7caa5f6722c3007326cc2daf04f9d01aaa9f4817298588e65db88f8f73ef572a[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

7caa5f6722c3007326cc2daf04f9d01aaa9f4817298588e65db88f8f73ef572a.exe.zip
Size

1.4MB
MD5

3f726c7215ee61b82a6cbdbae4a452a8
SHA1

beeeb73bfcb506a951410abca06eeb72a1eaccf9
SHA256

b44bef18caa433b5ba1505ae62f887092851a8a8ca8e0e2adbe6cbe614bce67a
SHA512

1a91fea0ec5fd2735c1a3cbefa9e1b59f274aa56ef43d494675c4467b2aa99425bcccb7e2e92d2eafdbb2497dcfc5a190ce85d0e3215945a92738363b133eb70
SSDEEP

24576:kmEwd9WrGENxKRdQgLtX35syMDVk4NkI753Hl51mjhHUzursZIxvW:Ywd9WrVmrpNJeJk41Nb4jhHUKrsZIxvW

Score

1^/10

Malware Config

Signatures

Files

7caa5f6722c3007326cc2daf04f9d01aaa9f4817298588e65db88f8f73ef572a.exe.zip
.zip

Password: infected
7caa5f6722c3007326cc2daf04f9d01aaa9f4817298588e65db88f8f73ef572a.exe
.exe windows:4 windows x86 arch:x86

c8aa185ac88c2b3290ff0222ed1cb13d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:1d:34:07:93:30:6a:ca:84:fa:b3:ab:bb:15:67:ce
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/07/2011, 00:00

Not After

22/08/2013, 23:59

Subject

CN=Piriform Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Piriform Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:d4:40:da:f7:17:2e:af:c3:59:ac:fd:80:23:b7:48:20:8e:fc:fa
Signer

Actual PE Digest

ad:d4:40:da:f7:17:2e:af:c3:59:ac:fd:80:23:b7:48:20:8e:fc:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetStdHandle
LCMapStringA
RtlUnwind
CreateThread
ExitThread
GetLogicalDrives
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
TlsSetValue
OpenEventA
TlsGetValue
EnterCriticalSection
TlsAlloc
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LocalAlloc
SetFileTime
HeapSize
UnmapViewOfFile
MapViewOfFile
GetTimeFormatA
FormatMessageA
HeapReAlloc
GetDiskFreeSpaceA
UnlockFileEx
GetTickCount
GetFullPathNameA
GetDateFormatA
LoadLibraryA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableA
SetLastError
RaiseException
LeaveCriticalSection
GetCurrentThreadId
InterlockedExchange
FreeLibrary
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetCommandLineW
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
WriteFile
FlushFileBuffers
LocalFree
GetVersion
GlobalLock
GlobalUnlock
GlobalAlloc
SetFilePointer
ReadFile
SetFilePointerEx
DeviceIoControl
GetCompressedFileSizeW
DeleteFileA
AreFileApisANSI
HeapValidate
LockFile
HeapCreate
GetTempPathA
UnlockFile
GetFileAttributesA
InterlockedCompareExchange
GetCurrentProcessId
HeapDestroy
LockFileEx
lstrcmpA
MoveFileExW
SystemTimeToFileTime
GetSystemTime
SetEndOfFile
lstrlenA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLangID
FindClose
GetCurrentThread
SetErrorMode
Sleep
GetSystemTimeAsFileTime
OutputDebugStringA
BackupSeek
GetLocalTime
GetModuleFileNameA
GetVersionExA
GlobalMemoryStatus
GetSystemInfo
BackupRead
GetFileSize
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualProtect
GetModuleHandleA
CompareStringA
CreateFileA
LoadResource
LockResource
SizeofResource
GetLastError
CreateEventA
WaitForSingleObject
GetCurrentProcess
ResetEvent
OpenProcess
FlushInstructionCache
HeapFree
GetProcessHeap
CloseHandle
HeapAlloc
SetEvent
TlsFree
TerminateProcess

advapi32

LookupAccountNameW
OpenProcessToken
GetTokenInformation
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupPrivilegeNameW
RegNotifyChangeKeyValue
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
LookupAccountSidW
GetLengthSid
CopySid
RegCloseKey
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority

user32

ReleaseDC
SetWindowPos
EndDialog
GetParent
GetWindow
GetDesktopWindow
UnregisterClassA
SetClipboardData
CharLowerA
CloseClipboard
EmptyClipboard
OpenClipboard
ExitWindowsEx
WaitForInputIdle
MonitorFromWindow
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
GetMenuItemID
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
IsZoomed
SetActiveWindow
LockWindowUpdate
SetMenuDefaultItem
PostQuitMessage
GetMenu
GetComboBoxInfo
AdjustWindowRectEx
ScrollWindowEx
SetScrollInfo
SetScrollPos
GetScrollInfo
GetScrollPos
MoveWindow
SetCursorPos
DispatchMessageA
IsWindowEnabled
GetSystemMetrics
GetSysColorBrush
GetMessageA
IsChild
CreatePopupMenu
DestroyMenu
ChildWindowFromPoint
MsgWaitForMultipleObjects
EnableMenuItem
GetSystemMenu
GetDlgCtrlID
BringWindowToTop
GetCursorPos
GetMessagePos
KillTimer
SetTimer
UpdateWindow
SetRectEmpty
TranslateMessage
DestroyWindow
OffsetRect
InflateRect
TrackPopupMenu
GetDC
GetWindowDC
GetIconInfo
DrawEdge
IsWindow
DrawFocusRect
DestroyCursor
DestroyIcon
FrameRect
FillRect
ScreenToClient
CopyRect
GetFocus
GetKeyState
GetSysColor
InvalidateRect
ClientToScreen
RedrawWindow
SetCapture
GetCapture
SetCursor
PtInRect
EndPaint
SetRect
ReleaseCapture
BeginPaint
WindowFromPoint
GetActiveWindow
SetFocus
IsIconic
EnumWindows
SetForegroundWindow
OpenIcon
ShowWindow
IsWindowVisible
GetWindowRect
GetDlgItem
MapWindowPoints
GetClientRect

gdi32

Ellipse
GetClipBox
CreateBitmap
PatBlt
CreateDIBSection
GetDeviceCaps
GetStockObject
RestoreDC
SaveDC
CreatePatternBrush
StrokeAndFillPath
EndPath
CreatePen
BeginPath
CreateRectRgn
LineTo
MoveToEx
CreateSolidBrush
ExcludeClipRect
SelectClipRgn
GetClipRgn
CombineRgn
SetBkColor
CreateRectRgnIndirect
DeleteDC
GetDIBColorTable
StretchBlt
BitBlt
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SetViewportOrgEx

rpcrt4

UuidFromStringA

ole32

OleUninitialize
CoCreateInstance
CoTaskMemRealloc
OleInitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
CoTaskMemAlloc
DoDragDrop
CoInitializeSecurity
PropVariantClear
CoInitialize
CoUninitialize
CLSIDFromString
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
RegisterDragDrop

oleaut32

SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
SysFreeString
VarUI4FromStr
SysAllocString
VarBstrFromR8
VariantClear
VariantTimeToSystemTime

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathFindExtensionW
PathRemoveFileSpecW
SHStrDupW
PathRemoveExtensionA
PathRemoveExtensionW
PathAddExtensionW
PathStripToRootW
PathRemoveBackslashW
PathCompactPathW
PathFileExistsW
PathStripPathW
PathFindFileNameW
PathAppendW
PathIsDirectoryW
PathMatchSpecW
PathStripPathA
PathIsUNCW
PathIsRelativeW
PathIsURLW
PathCreateFromUrlW
StrRetToStrW
PathIsDirectoryEmptyW
PathCombineW

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_Duplicate
ImageList_Replace
ImageList_Remove
ImageList_Draw
_TrackMouseEvent
ImageList_GetIconSize
ImageList_SetImageCount
ImageList_LoadImageW
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

crypt32

CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject

wintrust

WinVerifyTrust

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c8aa185ac88c2b3290ff0222ed1cb13d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:1d:34:07:93:30:6a:ca:84:fa:b3:ab:bb:15:67:ceCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ad:d4:40:da:f7:17:2e:af:c3:59:ac:fd:80:23:b7:48:20:8e:fc:faSigner

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

rpcrt4

ole32

oleaut32

shlwapi

comctl32

wtsapi32

netapi32

crypt32

wintrust

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 568KB - Virtual size: 568KB

.data Size: 132KB - Virtual size: 152KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 424KB - Virtual size: 424KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:1d:34:07:93:30:6a:ca:84:fa:b3:ab:bb:15:67:ce
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ad:d4:40:da:f7:17:2e:af:c3:59:ac:fd:80:23:b7:48:20:8e:fc:fa
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 568KB - Virtual size: 568KB

.data
Size: 132KB - Virtual size: 152KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 424KB - Virtual size: 424KB