package[.]zip | Triage

Resubmissions

15/11/2023, 14:45

231115-r4tz8acf51 6

15/11/2023, 14:41

231115-r2h5yabd72 5

Sharing

Copy URL Twitter E-mail

General

Target

package.zip
Size

520KB
MD5

9dd1ab9fc6011403630ea197e49269bf
SHA1

a1a10ebc7ec37028d3615d4b4c611dae1892241d
SHA256

ac5cce2e3104e061990ecc6098cf4b5f33ac057b9c8ff3865c8fdf8d6cd91600
SHA512

a5565ef125d4dfd2de993a2fa4dfc5d07a64814dd377a671da5185fc8c01df3dca9f231083c23e1889f880fb25c704235e979e6ce1cfa214f9e564b25f72cc7b
SSDEEP

12288:qIR564C2q3aoGUyZrojdr5MYTlCOFzfAHC8dwlTnHT:J56b33aoG5Nojdr5MO8OFzfR8dKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qqhxsjBase.dll

Files

package.zip
.zip

Password: infected
8bvbeyt.exe
.exe windows:4 windows x86

Password: infected

b51f82116c501a0bb84b0ba6720cb508

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ea:a7:56:b3:4c:c7:a9:1c:74:3a:20:67:9a:2f:20:94:51:24:26:94:66:11:31:02:f3:f3:28:58:74:98:ac:d2
Signer

Actual PE Digest

ea:a7:56:b3:4c:c7:a9:1c:74:3a:20:67:9a:2f:20:94:51:24:26:94:66:11:31:02:f3:f3:28:58:74:98:ac:d2

Digest Algorithm

sha256

PE Digest Matches

true

71:fd:bb:91:77:35:68:1d:67:8c:c6:f8:74:4b:92:77:f2:63:90:c7
Signer

Actual PE Digest

71:fd:bb:91:77:35:68:1d:67:8c:c6:f8:74:4b:92:77:f2:63:90:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qqhxsjbase

ord1

Sections

.ace
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ace
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ace
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ace
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ace
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
qqhxsjBase.dll
.dll windows:5 windows x86

Password: infected

4ea6baa092ff41ba29490d479fe86de1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
IsValidCodePage
GetTimeZoneInformation
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCommandLineA
ExitProcess
Sleep
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
GetTickCount
GetCurrentDirectoryA
GetFileSizeEx
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetStringTypeExA
DeleteFileA
MoveFileA
lstrcpyA
lstrcpyW
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetModuleHandleA
GetVersionExA
GetCurrentProcessId
lstrcmpA
GlobalReAlloc
FreeResource
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
GetThreadLocale
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
GetModuleFileNameA
GetFileAttributesA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
QueryPerformanceCounter
SizeofResource

user32

DestroyMenu
SetCursor
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
CharUpperA
ReleaseDC
GetDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
ReuseDDElParam
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
InflateRect
ShowScrollBar
IsWindowVisible
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
EnableWindow
SendMessageA
GetSubMenu
LoadMenuA
GetCursorPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindowThreadProcessId
GetLastActivePopup
GetMenuItemInfoA
FillRect
EndPaint
DrawIcon
SetWindowRgn
UnpackDDElParam
IsRectEmpty
DeleteMenu
GetSystemMenu
SetParent
GetMessageTime
IsZoomed
UpdateWindow
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
SetFocus
GetWindowLongA
GetWindow
SetScrollPos
GetScrollPos
GetParent
GetWindowTextA
GetWindowTextLengthA
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
MessageBoxA
ClientToScreen
SetTimer
KillTimer
SetCapture
LoadCursorA
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
SetRect
GetSysColorBrush
TabbedTextOutA
DrawTextA
GrayStringA
GetWindowDC
BeginPaint
RegisterClipboardFormatA
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DestroyIcon
UnregisterClassA
LockWindowUpdate
GetDCEx
WindowFromPoint
SetForegroundWindow
DrawTextExA

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetStockObject
DeleteDC
Ellipse
LPtoDP
CreateEllipticRgn
ExtTextOutA
BitBlt
CreateFontIndirectA
GetTextExtentPoint32A
StretchDIBits
CreateFontA
SelectObject
GetCharWidthA
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetTextMetricsA
StartDocA
StartPage
TextOutA
EndPage
EndDoc

comdlg32

PrintDlgA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetFileSecurityA
SetFileSecurityA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ExtractIconA
DragFinish
SHGetFileInfoA
DragQueryFileA

shlwapi

PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString

odbc32

ord51
ord50
ord45
ord44
ord68
ord43
ord59
ord13
ord18
ord46
ord12
ord19
ord11
ord49
ord48
ord8
ord20
ord14
ord9
ord15
ord1
ord2
ord16
ord3
ord61
ord10
ord41
ord17
ord4
ord72
ord5

Exports

Exports

Fuck
Py_Main

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
students.mdb

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b51f82116c501a0bb84b0ba6720cb508

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

ea:a7:56:b3:4c:c7:a9:1c:74:3a:20:67:9a:2f:20:94:51:24:26:94:66:11:31:02:f3:f3:28:58:74:98:ac:d2Signer

71:fd:bb:91:77:35:68:1d:67:8c:c6:f8:74:4b:92:77:f2:63:90:c7Signer

Headers

File Characteristics

Imports

qqhxsjbase

Sections

.ace Size: 12KB - Virtual size: 20KB

.ace Size: 12KB - Virtual size: 8KB

.ace Size: 4KB - Virtual size: 6KB

.ace Size: 108KB - Virtual size: 105KB

.tvm0 Size: 16KB - Virtual size: 32KB

.ace Size: 20KB - Virtual size: 18KB

Password: infected

4ea6baa092ff41ba29490d479fe86de1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

odbc32

Exports

Exports

Sections

.text Size: 425KB - Virtual size: 425KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 13KB - Virtual size: 27KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 56KB - Virtual size: 55KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

ea:a7:56:b3:4c:c7:a9:1c:74:3a:20:67:9a:2f:20:94:51:24:26:94:66:11:31:02:f3:f3:28:58:74:98:ac:d2
Signer

71:fd:bb:91:77:35:68:1d:67:8c:c6:f8:74:4b:92:77:f2:63:90:c7
Signer

.ace
Size: 12KB - Virtual size: 20KB

.ace
Size: 12KB - Virtual size: 8KB

.ace
Size: 4KB - Virtual size: 6KB

.ace
Size: 108KB - Virtual size: 105KB

.tvm0
Size: 16KB - Virtual size: 32KB

.ace
Size: 20KB - Virtual size: 18KB

.text
Size: 425KB - Virtual size: 425KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 13KB - Virtual size: 27KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 56KB - Virtual size: 55KB