199300a8e1b0000a82d04cda2d32c482945affe47a037aaa58f89e3edf059684[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

199300a8e1b0000a82d04cda2d32c482945affe47a037aaa58f89e3edf059684.exe.zip
Size

2.6MB
MD5

1abbdbeba5c2ebe0d8f36d3b8a65b4cc
SHA1

8f1017d29937fbcbe15e6a18cf66a1600f09c310
SHA256

146163989557d34c4cb09cdc061eac3b19119e763326e819c72a72bda908b8d2
SHA512

0987a853e28d295fc74f2874e9071451109d95ef1efd2818c9a37ff5ea5c21a85daf248cdadb499eb48328132726b07086fb7fc85f3e4b844b8829b7dca5499d
SSDEEP

49152:8NvvmH4SlbHt+/blZdnDsd2DtYWfiYGeA8MeMh4RvEBJJ/NHBN34r1h3zhs2/y:8xvmPpHt+/7OdOY+iYGeRcPBB4rv3zhS

Score

1^/10

Malware Config

Signatures

Files

199300a8e1b0000a82d04cda2d32c482945affe47a037aaa58f89e3edf059684.exe.zip
.zip

Password: infected
199300a8e1b0000a82d04cda2d32c482945affe47a037aaa58f89e3edf059684.exe
.exe windows:5 windows x64 arch:x64

f40daf3b1e95c231b8573973862ff3d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:5a:f6:d5:21:f6:7e:13:2d:53:38:57:42:ce:9b:35
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2013, 00:00

Not After

24/09/2015, 23:59

Subject

CN=Piriform Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Piriform Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:93:1a:24:6b:93:f3:21:42:de:bc:0a:a1:fa:03:18:87:89:96:a6
Signer

Actual PE Digest

4c:93:1a:24:6b:93:f3:21:42:de:bc:0a:a1:fa:03:18:87:89:96:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidFromStringA

kernel32

HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
GetCurrentProcessId
GetTempPathA
AreFileApisANSI
DeleteFileA
SetFileTime
RtlCaptureContext
SetUnhandledExceptionFilter
VirtualQueryEx
TerminateThread
ReleaseSemaphore
CreateSemaphoreW
ResumeThread
CreateThread
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
WaitForMultipleObjects
GetFileAttributesA
HeapDestroy
FormatMessageA
UnlockFileEx
GetTickCount
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
OutputDebugStringW
GetFileType
HeapValidate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
HeapSetInformation
GetStdHandle
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetLogicalDrives
ExitThread
RtlPcToFileHeader
ExitProcess
VirtualQuery
SetThreadStackGuarantee
VirtualProtect
CreateWaitableTimerA
SetWaitableTimer
TlsSetValue
OpenEventA
TlsGetValue
TlsFree
TlsAlloc
DecodePointer
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
BackupSeek
BackupRead
GetCompressedFileSizeW
CreateDirectoryW
VirtualFree
VirtualAlloc
SetFilePointerEx
GetDiskFreeSpaceExW
SetHandleCount
HeapCreate
LockFile
UnlockFile
UnmapViewOfFile
MapViewOfFile
CreateFileA
HeapReAlloc
GetFullPathNameA
CompareFileTime
lstrcmpA
SetProcessWorkingSetSize
SetEndOfFile
MoveFileExW
SystemTimeToFileTime
GetSystemTime
DeviceIoControl
MoveFileW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
LoadLibraryA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetThreadPriority
GetVolumeInformationW
GetDriveTypeW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetShortPathNameW
IsBadStringPtrW
CopyFileW
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
SetFileAttributesW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
GetUserDefaultLangID
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetLocaleInfoW
GetSystemTimeAsFileTime
OutputDebugStringA
InitializeCriticalSection
GetLocalTime
GetModuleFileNameA
VerifyVersionInfoW
VerSetConditionMask
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
lstrlenA
GlobalHandle
lstrcmpW
GetWindowsDirectoryW
GetProcessTimes
GetLongPathNameW
SetFilePointer
GetFileSize
ReadFile
GetVersion
CompareStringW
Sleep
GetPrivateProfileStringW
DeleteFileW
LocalFree
FormatMessageW
lstrcpynW
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
MulDiv
GetCommandLineW
CreateProcessW
GetStartupInfoW
SetErrorMode
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
lstrcmpiW
GetProcAddress
MultiByteToWideChar
lstrcpyW
FreeLibrary
LoadLibraryW
WriteFile
FlushFileBuffers
CreateFileW
GetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetModuleFileNameW
GetLastError
lstrlenW
DeleteCriticalSection
SetLastError
RaiseException
GetCurrentThreadId
FindResourceExW
GetModuleHandleW
GetTimeFormatA
FindResourceW
SizeofResource
LockResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LeaveCriticalSection
EnterCriticalSection
CreateEventA
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
SetEvent
CreateEventW
OpenProcess
TerminateProcess
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
GetDateFormatA
GetConsoleCP

user32

CallNextHookEx
GetWindowRect
SetWindowPos
GetWindowLongW
GetParent
GetWindow
UnregisterClassA
GetDesktopWindow
GetClientRect
MapWindowPoints
SetWindowLongW
GetDlgItem
SetWindowTextW
SetWindowLongPtrW
PostMessageW
EndDialog
GetWindowLongPtrW
DefWindowProcW
CallWindowProcW
SendMessageW
GetSysColor
LoadImageW
ShowWindow
KillTimer
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
GetMenuItemID
GetMonitorInfoW
MonitorFromWindow
GetWindowThreadProcessId
ExitWindowsEx
WaitForInputIdle
EnumDisplaySettingsW
EmptyClipboard
SendMessageTimeoutW
DrawFrameControl
SetWindowsHookExW
UnhookWindowsHookEx
DeleteMenu
SetLayeredWindowAttributes
GetMenu
AdjustWindowRectEx
GetComboBoxInfo
LoadIconW
FindWindowExW
IsDialogMessageW
IsZoomed
PostQuitMessage
LockWindowUpdate
SetMenuDefaultItem
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
SetDlgItemTextW
GetNextDlgTabItem
GetDlgItemInt
GetForegroundWindow
SendDlgItemMessageW
DestroyAcceleratorTable
InvalidateRgn
CreateAcceleratorTableW
SetWindowContextHelpId
MapDialogRect
DialogBoxParamW
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
AppendMenuW
GetScrollPos
GetMessagePos
CreateDialogParamW
IsChild
ChildWindowFromPoint
SetRectEmpty
SetCursorPos
InsertMenuW
TrackPopupMenu
DestroyMenu
LoadStringW
DrawTextExW
UnregisterClassW
SetTimer
DestroyWindow
FillRect
GetSysColorBrush
InvalidateRect
BeginPaint
EndPaint
IsWindow
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
CheckDlgButton
IsDlgButtonChecked
GetWindowTextW
GetClassNameW
IsWindowVisible
OpenIcon
SetForegroundWindow
FindWindowW
EnumWindows
IsIconic
SetFocus
SetRect
GetCapture
SetCapture
RedrawWindow
ClientToScreen
WindowFromPoint
ReleaseCapture
PtInRect
SetCursor
CharLowerW
CharLowerA
GetDlgItemTextW
SetClipboardData
LoadBitmapW
CreateDialogIndirectParamW
GetCursorPos
CreatePopupMenu
EnableMenuItem
GetSystemMenu
EnableWindow
BringWindowToTop
UpdateWindow
SystemParametersInfoW
GetDlgCtrlID
DrawTextW
GetActiveWindow
IsWindowEnabled
DispatchMessageA
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
GetClassInfoW
CharNextW
DrawEdge
DrawFocusRect
DrawStateW
FrameRect
ScreenToClient
GetWindowTextLengthW
GetDC
CopyRect
GetFocus
GetKeyState
GetWindowDC
ReleaseDC
InflateRect
OffsetRect
GetClassLongPtrW
DestroyIcon
DestroyCursor
GetIconInfo

gdi32

CreateBitmap
CreatePatternBrush
GetClipBox
PatBlt
Ellipse
PolylineTo
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
EndPath
BeginPath
ExcludeClipRect
SelectClipRgn
GetClipRgn
SetBkColor
LineTo
MoveToEx
CreatePen
CreateSolidBrush
TextOutW
SetTextColor
CreateCompatibleBitmap
SetViewportOrgEx
RestoreDC
SaveDC
GetDIBColorTable
StretchBlt
SetBkMode
CreateFontIndirectW
SetDIBColorTable
CreateDIBSection
GetTextMetricsW
GetObjectW
ExtTextOutW
StrokeAndFillPath
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

LookupAccountNameW
CryptReleaseContext
CryptAcquireContextA
SetNamedSecurityInfoW
SetEntriesInAclW
CloseEventLog
ClearEventLogW
OpenEventLogW
LookupPrivilegeNameW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
RegEnumValueW
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
CryptGenRandom
CopySid
GetLengthSid
LookupAccountSidW
FreeSid
EqualSid
OpenThreadToken
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHAddToRecentDocs
SHEmptyRecycleBinW
ExtractIconExW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitialize
PropVariantClear
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitializeSecurity
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysStringLen
VarUI4FromStr
VariantChangeType
VariantTimeToSystemTime
VarBstrFromR8
DispCallFunc
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathCombineW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddExtensionW
PathStripToRootW
SHStrDupW
PathRemoveBackslashW
PathGetDriveNumberW
PathCompactPathW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathMatchSpecW
PathStripPathW
PathFindExtensionW
PathRemoveArgsW
PathUnquoteSpacesW
PathStripPathA
PathIsUNCW
PathIsURLW
PathCreateFromUrlW
PathIsRelativeW
PathFindFileNameW
StrRetToStrW
PathIsDirectoryEmptyW
PathSkipRootW

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_Create
ImageList_SetIconSize
ImageList_Replace
ImageList_GetImageInfo
ImageList_Remove
ImageList_GetIconSize
ImageList_Draw
_TrackMouseEvent
ImageList_Duplicate
ImageList_LoadImageW
ImageList_ReplaceIcon
ImageList_GetImageCount
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromScan0

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
DrawThemeEdge
GetThemeInt
DrawThemeText
GetThemeColor
GetThemeMargins
IsThemeActive

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetLocalGroupGetMembers

crypt32

CryptDecodeObject
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertFindCertificateInStore

wintrust

WinVerifyTrust

esent

JetOpenDatabase
JetAttachDatabase2
JetCreateDatabase2
JetBeginSession
JetInit2
JetOpenTable
JetSetSystemParameter
JetTerm2
JetEndSession
JetCloseDatabase
JetCloseTable
JetGetDatabaseFileInfo
JetSetCurrentIndex4
JetMove
JetEnumerateColumns
JetBeginTransaction
JetDelete
JetCommitTransaction
JetRollback
JetCreateInstance2
JetDeleteTable

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
FindFirstUrlCacheEntryExW
FindNextUrlCacheEntryExW
InternetOpenW
FindCloseUrlCache
InternetOpenUrlW
InternetConnectW
InternetCrackUrlW
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f40daf3b1e95c231b8573973862ff3d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

78:5a:f6:d5:21:f6:7e:13:2d:53:38:57:42:ce:9b:35Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4c:93:1a:24:6b:93:f3:21:42:de:bc:0a:a1:fa:03:18:87:89:96:a6Signer

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

uxtheme

wtsapi32

netapi32

crypt32

wintrust

esent

iphlpapi

version

wininet

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 176KB - Virtual size: 203KB

.pdata Size: 159KB - Virtual size: 159KB

.tls Size: 512B - Virtual size: 2B

text Size: 3KB - Virtual size: 2KB

data Size: 10KB - Virtual size: 9KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 59KB - Virtual size: 58KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

78:5a:f6:d5:21:f6:7e:13:2d:53:38:57:42:ce:9b:35
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4c:93:1a:24:6b:93:f3:21:42:de:bc:0a:a1:fa:03:18:87:89:96:a6
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 176KB - Virtual size: 203KB

.pdata
Size: 159KB - Virtual size: 159KB

.tls
Size: 512B - Virtual size: 2B

text
Size: 3KB - Virtual size: 2KB

data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 59KB - Virtual size: 58KB