tzeditx64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tzeditx64.exe
Size

296KB
MD5

309f3983c207e0998cc25d34db8a5931
SHA1

03da8bca39f96d7f842e4fd820dc1794efc75656
SHA256

45f1828911f2b9c86c4f8cb166bbc4acc18aeaa40531ed1a2ed8e4c4aa7cc1d8
SHA512

a6ab693a38e1e1d75817a5f6d2b52c0633342fb5590b12d25e973d31f1424c00d4d28e3efeeaa1b5a82975f752c0357b4ea56cc76f274e9eab8ede0705afe125
SSDEEP

3072:lcGN8GaiL8af8vWmc3EB9pH9oicYKPA4+wRdgFwzcLs9hwgXtBeLpKhKm1KlSihs:s1A8Y8Om7BD9MlIydcU9z3zBBUe

Score

1^/10

Malware Config

Signatures

Files

tzeditx64.exe
.exe windows:4 windows x64

1e1d5c1cfc2dd3e11ed7e624c16d6dfe

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:0c:be:c6:e7:12:0c:24:42:0a:18:cd:3f:0b:3e:ae
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/07/2013, 00:00

Not After

11/07/2018, 23:59

Subject

CN=Vadim Belov,O=Vadim Belov,POSTALCODE=410012,STREET=PO Box 375,L=Saratov,ST=Saratov,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:3d:89:e0:64:41:19:64:07:a7:b3:f6:35:13:4f:a3:fc:8a:e3:ef
Signer

Actual PE Digest

1c:3d:89:e0:64:41:19:64:07:a7:b3:f6:35:13:4f:a3:fc:8a:e3:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEndOfFile
VirtualQuery
GetSystemInfo
VirtualProtect
CreateFileW
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
LoadLibraryA
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
Sleep
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
CloseHandle
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwindEx
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapCreate
HeapSetInformation
GetStartupInfoA
GetProcessHeap
GetComputerNameW
LocalReAlloc
lstrcatW
lstrcmpW
GetLocalTime
EnumResourceNamesW
LoadLibraryW
FreeLibrary
GetVersionExW
SetFilePointer
GetModuleFileNameW
FindFirstFileW
FindClose
GetTimeZoneInformation
lstrcmpiW
lstrcpyW
FormatMessageW
lstrcpynW
SetTimeZoneInformation
SetLastError
GetLastError
GetVersionExA
GetCommandLineA
lstrlenW
GetLocaleInfoW
LocalFree
ReadFile
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualLock
VirtualAlloc
VirtualFree
VirtualUnlock
GlobalFree
HeapFree
HeapAlloc
HeapReAlloc
LocalAlloc

user32

GetWindowPlacement
PostQuitMessage
ClientToScreen
GetCursorPos
GetSubMenu
SetMenu
CreatePopupMenu
GetMenuState
AppendMenuW
TrackPopupMenu
DestroyMenu
GetMenu
EnableMenuItem
PostMessageW
GetClassInfoW
CallWindowProcW
GetParent
GetDlgCtrlID
GetWindowTextLengthW
LoadStringW
GetClientRect
GetDC
GetSystemMetrics
ReleaseDC
LoadIconW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
SetForegroundWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
IsWindowEnabled
IsDlgButtonChecked
EnableWindow
GetDlgItemTextW
SetDlgItemTextW
EndDialog
SendMessageW
CheckDlgButton
SendDlgItemMessageW
GetWindowTextW
GetDlgItem
SetWindowTextW
LoadImageW
LoadCursorW
RegisterClassW
DefWindowProcW
BeginPaint
EndPaint
GetWindowLongW
AdjustWindowRectEx
MoveWindow
ScreenToClient
GetClassNameW
CallNextHookEx
WindowFromPoint
SetWindowPos
SetScrollPos
SetScrollRange
ShowScrollBar
GetScrollInfo
IsWindow
SetWindowLongW
GetWindowRect
IsWindowVisible
GetFocus
DefDlgProcW
SetScrollInfo
DestroyWindow
SetWindowsHookExW
UnhookWindowsHookEx
CreateDialogIndirectParamW
DialogBoxIndirectParamW
CreateMenu
DrawTextW
InvalidateRect
GetWindowLongPtrW
SetWindowLongPtrW
MessageBoxW

gdi32

SetDIBColorTable
BitBlt
CreateDCW
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
DeleteObject
SelectObject
GetObjectType
CreateFontIndirectW
GetTextMetricsW
GetClipBox
GetTextExtentPoint32W

advapi32

IsTextUnicode
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

comctl32

ImageList_LoadImageW
CreateStatusWindowW
ord17

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e1d5c1cfc2dd3e11ed7e624c16d6dfe

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

a5:0c:be:c6:e7:12:0c:24:42:0a:18:cd:3f:0b:3e:aeCertificate

Extended Key Usages

Key Usages

1c:3d:89:e0:64:41:19:64:07:a7:b3:f6:35:13:4f:a3:fc:8a:e3:efSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 15KB - Virtual size: 30KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 74KB - Virtual size: 73KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

a5:0c:be:c6:e7:12:0c:24:42:0a:18:cd:3f:0b:3e:ae
Certificate

1c:3d:89:e0:64:41:19:64:07:a7:b3:f6:35:13:4f:a3:fc:8a:e3:ef
Signer

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 15KB - Virtual size: 30KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 74KB - Virtual size: 73KB