bdda9858ed0033fb83ccc04cee2c803ebd4182e90f95216cc32bad036bb6f9bb[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bdda9858ed0033fb83ccc04cee2c803ebd4182e90f95216cc32bad036bb6f9bb.exe.zip
Size

86.6MB
MD5

c81e1f1940382f790c88285f5b72126f
SHA1

3961db45de32ca02e9ad95f5f2a02b6438f656da
SHA256

7660a9800ee1812ea3d07972d838fed6ef7bb04bd6c85387cce53c4f2630c745
SHA512

ce3543eedb817486458f37cce9fcdbc7b7482e5d611f00bcf48cea18576d9cc117fd2b2b76a4d596aa7c13f21160ad3b994f63ef500c59d81bad8a93479a13e7
SSDEEP

1572864:WNZHkq5W0zJW9b6zoudGvTyK/Bq0YoB2z12fyEJ7CDrN59QFpKxxt1bfWOF7:WNA79WW71BqbAfyEADp7yKvb+OF7

Score

1^/10

Malware Config

Signatures

Files

bdda9858ed0033fb83ccc04cee2c803ebd4182e90f95216cc32bad036bb6f9bb.exe.zip
.zip

Password: infected
bdda9858ed0033fb83ccc04cee2c803ebd4182e90f95216cc32bad036bb6f9bb.exe
.exe windows:5 windows x86

84b96ef015db87a90860a88f69d5bebe

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:61:79:48:d4:68:5f:ec:dd:e5:ac:df:88:c6:fd:2d:0e:c7:9c:cc:bf:93:3a:d9:35:1c:e3:97:53:1a:1c:fb
Signer

Actual PE Digest

e6:61:79:48:d4:68:5f:ec:dd:e5:ac:df:88:c6:fd:2d:0e:c7:9c:cc:bf:93:3a:d9:35:1c:e3:97:53:1a:1c:fb

Digest Algorithm

sha256

PE Digest Matches

true

11:8e:d0:7e:99:d7:a2:80:b2:57:44:d3:d4:84:6c:20:59:24:5a:c8
Signer

Actual PE Digest

11:8e:d0:7e:99:d7:a2:80:b2:57:44:d3:d4:84:6c:20:59:24:5a:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
GetFileSizeEx
OutputDebugStringW
HeapAlloc
GetProcessHeap
TerminateThread
CreateThread
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
CreateMutexW
GlobalDeleteAtom
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentThread
TerminateProcess
GetSystemTime
FindAtomW
GlobalAddAtomW
WideCharToMultiByte
HeapFree
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
lstrcatW
GetDiskFreeSpaceExW
GetLocalTime
InterlockedCompareExchange
QueryPerformanceCounter
QueryPerformanceFrequency
GetPrivateProfileIntW
lstrlenA
SystemTimeToFileTime
GetFileTime
InterlockedExchange
GetFullPathNameW
SetLastError
lstrlenW
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FindFirstFileW
FreeResource
GetSystemWindowsDirectoryW
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
SetHandleCount
FindNextFileW
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetModuleHandleA
HeapCreate
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetStartupInfoW
OpenProcess
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
ExitThread
TlsFree
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
SetFilePointerEx
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetVolumeInformationW
FormatMessageW
SetFileTime
SetEndOfFile
UnmapViewOfFile
GetFileSize
CreateFileMappingW
GetEnvironmentVariableW
GetWindowsDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetCurrentThreadId
MulDiv
GetCurrentProcess
FlushInstructionCache
FindClose
LocalAlloc
LocalFree
GetVersionExW
CopyFileW
MoveFileW
MoveFileExW
GetPrivateProfileStringW
GetFileAttributesW
GlobalFindAtomW
Sleep
WriteFile
GetLastError
CreateDirectoryW
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
InterlockedDecrement
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
GetSystemDirectoryW
ReadFile
SetFilePointer
GetCurrentProcessId
CreateFileW
DeviceIoControl
LoadLibraryW
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetSystemInfo
GlobalMemoryStatusEx
TlsAlloc
LockFile
MapViewOfFile
GetStdHandle
SetConsoleTextAttribute
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
ResetEvent
SetEvent
CreateEventW
ReadProcessMemory
OpenMutexW
GetExitCodeProcess
GetLongPathNameW
FindNextFileA
FindFirstFileA
LockFileEx
GetFileAttributesExW
UnlockFile
GetVersion
GlobalFree
GlobalAlloc
GetTickCount
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
LeaveCriticalSection
ExitProcess
EnterCriticalSection
GetFileType
FreeLibrary

user32

DispatchMessageW
wvsprintfW
PostMessageW
MessageBoxW
TranslateMessage
GetMessageW
PeekMessageW
GetActiveWindow
SendMessageW
SendMessageTimeoutW
FindWindowW
CharNextW
IsWindow
EnableWindow
GetDlgItem
UnregisterClassA
ExitWindowsEx
IsWindowEnabled
ShowWindow
SetDlgItemTextW
IsWindowVisible
EndDialog
GetWindowLongW
SetWindowTextW
MoveWindow
SetWindowPos
GetClientRect
ScreenToClient
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
GetDC
ReleaseDC
SetWindowLongW
GetWindowTextW
FindWindowExW
InvalidateRect
RedrawWindow
GetDlgCtrlID
SetFocus
MessageBeep
GetWindowTextLengthW
CreateDialogParamW
SetWindowRgn
SetTimer
KillTimer
CopyRect
DefWindowProcW
CallWindowProcW
BeginPaint
EndPaint
DialogBoxParamW
EnableMenuItem
DestroyWindow
GetSystemMenu
GetClassInfoExW
LoadCursorW
InflateRect
PostQuitMessage
IsIconic
SystemParametersInfoW
LoadIconW
RegisterClassExW
CreateWindowExW
LoadImageW
GetSystemMetrics
PtInRect
GetCursorPos
TrackMouseEvent
SetForegroundWindow
UpdateLayeredWindow
GetWindowThreadProcessId
BringWindowToTop

gdi32

DeleteObject
EnumFontFamiliesW
CreateDIBSection
SetViewportOrgEx
CreateRectRgn
CombineRgn
DeleteDC
SetBkColor
CreateSolidBrush
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt

advapi32

RegDeleteValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
ImpersonateSelf
AllocateAndInitializeSid
FreeSid
InitializeAcl
GetAce
AddAce
GetSecurityInfo
SetSecurityInfo
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
GetTokenInformation
RegDeleteKeyW
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetTrusteeNameW
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegEnumKeyExW
RegCloseKey
ControlService
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
ChangeServiceConfigW

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW
ord680
ShellExecuteExW
SHBrowseForFolderW
SHCreateDirectoryExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify
SHFileOperationW
ord165

ole32

CoCreateGuid
CoTaskMemAlloc
OleRun
CoInitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

StrCmpIW
StrStrIA
StrCmpNIW
StrTrimA
SHSetValueA
SHGetValueW
SHDeleteValueW
PathFileExistsW
PathFileExistsA
SHGetValueA
PathCombineW
PathAppendW
PathIsRelativeW
SHDeleteKeyW
PathRemoveFileSpecW
PathIsDirectoryW
SHSetValueW
PathAddBackslashW
PathFindFileNameW
PathRemoveExtensionW
PathMatchSpecW
StrRetToStrW
StrStrIW
StrCatW
StrCpyW
PathFindExtensionW
PathCombineA
PathAppendA
StrCmpW
wnsprintfW

comctl32

InitCommonControlsEx

crypt32

CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertCloseStore
CertGetNameStringW
CertEnumCertificatesInStore
CertOpenStore
CertCompareCertificate

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

gdiplus

GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateSolidFill
GdipCreateFromHDC
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFont
GdipSetStringFormatAlign
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateStringFormat
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipFree
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipCloneImage
GdipDeleteStringFormat
GdipCreatePath
GdipSetStringFormatLineAlign
GdipClosePathFigure
GdipAddPathArcI
GdipCloneBrush
GdipRestoreGraphics
GdipSaveGraphics
GdipDrawString
GdipFillPath
GdipGraphicsClear
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipAddPathBezierI
GdipDeletePath

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetGetConnectedState
HttpQueryInfoW

netapi32

NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

84b96ef015db87a90860a88f69d5bebe

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

e6:61:79:48:d4:68:5f:ec:dd:e5:ac:df:88:c6:fd:2d:0e:c7:9c:cc:bf:93:3a:d9:35:1c:e3:97:53:1a:1c:fbSigner

11:8e:d0:7e:99:d7:a2:80:b2:57:44:d3:d4:84:6c:20:59:24:5a:c8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

crypt32

dbghelp

version

psapi

gdiplus

urlmon

iphlpapi

wininet

netapi32

Sections

.text Size: 599KB - Virtual size: 599KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 49KB - Virtual size: 69KB

.rsrc Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 59KB - Virtual size: 58KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

e6:61:79:48:d4:68:5f:ec:dd:e5:ac:df:88:c6:fd:2d:0e:c7:9c:cc:bf:93:3a:d9:35:1c:e3:97:53:1a:1c:fb
Signer

11:8e:d0:7e:99:d7:a2:80:b2:57:44:d3:d4:84:6c:20:59:24:5a:c8
Signer

.text
Size: 599KB - Virtual size: 599KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 49KB - Virtual size: 69KB

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 59KB - Virtual size: 58KB