c387db636ac2a9ed7c50d0da36d82a0b3efcaee8de62df7d8442cd08245b1d5a[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c387db636ac2a9ed7c50d0da36d82a0b3efcaee8de62df7d8442cd08245b1d5a.zip.zip
Size

59.1MB
MD5

79283a01ae8bbb0a75c7e5948b155e2d
SHA1

0a47b1afdb96ebb82ab6fa62bf248404ea0f2fc6
SHA256

5bc343a3848b4f81dfbb16b63f6f292e9465111d9bc28dc64fdba0bff0528e86
SHA512

f5cba01bcdce04fe2d545d560821c2d442be181a47e819b64f1ea4245ca4fa30f88cf2ec2a072f5cee58923e880a1f6e797ea26e49bba0f2f6a3540ade7f6153
SSDEEP

1572864:Hx7Y4FgyOV6trQwjE1/lcOTDy2lZr86Kml6ywWa7F2w4c/gR+966P7:HxaGrQFagZr8Bml6z7F2Jc/g457

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack002/TI_Compatibility_Test_Tool_July_2019.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

c387db636ac2a9ed7c50d0da36d82a0b3efcaee8de62df7d8442cd08245b1d5a.zip.zip
.zip

Password: infected
c387db636ac2a9ed7c50d0da36d82a0b3efcaee8de62df7d8442cd08245b1d5a.zip
.zip
OzekiSDK.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:46:6a:15:e1:76:e3:92:bd:86:26:89:de:e2:19:ed
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2019, 00:00

Not After

20/05/2020, 12:00

Subject

CN=PTM EDV Systeme GmbH,O=PTM EDV Systeme GmbH,L=Graz,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:b1:84:07:a1:4a:39:eb:34:56:14:b5:c0:f9:c1:f3:6f:d1:5b:3e
Signer

Actual PE Digest

12:b1:84:07:a1:4a:39:eb:34:56:14:b5:c0:f9:c1:f3:6f:d1:5b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 90.7MB - Virtual size: 90.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Phone Test Tool.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:46:6a:15:e1:76:e3:92:bd:86:26:89:de:e2:19:ed
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2019, 00:00

Not After

20/05/2020, 12:00

Subject

CN=PTM EDV Systeme GmbH,O=PTM EDV Systeme GmbH,L=Graz,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:cb:4c:48:b9:22:c9:8a:76:07:bd:f6:ff:88:19:38:c0:6c:2c:36
Signer

Actual PE Digest

84:cb:4c:48:b9:22:c9:8a:76:07:bd:f6:ff:88:19:38:c0:6c:2c:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TI_Compatibility_Test_Tool_July_2019.pdf
.pdf
- https://mscrmaddons.blob.core.windows.net/downloads/tools/PhoneTestTool.zip
- http://blogs.mscrm-addons.com/
- http://www.ptm-edv.at/
- http://www.mscrm-addons.com/
- http://blogs.mscrm-addons.com
- http://mscrm-addons.com
- http://www.ptm-edv.at
- http://www.mscrm-addons.com

Sharing

General

Malware Config

Signatures

Files

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:46:6a:15:e1:76:e3:92:bd:86:26:89:de:e2:19:edCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

12:b1:84:07:a1:4a:39:eb:34:56:14:b5:c0:f9:c1:f3:6f:d1:5b:3eSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 90.7MB - Virtual size: 90.7MB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:46:6a:15:e1:76:e3:92:bd:86:26:89:de:e2:19:edCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

84:cb:4c:48:b9:22:c9:8a:76:07:bd:f6:ff:88:19:38:c0:6c:2c:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 23KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:46:6a:15:e1:76:e3:92:bd:86:26:89:de:e2:19:ed
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

12:b1:84:07:a1:4a:39:eb:34:56:14:b5:c0:f9:c1:f3:6f:d1:5b:3e
Signer

.text
Size: 90.7MB - Virtual size: 90.7MB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:46:6a:15:e1:76:e3:92:bd:86:26:89:de:e2:19:ed
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

84:cb:4c:48:b9:22:c9:8a:76:07:bd:f6:ff:88:19:38:c0:6c:2c:36
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 23KB - Virtual size: 23KB