a5fe18618ef3c4b972d3d6329287f98722bfe55f01f4d36ceda4b277644a0f8e[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

a5fe18618ef3c4b972d3d6329287f98722bfe55f01f4d36ceda4b277644a0f8e.zip.zip
Size

9.2MB
MD5

4030f5ab33911d5024246b375ecf9769
SHA1

328bc57971b6f9f2aa5795c19c74524ee94e7c9c
SHA256

a3925621f7ec21066fc649c1a3c8b7a2c6a82657e32ae89ccd7639e32b571df0
SHA512

9ed0a8e7d54ff71f28b560db6ff5eec227d8601e9c7a5cfdff449690a18159cdc3f700dabe2fb84be12db67035d30542e5dd33ec1071e26fa8c35ce6b021faf5
SSDEEP

196608:QHbrKGPlFwEyL/kbxJ2q86qUdD8sCDECDyWiRqx3QiAruuC:krKGPlFwEybkbP23BUJ81ICDyOxYDC

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/componentes/#instalado#AspPdf/cr-ap143.exe	aspack_v212_v242
static1/unpack002/componentes/#instalado#aspmail4/SMTPSVG.DLL	aspack_v212_v242

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/componentes/#instalado#AspEmail/aspemail.exe	upx
static1/unpack002/componentes/#instalado#AspJpeg v2/PersitsAspJpegV2.exe	upx
static1/unpack002/componentes/#instalado#AspJpeg v2/keygen.exe	upx
static1/unpack002/componentes/#instalado#AspPdf/asppdf.exe	upx
static1/unpack002/componentes/#instalado#AspUpload/cr-pau30.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/componentes/#instalado#AspJpeg v2/keygen.exe
unpack002/componentes/#instalado#AspPdf/cr-ap143.exe
unpack002/componentes/#instalado#AspUpload/aspupload.exe
unpack002/componentes/#instalado#AspUpload/cr-pau30.exe
unpack002/componentes/#instalado#Dundas_AspUpload/AspUpload.EXE
unpack002/componentes/#instalado#aspmail4/REGSVR32.EXE
unpack002/componentes/#instalado#aspmail4/SMTPSVG.DLL
unpack002/componentes/Cdonts/cdonts.dll

Files

a5fe18618ef3c4b972d3d6329287f98722bfe55f01f4d36ceda4b277644a0f8e.zip.zip
.zip

Password: infected
a5fe18618ef3c4b972d3d6329287f98722bfe55f01f4d36ceda4b277644a0f8e.zip
.zip
componentes/#instalado#AspEmail/aspemail key.txt
componentes/#instalado#AspEmail/aspemail.exe
.exe windows:1 windows x86

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:30:76:af:31:5e:0d:42:3c:7e:31:74:80:39:5c:36
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/08/2007, 00:00

Not After

21/08/2009, 23:59

Subject

CN=Persits Software\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Persits Software\, Inc.,L=Arlington,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
componentes/#instalado#AspJpeg v2/PersitsAspJpegV2.exe
.exe windows:1 windows x86

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:30:76:af:31:5e:0d:42:3c:7e:31:74:80:39:5c:36
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/08/2007, 00:00

Not After

21/08/2009, 23:59

Subject

CN=Persits Software\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Persits Software\, Inc.,L=Arlington,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
componentes/#instalado#AspJpeg v2/keygen.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
componentes/#instalado#AspPdf/asppdf.exe
.exe windows:1 windows x86

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:88:cf
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/08/2004, 21:03

Not After

21/08/2005, 09:05

Subject

CN=Persits Software\, Inc.,OU=Secure Application Development,O=Persits Software\, Inc.,L=Arlington,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
componentes/#instalado#AspPdf/cr-ap143.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
componentes/#instalado#AspUpload/aspupload.exe
.exe windows:4 windows x86

4c59c0b3420ca0877a0e6c8146bdb593

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRect
SetCursor
EndDialog
DefWindowProcA
GetWindowWord
SetWindowWord
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
RegisterClassA
LoadIconA
OemToCharBuffA
LoadCursorA
GetLastActivePopup
ShowWindow
PostMessageA
EnableWindow
GetTopWindow
DestroyWindow
GetWindowLongA
SetWindowLongA
SetWindowTextA
SetForegroundWindow
SetActiveWindow
CharNextA
SetTimer
GetMessageA
PostQuitMessage
KillTimer
DialogBoxIndirectParamA
GetDlgItemTextA
SendMessageA
GetSystemMetrics
SetWindowPos
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA

kernel32

_lopen
WinExec
CreateProcessA
_lclose
GetVolumeInformationA
RtlUnwind
GetCommandLineA
GetModuleHandleA
ExitProcess
FindNextFileA
MoveFileExA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
GetACP
GetModuleFileNameA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
GetLastError
FormatMessageA
FreeLibrary
WaitForSingleObject
GetTickCount
GetWindowsDirectoryA
FindClose
FindFirstFileA
SetCurrentDirectoryA
lstrlenA
CreateDirectoryA
lstrcatA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lcreat
lstrcpyA
LocalAlloc
GetEnvironmentVariableA
OpenFile
_lwrite
_lread
GetDriveTypeA
_llseek
LocalFree
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle

gdi32

GetTextExtentPoint32A
SetBkColor
SetTextColor
SetTextAlign
GetBkColor
DeleteObject
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
componentes/#instalado#AspUpload/aspupload/DATA.TAG
componentes/#instalado#AspUpload/aspupload/SETUP.EXE
componentes/#instalado#AspUpload/aspupload/SETUP.INI
componentes/#instalado#AspUpload/aspupload/_INST32I.EX_
componentes/#instalado#AspUpload/aspupload/_ISDEL.EXE
componentes/#instalado#AspUpload/aspupload/_setup.dll
componentes/#instalado#AspUpload/aspupload/_sys1.cab
componentes/#instalado#AspUpload/aspupload/_user1.cab
componentes/#instalado#AspUpload/aspupload/data1.cab
componentes/#instalado#AspUpload/aspupload/lang.dat
componentes/#instalado#AspUpload/aspupload/layout.bin
componentes/#instalado#AspUpload/aspupload/os.dat
componentes/#instalado#AspUpload/aspupload/setup.bmp
componentes/#instalado#AspUpload/aspupload/setup.ins
componentes/#instalado#AspUpload/aspupload/setup.lid
componentes/#instalado#AspUpload/cr-pau30.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
componentes/#instalado#Dundas_AspUpload/AspUpload.EXE
.exe windows:4 windows x86

5318cd03ef5b5da86800f1483484cfd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

lstrcpyA
GetCommandLineA
SetErrorMode
lstrlenA
MulDiv
GetTempFileNameA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
lstrcatA
GetLastError
_lwrite
_llseek
GlobalUnlock
_lopen
GlobalAlloc
GlobalFree
_lclose
_lcreat
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFile
GetVersionExA
GetCurrentProcess
WinExec
ExitProcess
_lread
LocalFree
GetTempPathA
GlobalLock

user32

GetDC
BeginPaint
EndPaint
InvalidateRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetClientRect
CreateWindowExA
DrawTextA
ReleaseDC
SetWindowPos
ShowWindow
UpdateWindow
SetTimer
LoadIconA
wsprintfA
MessageBoxA
ExitWindowsEx
RegisterClassA
LoadCursorA

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
PatBlt
CreateSolidBrush
TextOutA
SetTextColor
SetBkMode
SelectObject
StretchDIBits
CreateFontA
RealizePalette
SelectPalette
CreatePalette

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
componentes/#instalado#aspmail4/LICENSE.TXT
componentes/#instalado#aspmail4/REGSVR32.EXE
.exe windows:4 windows x86

cc1e5c096f9b168f1e5ec3144ca6bd74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
lstrcpyA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
FreeEnvironmentStringsA
LCMapStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
lstrlenA
UnhandledExceptionFilter
SetStdHandle
CloseHandle
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetFileType
HeapCreate
WriteFile
HeapAlloc
SetFilePointer
HeapFree
FlushFileBuffers

user32

LoadStringA
wsprintfA
MessageBoxA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
componentes/#instalado#aspmail4/SMTPSVG.DLL
.dll regsvr32 windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 89KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
componentes/AspImage/ASPImage_1-0-3.msi
.msi
componentes/Cdonts/cdonts.dll
.dll regsvr32 windows:4 windows x86

e0bfb842c6714f5c72c3c890e0774257

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid

oleaut32

SysStringLen
SysAllocStringLen
VariantChangeType
VarI4FromStr
SystemTimeToVariantTime
LoadTypeLi
RegisterTypeLi
SetErrorInfo
LoadRegTypeLi
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString

wsock32

shutdown
WSAGetLastError
send
inet_ntoa
setsockopt
socket
bind
closesocket
ioctlsocket
htons
gethostbyname
recv
WSAStartup
select
WSACleanup
connect

kernel32

GlobalAlloc
FileTimeToLocalFileTime
lstrcatA
FlushFileBuffers
lstrcmpiW
lstrcpynW
lstrlenW
FreeLibrary
lstrlenA
SizeofResource
GetLastError
LoadResource
FindResourceW
LoadLibraryExW
CloseHandle
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetModuleFileNameW
GetCurrentThread
WaitForSingleObject
lstrcpyW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatW
DisableThreadLibraryCalls
IsBadWritePtr
WriteFile
lstrcpyA
GetSystemTimeAsFileTime
IsValidCodePage
FileTimeToSystemTime
SetFilePointer
IsBadCodePtr
IsBadReadPtr
lstrcpynA
lstrcmpiA
FindClose
FindNextFileW
FindFirstFileW
CreateFileA
GetCurrentProcessId
GetComputerNameA
lstrcmpA
GetProcAddress
LoadLibraryA
GetTempPathA
DeleteFileA
GetTempFileNameA
CreateEventA
ResetEvent
IsDBCSLeadByteEx
GetACP
GetStringTypeW
GlobalFree
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
GetSystemDefaultLangID
GetCPInfo
ReadFile
GetSystemTime
SystemTimeToFileTime
SetEndOfFile

user32

CharNextW
wsprintfA
IsCharAlphaNumericW
wsprintfW

advapi32

RegNotifyChangeKeyValue
RegCreateKeyExA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
OpenThreadToken
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

msvcrt

_adjust_fdiv
_initterm
??3@YAXPAX@Z
atol
realloc
??2@YAPAXI@Z
malloc
free
_wcsicmp
_memicmp
_splitpath
_purecall
wcscmp
wcschr
wcslen
_msize
_heapmin
memmove
_strnicmp
strstr
strncmp
strrchr
memchr
strchr
_stricmp
strcspn
strpbrk
wcscpy
_snwprintf
_snprintf
strspn
sscanf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

71:30:76:af:31:5e:0d:42:3c:7e:31:74:80:39:5c:36Certificate

Extended Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 216KB

UPX1 Size: 113KB - Virtual size: 116KB

.rsrc Size: 7KB - Virtual size: 8KB

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

71:30:76:af:31:5e:0d:42:3c:7e:31:74:80:39:5c:36Certificate

Extended Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 216KB

UPX1 Size: 113KB - Virtual size: 116KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 57KB - Virtual size: 60KB

.rsrc Size: 8KB - Virtual size: 8KB

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3e:88:cfCertificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 216KB

UPX1 Size: 113KB - Virtual size: 116KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 17KB - Virtual size: 32KB

.rdata Size: 2KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 16KB

.rsrc Size: 14KB - Virtual size: 28KB

.aspack Size: 6KB - Virtual size: 8KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

71:30:76:af:31:5e:0d:42:3c:7e:31:74:80:39:5c:36
Certificate

UPX0
Size: - Virtual size: 216KB

UPX1
Size: 113KB - Virtual size: 116KB

.rsrc
Size: 7KB - Virtual size: 8KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

71:30:76:af:31:5e:0d:42:3c:7e:31:74:80:39:5c:36
Certificate

UPX0
Size: - Virtual size: 216KB

UPX1
Size: 113KB - Virtual size: 116KB

.rsrc
Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 57KB - Virtual size: 60KB

.rsrc
Size: 8KB - Virtual size: 8KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3e:88:cf
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

UPX0
Size: - Virtual size: 216KB

UPX1
Size: 113KB - Virtual size: 116KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 17KB - Virtual size: 32KB

.rdata
Size: 2KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 16KB

.rsrc
Size: 14KB - Virtual size: 28KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

_winzip_
Size: 1.2MB - Virtual size: 1.2MB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 1KB - Virtual size: 4KB

UPX2
Size: 15KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 1024B - Virtual size: 792B

.data
Size: 3KB - Virtual size: 7KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: 89KB - Virtual size: 248KB

DATA
Size: 1KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 17KB - Virtual size: 28KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB