11/2016, 23:59

Subject

CN=Adersoft,O=Adersoft,POSTALCODE=75001,STREET=11 rue de Turbigo,L=Paris,ST=NA,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:4d:df:08:83:d6:0b:5d:1d:ef:6e:9d:11:d4:9d:2b:2f:9b:6e:8c
Signer

Actual PE Digest

eb:4d:df:08:83:d6:0b:5d:1d:ef:6e:9d:11:d4:9d:2b:2f:9b:6e:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
DeleteFileW
VirtualAlloc
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
ExitThread
RtlUnwind
HeapReAlloc
ExitProcess
HeapFree
HeapAlloc
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetProfileIntW
SearchPathW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
GlobalFlags
FindResourceExW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrlenA
GlobalGetAtomNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetConsoleMode
GetConsoleCP
DecodePointer
LCMapStringW
ResumeThread
SetThreadPriority
GetTickCount
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
InterlockedExchange
GetCurrentProcessId
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
lstrcmpW
VirtualProtect
ReleaseActCtx
CreateActCtxW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
ActivateActCtx
LoadLibraryW
DeactivateActCtx
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesW
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
CreateFileW
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
FreeLibrary
GetCurrentProcess
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetExitCodeThread
CreateThread
GetModuleFileNameW
Sleep
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SizeofResource
LockResource
LoadResource
FindResourceW
WriteConsoleW

user32

UnionRect
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
GetNextDlgGroupItem
InvalidateRgn
SetRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
DrawStateW
EnumChildWindows
LockWindowUpdate
IsRectEmpty
IsMenu
GetSystemMenu
MonitorFromPoint
UnpackDDElParam
ReuseDDElParam
LoadImageW
DestroyIcon
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
SetClassLongW
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
PostThreadMessageW
InvalidateRect
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
DestroyMenu
GetMenuItemInfoW
IntersectRect
RealChildWindowFromPoint
UnregisterClassW
LoadCursorW
GetSysColorBrush
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
SetWindowContextHelpId
RegisterClipboardFormatW
SystemParametersInfoW
OffsetRect
MessageBeep
IsZoomed
PostQuitMessage
LoadMenuW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
UpdateLayeredWindow
TabbedTextOutW
FillRect
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
SetMenuDefaultItem
IsCharLowerW
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DestroyCursor
GetWindowRgn
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
PtInRect
GetDoubleClickTime
CreateMenu
SubtractRect
CopyIcon
CharUpperBuffW
GetUpdateRect
DrawTextW
FrameRect
GetWindow
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
CopyRect
IsWindow
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
GetFocus
SetFocus
GetWindowRect
GetWindowLongW
GetDlgItem
IsWindowEnabled
UnhookWindowsHookEx
CharUpperW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconW
CharNextW
AllowSetForegroundWindow
KillTimer
SetTimer
SendMessageW
PostMessageW
GetParent
EnableWindow
InflateRect

gdi32

GetTextMetricsW
EnumFontFamiliesExW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
GetRgnBox
CreateRoundRectRgn
GetTextColor
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
GetBkColor
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetTextExtentPoint32W
GetSystemPaletteEntries
Rectangle
GetWindowOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
SelectObject
Escape
ExtTextOutW
CreateSolidBrush
CreateHatchBrush
TextOutW
CreatePen
GetObjectType
SetViewportOrgEx
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetNearestPaletteIndex
GetObjectW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
PatBlt
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateFontIndirectW
OffsetViewportOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegDeleteKeyW
RegQueryValueW
RegEnumKeyW

shell32

SHAppBarMessage
SHCreateDirectoryExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
SHGetFolderPathW
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW

ole32

OleGetClipboard
DoDragDrop
OleLockRunning
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CreateStreamOnHGlobal
CoUninitialize
OleCreateMenuDescriptor
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
IsAccelerator
OleTranslateAccelerator
CoInitialize
OleDestroyMenuDescriptor

oleaut32

SysFreeString
OleCreateFontIndirect
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VarUI4FromStr

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

fffc6dd4af0305a60591eac0b5f08a63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

06:a9:af:38:6e:ba:bc:2c:e1:c4:da:d2:13:b5:ee:6aCertificate

Extended Key Usages

Key Usages

eb:4d:df:08:83:d6:0b:5d:1d:ef:6e:9d:11:d4:9d:2b:2f:9b:6e:8cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 286KB - Virtual size: 285KB

.data Size: 25KB - Virtual size: 57KB

.rsrc Size: 7.0MB - Virtual size: 7.0MB

.reloc Size: 184KB - Virtual size: 184KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

06:a9:af:38:6e:ba:bc:2c:e1:c4:da:d2:13:b5:ee:6a
Certificate

eb:4d:df:08:83:d6:0b:5d:1d:ef:6e:9d:11:d4:9d:2b:2f:9b:6e:8c
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 286KB - Virtual size: 285KB

.data
Size: 25KB - Virtual size: 57KB

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 184KB - Virtual size: 184KB