StartAllBack3[.]6[.]15[.]4724_[.]p__freesharevn[.]com[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

StartAllBack3.6.15.4724_.p__freesharevn.com.zip
Size

1.8MB
MD5

f89f2a67ff7a06564c7998a87a48b344
SHA1

7197b563239e3de9951b56632f1c144f7df0747c
SHA256

7796753a59f4a3d67e54f5430fb3bc638846f5d2f7b5c649b06201bcb3a3f46e
SHA512

21dfd2bb2814813ecae02381a3524d8be2576a35f79bc78c9c5e914e091ef7e54365843bfddc228430104e9a289b78280a6175896c9ddd384fba12d98fd7a709
SSDEEP

49152:39UC7h0b5EjPfJi/Z2k32XMhXI4RrdV5e5q/j8nm+TSd:tU8hgQ3DXMhXI4xT5eA/jZQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/StartAllBack_3.x_Patch.exe

Files

StartAllBack3.6.15.4724_.p__freesharevn.com.zip
.zip

Password: freesharevn.com
StartAllBack 3.6.15.4724 Multilingual/Patch/StartAllBack_3.x_Patch.rar
.rar

Password: freesharevn.com
Readme.txt
StartAllBack_3.x_Patch.exe
.exe windows:5 windows x86

Password: freesharevn.com

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StartAllBack 3.6.15.4724 Multilingual/Readme.txt
StartAllBack 3.6.15.4724 Multilingual/StartAllBack_3.6.15_setup.exe
.exe windows:6 windows x64

Password: freesharevn.com

ad3431370c5650939f6ad3d7023cc918

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:8c:68:a5:ef:05:7f:4f:07:74:09:d0:c9:63:2a:f4:ea:29:e0:d2:0e:97:be:07:75:ef:41:ee:73:32:29:2d
Signer

Actual PE Digest

ae:8c:68:a5:ef:05:7f:4f:07:74:09:d0:c9:63:2a:f4:ea:29:e0:d2:0e:97:be:07:75:ef:41:ee:73:32:29:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
free
_commode
_fmode
__getmainargs
wcsncpy_s
wcscat_s
__set_app_type
memmove
?terminate@@YAXXZ
memcpy
_XcptFilter
wcscpy_s
_beginthreadex
malloc
memset

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetExitCodeProcess
GetTickCount
GetModuleHandleW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentThreadId
GetFileAttributesW
WaitForSingleObject
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateDirectoryW
CloseHandle
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError

user32

GetSysColorBrush
PostQuitMessage
GetMessageW
CreateDialogParamW
FindWindowExW
FillRect
SendMessageW
ShowWindow
DispatchMessageW

gdi32

GetStockObject
GetClipBox

shell32

ShellExecuteExW
SHFileOperationW

ole32

CoInitialize

comctl32

ord344
ord17

shlwapi

StrStrIW

dwmapi

DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: freesharevn.com

Password: freesharevn.com

Password: freesharevn.com

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 512B - Virtual size: 502B

.rdata Size: 512B - Virtual size: 472B

.data Size: 512B - Virtual size: 52B

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 82B

Password: freesharevn.com

ad3431370c5650939f6ad3d7023cc918

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ae:8c:68:a5:ef:05:7f:4f:07:74:09:d0:c9:63:2a:f4:ea:29:e0:d2:0e:97:be:07:75:ef:41:ee:73:32:29:2dSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

shell32

ole32

comctl32

shlwapi

dwmapi

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 8KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 512B - Virtual size: 52B

.text
Size: 512B - Virtual size: 502B

.rdata
Size: 512B - Virtual size: 472B

.data
Size: 512B - Virtual size: 52B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 82B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ae:8c:68:a5:ef:05:7f:4f:07:74:09:d0:c9:63:2a:f4:ea:29:e0:d2:0e:97:be:07:75:ef:41:ee:73:32:29:2d
Signer

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 8KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 512B - Virtual size: 52B