General

Malware Config

Signatures

Files

• 13519583058.zip

  .zip

  Password: infected

• d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d

  .exe windows:5 windows x86 arch:x86

  14658e7085305ef558e19e463130aaa3

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  47:d5:d5:37:2b:cb:15:62:b4:c9:f4:c2:bd:f1:35:87

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  28-08-2013 00:00

  Not After

  27-09-2014 23:59

  Subject

  CN=DTOPTOOLZ Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Management Support Team,O=DTOPTOOLZ Co.\,Ltd.,L=Mapo-gu,ST=SEOUL,C=KR

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  86:80:21:80:7e:df:d0:ea:d8:84:18:3d:9c:06:d7:8a:57:4c:de:67

  Signer

  Actual PE Digest

  86:80:21:80:7e:df:d0:ea:d8:84:18:3d:9c:06:d7:8a:57:4c:de:67

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetStartupInfoW

  HeapAlloc

  HeapFree

  RtlUnwind

  RaiseException

  HeapReAlloc

  HeapSize

  SetUnhandledExceptionFilter

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  HeapCreate

  VirtualFree

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  GetConsoleCP

  GetConsoleMode

  VirtualAlloc

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  CreateFileA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  GetLocaleInfoA

  GetStringTypeA

  GetStringTypeW

  LCMapStringA

  LCMapStringW

  GetProcessHeap

  SetErrorMode

  GetCurrentProcess

  SetEndOfFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  lstrlenA

  InterlockedIncrement

  TlsFree

  DeleteCriticalSection

  LocalReAlloc

  TlsSetValue

  TlsAlloc

  InitializeCriticalSection

  GlobalHandle

  GlobalReAlloc

  EnterCriticalSection

  TlsGetValue

  LeaveCriticalSection

  LocalAlloc

  GlobalFlags

  InterlockedDecrement

  GlobalFindAtomW

  GetVersionExW

  CompareStringW

  LoadLibraryA

  GetVersionExA

  GlobalAddAtomW

  CloseHandle

  GetModuleHandleA

  FormatMessageW

  LocalFree

  MulDiv

  GetCurrentProcessId

  GetLastError

  SetLastError

  GlobalUnlock

  GlobalFree

  FreeResource

  lstrlenW

  WritePrivateProfileStringW

  GlobalDeleteAtom

  GetCurrentThread

  GetCurrentThreadId

  ConvertDefaultLocale

  EnumResourceLanguagesW

  GetModuleFileNameW

  lstrcmpA

  GetLocaleInfoW

  LoadLibraryW

  WideCharToMultiByte

  MultiByteToWideChar

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  InterlockedExchange

  GlobalLock

  lstrcmpW

  GlobalAlloc

  FreeLibrary

  GetModuleHandleW

  GetProcAddress

  CreateThread

  ExitProcess

  Sleep

  CreateProcessA

  ExpandEnvironmentStringsA

  IsDebuggerPresent

  GetTickCount

  user32

  LoadCursorW

  ShowWindow

  SetWindowTextW

  IsDialogMessageW

  RegisterWindowMessageW

  SendDlgItemMessageW

  SendDlgItemMessageA

  WinHelpW

  GetCapture

  GetClassLongW

  GetClassNameW

  SetPropW

  GetPropW

  RemovePropW

  SetFocus

  GetWindowTextW

  GetForegroundWindow

  GetTopWindow

  UnhookWindowsHookEx

  GetMessageTime

  GetMessagePos

  MapWindowPoints

  SetMenu

  SetForegroundWindow

  UpdateWindow

  CreateWindowExW

  GetClassInfoExW

  GetClassInfoW

  RegisterClassW

  AdjustWindowRectEx

  PtInRect

  GetDlgCtrlID

  DefWindowProcW

  CallWindowProcW

  GetMenu

  SetWindowLongW

  SetWindowPos

  SystemParametersInfoA

  GetWindowPlacement

  GetWindowRect

  GetWindow

  SetCursor

  SetWindowsHookExW

  CallNextHookEx

  GetMessageW

  TranslateMessage

  DispatchMessageW

  IsWindowVisible

  GetKeyState

  PeekMessageW

  GetCursorPos

  ValidateRect

  SetMenuItemBitmaps

  GetMenuCheckMarkDimensions

  LoadBitmapW

  GetFocus

  ModifyMenuW

  EnableWindow

  LoadIconW

  SendMessageW

  IsIconic

  EnableMenuItem

  CheckMenuItem

  GetSysColor

  EndPaint

  BeginPaint

  ClientToScreen

  GrayStringW

  DrawTextExW

  DrawTextW

  TabbedTextOutW

  UnregisterClassW

  DestroyMenu

  GetSysColorBrush

  GetSystemMetrics

  GetClientRect

  DrawIcon

  SetTimer

  KillTimer

  wsprintfW

  PostMessageW

  PostQuitMessage

  EndDialog

  GetNextDlgTabItem

  GetParent

  IsWindowEnabled

  GetDlgItem

  GetWindowLongW

  IsWindow

  DestroyWindow

  CreateDialogIndirectParamW

  SetActiveWindow

  GetActiveWindow

  GetDesktopWindow

  GetMenuState

  GetMenuItemID

  GetMenuItemCount

  GetSubMenu

  GetWindowThreadProcessId

  GetLastActivePopup

  MessageBoxW

  ReleaseDC

  GetDC

  CopyRect

  gdi32

  DeleteDC

  CreateBitmap

  GetStockObject

  SetWindowExtEx

  ScaleWindowExtEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  PtVisible

  SetViewportOrgEx

  SelectObject

  Escape

  ExtTextOutW

  TextOutW

  CreateFontW

  GetObjectW

  DeleteObject

  GetClipBox

  SetMapMode

  SetTextColor

  SetBkColor

  RestoreDC

  SaveDC

  GetDeviceCaps

  RectVisible

  winspool.drv

  DocumentPropertiesW

  OpenPrinterW

  ClosePrinter

  advapi32

  RegQueryValueW

  RegOpenKeyW

  RegEnumKeyW

  RegDeleteKeyW

  RegSetValueExW

  RegCreateKeyExW

  RegOpenKeyExW

  RegQueryValueExW

  RegCloseKey

  shell32

  ShellExecuteA

  shlwapi

  PathFindFileNameW

  PathFindExtensionW

  oleaut32

  VariantClear

  VariantChangeType

  VariantInit

  Sections

  .text

  Size: 138KB - Virtual size: 138KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 78KB - Virtual size: 93KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 152KB - Virtual size: 151KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ