370b0a0b09606f567969f2344652b925647619cebfff60b42d12dfd43de82c7f[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

370b0a0b09606f567969f2344652b925647619cebfff60b42d12dfd43de82c7f.exe.zip
Size

3.6MB
MD5

4ee66eb7a9594dd985e075171c81d96a
SHA1

35e05034bab654e0748d836e77a365191f83754a
SHA256

71ec6cbb79d45f2b652c25afe8cac24937c828e886b4421bdc28ed91bd02101f
SHA512

62d156db3c8c55e7821583f589653f555e9e6ca5fbec3075dfe59e45a62ca162f352fa7e82cb561c7397124acf9924c5c758f5e9f504808002fab1ff6c80b3c4
SSDEEP

98304:+3R+lUzLP+N+zvTfEDjrxOLqJo8xZP72XmQyU:CR+SLO0bfEDjdOLqmEP72XmDU

Score

1^/10

Malware Config

Signatures

Files

370b0a0b09606f567969f2344652b925647619cebfff60b42d12dfd43de82c7f.exe.zip
.zip

Password: infected
370b0a0b09606f567969f2344652b925647619cebfff60b42d12dfd43de82c7f.exe
.exe windows:4 windows x64

6fc85fff1ee6fcb3e0fc59cb8d663aa0

Code Sign

08:43:4f:5e:e3:be:27:16:b1:2e:8c:0f:89:8a:f8:ce
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/11/2022, 00:00

Not After

18/10/2025, 23:59

Subject

CN=Datto Inc,O=Datto Inc,L=Norwalk,ST=Connecticut,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d7:82:4f:04:f2:bb:1e:f1:0b:5c:ef:9b:ee:8f:4f:16:c1:7f:1f:a7
Signer

Actual PE Digest

d7:82:4f:04:f2:bb:1e:f1:0b:5c:ef:9b:ee:8f:4f:16:c1:7f:1f:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDecrypt
BCryptDeriveKey
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptEncrypt
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptVerifySignature

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringA
CertNameToStrA
CertOpenStore
CryptDecodeObject
CryptDecodeObjectEx
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

fwpuclnt

FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterAdd0
FwpmFilterCreateEnumHandle0
FwpmFilterDeleteById0
FwpmFilterDestroyEnumHandle0
FwpmFilterEnum0
FwpmFreeMemory0
FwpmProviderAdd0
FwpmProviderDeleteByKey0
FwpmProviderGetByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0

kernel32

AreFileApisANSI
CreateFileA
CreateFileMappingW
CreateMutexW
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeLibrary
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFileSizeEx
GetFullPathNameA
GetModuleFileNameA
GetSystemTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapCompact
HeapCreate
HeapDestroy
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
RemoveVectoredExceptionHandler
SetEndOfFile
SetFilePointer
TryEnterCriticalSection
UnlockFile
UnlockFileEx
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CancelIoEx
CloseHandle
CompareStringOrdinal
ConnectNamedPipe
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DisconnectNamedPipe
DuplicateHandle
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameExW
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessTimes
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimes
GetTickCount64
GetTimeZoneInformation
GetWindowsDirectoryW
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
IsDBCSLeadByteEx
LoadLibraryA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
OpenProcess
OpenThread
PostQueuedCompletionStatus
Process32First
Process32Next
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputW
ReadConsoleW
ReadFile
ReadFileEx
ReadProcessMemory
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlAddFunctionTable
RtlUnwindEx
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetErrorMode
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx
__C_specific_handler

psapi

EnumDeviceDrivers
EnumProcessModulesEx
EnumProcesses
GetDeviceDriverFileNameW
GetMappedFileNameA
GetModuleFileNameExW
GetProcessImageFileNameA
GetProcessMemoryInfo

shell32

CommandLineToArgvW

tdh

TdhGetEventInformation
TdhGetProperty
TdhGetPropertySize

user32

CloseClipboard
GetClipboardData
OpenClipboard

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WinVerifyTrust

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
ioctlsocket
recv
select
send
setsockopt
shutdown

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
ControlService
ControlTraceW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSidToSidA
CreateServiceW
DeleteService
EnableTrace
GetTokenInformation
ImpersonateSelf
IsWellKnownSid
LookupAccountNameW
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
OpenTraceW
ProcessTrace
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
StartTraceW
SystemFunction036

iphlpapi

GetAdaptersAddresses
GetBestInterface
GetExtendedTcpTable

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_difftime64
_endthreadex
_errno
_fmode
_fpreset
_fstat64
_gmtime64
_initterm
_localtime64
_lock
_mktime64
_onexit
_pclose
_popen
_setjmp
_snprintf
_stricmp
_strnicmp
_strtoi64
_time64
_unlock
_vsnprintf
abort
acos
asin
atan2
atof
atoi
calloc
ceil
clearerr
clock
cos
exit
exp
fclose
feof
ferror
fflush
fgets
floor
fmod
fopen
fprintf
fputc
fread
free
freopen
frexp
fseek
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
ldexp
localeconv
log
log10
malloc
memchr
memcmp
memcpy
memmove
memset
pow
printf
putchar
puts
qsort
rand
realloc
remove
rename
rewind
setlocale
setvbuf
signal
sin
sprintf
sqrt
srand
sscanf
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
system
tan
tmpfile
tmpnam
tolower
toupper
ungetc
vfprintf
wcslen
longjmp
_read
_open
_close

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

ntdll

NtCancelIoFileEx
NtClose
NtCreateFile
NtDeleteKey
NtDeleteValueKey
NtDeviceIoControlFile
NtEnumerateKey
NtEnumerateValueKey
NtOpenKey
NtQueryInformationProcess
NtQueryInformationThread
NtQuerySystemInformation
NtSetValueKey
RtlCaptureContext
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlVirtualUnwind

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity

oleaut32

SysAllocString
SysFreeString

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
TranslateNameA

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6fc85fff1ee6fcb3e0fc59cb8d663aa0

Code Sign

08:43:4f:5e:e3:be:27:16:b1:2e:8c:0f:89:8a:f8:ceCertificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

d7:82:4f:04:f2:bb:1e:f1:0b:5c:ef:9b:ee:8f:4f:16:c1:7f:1f:a7Signer

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

fwpuclnt

kernel32

psapi

shell32

tdh

user32

wintrust

ws2_32

advapi32

iphlpapi

msvcrt

netapi32

ntdll

ole32

oleaut32

secur32

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.data Size: 23KB - Virtual size: 22KB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.pdata Size: 164KB - Virtual size: 164KB

.xdata Size: 185KB - Virtual size: 185KB

.bss Size: - Virtual size: 9KB

.idata Size: 19KB - Virtual size: 18KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 48KB - Virtual size: 47KB

08:43:4f:5e:e3:be:27:16:b1:2e:8c:0f:89:8a:f8:ce
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

d7:82:4f:04:f2:bb:1e:f1:0b:5c:ef:9b:ee:8f:4f:16:c1:7f:1f:a7
Signer

.text
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 23KB - Virtual size: 22KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.pdata
Size: 164KB - Virtual size: 164KB

.xdata
Size: 185KB - Virtual size: 185KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 19KB - Virtual size: 18KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 48KB - Virtual size: 47KB