c7447a08c29ef90bc6735b548c02043418824720f3f82274f58220f395c48ba7[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c7447a08c29ef90bc6735b548c02043418824720f3f82274f58220f395c48ba7.zip.zip
Size

6.5MB
MD5

af44c47cec4893971623bba826a5d92e
SHA1

33b5de1a9d08d9cbb1bd7a2054e526616e191bae
SHA256

ee0f9110bdf0e59b5cffde1bebf77be98491eac142a10382603c94c6546e58d6
SHA512

544b262c936e6d5407b5f3efa4a3b8258c9d097a95c757a12049c41c65ec72cdec607431f52a06afe54197389c8a194e4e06dc6b49b7e02ce827cc23420e076f
SSDEEP

196608:YfURnZPNfXbt98V39gB3Tp2a7GkJVi8Sv13:YfURnZP9t+V3mqa7Tu

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DECTalk access32 v4.6/dectalk keydisc.exe
unpack003/SmitNt.exe
unpack003/dectalk.dll
unpack003/dtlkttse.dll
unpack002/DECTalk access32 v4.6/dectalk/DECTalk/setup.exe

Files

c7447a08c29ef90bc6735b548c02043418824720f3f82274f58220f395c48ba7.zip.zip
.zip

Password: infected
c7447a08c29ef90bc6735b548c02043418824720f3f82274f58220f395c48ba7.zip
.zip
DECTalk access32 v4.6/dectalk keydisc.exe
.exe windows:4 windows x86

089a34526438beb892d9606320b5bc08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord809
ord641
ord556
ord324
ord825
ord1816
ord4234
ord2122
ord6197
ord2864
ord4710
ord5280
ord800
ord1088
ord4160
ord3089
ord540
ord6374
ord3597
ord6055
ord1776
ord5290
ord3402
ord4424
ord3698
ord765
ord567
ord2302
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord2446
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1146
ord1168
ord6215
ord3092
ord5953
ord535
ord1199
ord4129
ord860
ord2379
ord755
ord470
ord1105
ord823
ord2817
ord2645
ord858
ord2764
ord3663
ord711
ord413
ord6307
ord521
ord941
ord537
ord1175
ord818
ord2463
ord1651
ord3742
ord4275
ord1193
ord1200
ord1138
ord3811
ord926
ord5710
ord2818
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord1089
ord5265
ord1576

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
ungetc
free
malloc
_iob
fprintf
ftell
fgetc
_ftol
fopen
fseek
fread
fclose
strncmp
strstr
_setmbcp
atoi
__p___argv
__p___argc
_stricmp
exit
__CxxFrameHandler

kernel32

MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetProcAddress
Sleep
DeviceIoControl
UnmapViewOfFile
WriteFile
CreateFileA
ReadFile
GetModuleHandleA
GetStartupInfoA
GetLastError
GetVersionExA
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
CloseHandle

comctl32

ord17

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DECTalk access32 v4.6/dectalk/DECTalk/0x0409.ini
DECTalk access32 v4.6/dectalk/DECTalk/DECTalk.msi
.msi
DECTalk access32 v4.6/dectalk/DECTalk/Data1.cab
.cab
SmitNt.exe
.exe windows:4 windows x86

b44c9f10e1b046d9b03bd600a1af325b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
WideCharToMultiByte
GetModuleHandleA
GetShortPathNameA
MultiByteToWideChar
lstrlenW
GetVersionExA
GetModuleFileNameA
lstrlenA
GetCommandLineA
lstrcmpiA
GetCurrentThreadId
InterlockedDecrement
UnmapViewOfFile
CreateFileMappingA
GetLastError
LoadLibraryA
GetProcAddress
SetLastError
FreeLibrary
MapViewOfFile
CloseHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
RtlUnwind
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
SetFilePointer
InterlockedIncrement
IsBadReadPtr

user32

PostThreadMessageA
DispatchMessageA
GetMessageA
LoadStringA
CharNextA
MessageBoxA

advapi32

OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
StartServiceCtrlDispatcherA
ControlService
DeleteService
RegOpenKeyExA
CreateServiceA
RegDeleteValueA
RegSetValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetTokenInformation

ole32

CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dectalk.dll
.dll windows:4 windows x86

d7470662ae5212b2dea30dbe3d21ef94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutRestart
waveOutGetPosition
waveOutClose
mmioClose
mmioAscend
mmioDescend
mmioOpenA
waveOutGetNumDevs
mmioRead
timeGetTime
waveOutGetVolume
waveOutUnprepareHeader
waveOutReset
waveOutOpen
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutGetID
waveOutGetDevCapsA
waveOutSetVolume

kernel32

InterlockedExchange
GlobalLock
IsBadReadPtr
GlobalAlloc
IsBadWritePtr
WaitForMultipleObjects
GetCurrentThread
GetLastError
MapViewOfFile
CreateFileMappingA
SetEvent
GetCurrentThreadId
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
Sleep
GetTickCount
WaitForSingleObject
ResetEvent
CloseHandle
UnmapViewOfFile
GlobalReAlloc
GlobalHandle
GlobalFree
GlobalUnlock
GetThreadPriority
SetThreadPriority

user32

LoadIconA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
PostQuitMessage
GetWindowLongA
ShowWindow
GetMessageA
DispatchMessageA
SendMessageA
UnregisterClassA
LoadCursorA
RegisterWindowMessageA
DefWindowProcA
PostMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc

msvcrt

_strdate
memmove
fwrite
_access
_searchenv
_endthreadex
_getcwd
_beginthreadex
calloc
_stricmp
atoi
fseek
_ftol
sprintf
fopen
_strtime
fclose
fflush
fprintf
printf
malloc
strncmp
free
time
fread

Exports

Exports

TextToSpeechAddBuffer
TextToSpeechAddUserEntry
TextToSpeechChangeUserPhoneme
TextToSpeechCloseInMemory
TextToSpeechCloseLang
TextToSpeechCloseLogFile
TextToSpeechCloseWaveOutFile
TextToSpeechControlPanel
TextToSpeechConvertToPhonemes
TextToSpeechDeleteUserEntry
TextToSpeechDictionaryHit
TextToSpeechDumpDictionary
TextToSpeechDumpUserDictionary
TextToSpeechEnumLangs
TextToSpeechGetCaps
TextToSpeechGetFeatures
TextToSpeechGetLanguage
TextToSpeechGetLastError
TextToSpeechGetRate
TextToSpeechGetSpeaker
TextToSpeechGetSpeakerParams
TextToSpeechGetStatus
TextToSpeechLoadUserDictionary
TextToSpeechOpenInMemory
TextToSpeechOpenLogFile
TextToSpeechOpenWaveOutFile
TextToSpeechPause
TextToSpeechReserved1
TextToSpeechReserved2
TextToSpeechReserved3
TextToSpeechReset
TextToSpeechResume
TextToSpeechReturnBuffer
TextToSpeechSaveUserDictionary
TextToSpeechSelectLang
TextToSpeechSetLanguage
TextToSpeechSetRate
TextToSpeechSetSpeaker
TextToSpeechSetSpeakerParams
TextToSpeechShutdown
TextToSpeechSpeak
TextToSpeechStartLang
TextToSpeechStartup
TextToSpeechStartupEx
TextToSpeechSync
TextToSpeechTuning
TextToSpeechTyping
TextToSpeechUnloadUserDictionary
TextToSpeechUserDictionaryHit
TextToSpeechVersion
TextToSpeechVersionEx

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dtalk_US.dic
dtlkttse.dll
.dll windows:4 windows x86

0a8031b09c984ce4a88f6e873ea39e84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mmioAscend
mmioRead
mmioClose
mmioOpenA
mmioDescend
timeGetTime

mfc42

ord5065
ord1727
ord5261
ord3749
ord5277
ord6376
ord2446
ord3147
ord3259
ord4465
ord3136
ord2982
ord2985
ord3081
ord3262
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord800
ord768
ord860
ord2976
ord489
ord2370
ord4258
ord4441
ord540
ord941
ord537
ord4710
ord2124
ord1908
ord4715
ord1690
ord2528
ord6055
ord1776
ord5288
ord4837
ord4439
ord2054
ord4431
ord771
ord1008
ord497
ord4259
ord3663
ord3584
ord2055
ord803
ord1105
ord5849
ord3476
ord2864
ord6467
ord4274
ord6375
ord2648
ord6334
ord858
ord543
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord5290
ord3402
ord3716
ord790
ord567
ord2289
ord2302
ord5953
ord6111
ord2818
ord4694
ord535
ord1742
ord2379
ord5651
ord3616
ord641
ord3127
ord4224
ord3499
ord2515
ord355
ord3711
ord3610
ord656
ord783
ord6199
ord924
ord5287
ord3874
ord3175
ord350
ord1871
ord6571
ord5440
ord879
ord3464
ord2740
ord6383
ord882
ord2801
ord603
ord1979
ord1969
ord273
ord665
ord5186
ord354
ord4835
ord3798
ord5163
ord4353
ord6374
ord4407
ord2385
ord5241
ord6052
ord1775
ord4078
ord4854
ord2514
ord4998
ord4358
ord4377
ord5265
ord4742
ord4948
ord4976
ord5162
ord4905
ord5160
ord825
ord5161
ord1907
ord2512
ord823
ord5731
ord4486
ord2554
ord926
ord1577
ord1182
ord1168
ord1243
ord1197
ord342
ord269
ord826
ord1570
ord1578
ord1255
ord600
ord1575
ord1176
ord1116
ord1253

msvcrt

calloc
fopen
_strdate
_strtime
fflush
fseek
fwrite
printf
_endthreadex
_ftol
ceil
_strupr
fclose
sscanf
strncpy
wcslen
wctomb
isspace
_iob
fprintf
mbtowc
memmove
realloc
sprintf
malloc
_beginthreadex
__CxxFrameHandler
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_initterm
_onexit
_stricmp
_EH_prolog
atoi
strncmp
fread
_wcsnicmp
wcstombs
free

kernel32

LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
ResetEvent
CloseHandle
CreateEventA
InitializeCriticalSection
Sleep
IsBadWritePtr
MultiByteToWideChar
WaitForSingleObject
IsBadReadPtr
GlobalLock
WideCharToMultiByte
GlobalReAlloc
GlobalHandle
GlobalAlloc
GlobalUnlock
GetThreadPriority
GlobalFree
GetExitCodeThread
InterlockedExchange
SetThreadPriority
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
CreateFileMappingA
WaitForMultipleObjects
GetLastError
GetTickCount
SetEvent
GetCurrentThread
LocalFree
EnterCriticalSection

user32

RegisterClassA
LoadCursorA
LoadIconA
IsWindow
SetScrollPos
SetScrollRange
MessageBoxA
UnregisterClassA
GetMessageA
PostQuitMessage
ShowWindow
RegisterWindowMessageA
GetWindowLongA
GetClientRect
MoveWindow
SetWindowLongA
CreateWindowExA
DefWindowProcA
PeekMessageA
DispatchMessageA
DestroyWindow
SendMessageA
PostMessageA
EnableWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DECTalk access32 v4.6/dectalk/DECTalk/Setup.ini
DECTalk access32 v4.6/dectalk/DECTalk/instmsia.exe
.exe windows:5 windows x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/03/2001, 21:27

Not After

29/05/2002, 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DECTalk access32 v4.6/dectalk/DECTalk/instmsiw.exe
.exe windows:5 windows x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/03/2001, 21:27

Not After

29/05/2002, 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DECTalk access32 v4.6/dectalk/DECTalk/local/Ask4Disk.wav
DECTalk access32 v4.6/dectalk/DECTalk/local/CP.INI
DECTalk access32 v4.6/dectalk/DECTalk/local/NoFloppy.wav
DECTalk access32 v4.6/dectalk/DECTalk/local/NoMore.wav
DECTalk access32 v4.6/dectalk/DECTalk/local/Reboot.wav
DECTalk access32 v4.6/dectalk/DECTalk/local/WritProt.wav
DECTalk access32 v4.6/dectalk/DECTalk/local/WrngFlpy.wav
DECTalk access32 v4.6/dectalk/DECTalk/local/failure.wav
DECTalk access32 v4.6/dectalk/DECTalk/setup.exe
.exe windows:4 windows x86

ba1b8fbc2b1c93935a67fb0c7432f51b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerLanguageNameA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ord17

kernel32

QueryPerformanceFrequency
CreateEventA
Sleep
InterlockedDecrement
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
SetFilePointer
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
WriteFile
SizeofResource
FindResourceA
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalHandle
GetPrivateProfileSectionA
SetCurrentDirectoryA
lstrlenW
InterlockedIncrement
GetSystemInfo
SetLastError
IsValidCodePage
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetPrivateProfileStringA
lstrlenA
CreateFileA
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
WideCharToMultiByte
DeleteFileA
GetLastError
CreateThread
CopyFileA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetExitCodeThread
lstrcmpiA
SetErrorMode
GetPrivateProfileIntA
GetTempPathA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetTempFileNameA
lstrcmpA
lstrcpyA
MoveFileA
LoadResource
IsBadCodePtr
GetVersion
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose
SetStdHandle
LCMapStringW

user32

CharNextA
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDesktopWindow
DialogBoxParamA
ShowWindow
GetDlgItem
EndDialog
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
BeginPaint
GetWindowLongA
DestroyWindow
CreateDialogParamA
SendDlgItemMessageA
ExitWindowsEx
CharPrevA
LoadStringA
GetClassInfoA
UpdateWindow
SetCursor
GetDlgItemTextA
EnableWindow
MessageBoxA
GetParent
GetWindowTextLengthA
GetWindowTextA
MoveWindow
GetWindowPlacement
DrawIcon
DestroyIcon
SetWindowTextA
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageA
SendMessageA
GetSystemMetrics
SetRect
FindWindowA
IntersectRect
SubtractRect
IsWindow
GetWindowRect
GetDlgCtrlID
CharLowerBuffA

gdi32

CreateDIBitmap
GetDeviceCaps
CreatePalette
SelectPalette
GetStockObject
DeleteObject
GetSystemPaletteEntries
BitBlt
SelectObject
DeleteDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
RealizePalette

advapi32

FreeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
EqualSid
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StgIsStorageFile
StgOpenStorage

oleaut32

SysStringLen
SysReAllocStringLen
SysFreeString
SysAllocString
SysAllocStringLen

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DECTalk access32 v4.6/readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

089a34526438beb892d9606320b5bc08

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

comctl32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 29KB

b44c9f10e1b046d9b03bd600a1af325b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 2KB

d7470662ae5212b2dea30dbe3d21ef94

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 264KB - Virtual size: 263KB

.reloc Size: 8KB - Virtual size: 7KB

0a8031b09c984ce4a88f6e873ea39e84

Headers

File Characteristics

Imports

winmm

mfc42

msvcrt

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 185KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 268KB - Virtual size: 270KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 11KB

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:06:2a:8d:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 29KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 264KB - Virtual size: 263KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 188KB - Virtual size: 185KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 268KB - Virtual size: 270KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 11KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:06:2a:8d:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:06:2a:8d:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 48KB - Virtual size: 45KB