933e21bb15b631849c6dbe482bfbfb07d9fe0736d71a1554ccfbcab0196f7d9e[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

933e21bb15b631849c6dbe482bfbfb07d9fe0736d71a1554ccfbcab0196f7d9e.exe.zip
Size

3.8MB
MD5

faab2ebcb5f05e0500bec912e863b058
SHA1

f4d9184b756fe70484e3051a279e93a98e080940
SHA256

5db1f2526d86e8b22c040f66188f7229eab850e138dc29cb8b2dba52c84d75a1
SHA512

796626dcd4ec9936c78c1326c5cb252e008a596f5981186568a6eed3bab24b3215b117dc58da6578b0dae0da738287659b0bb62877b00c2eb714154d91f4bbe4
SSDEEP

98304:LR0uz2j01iUUbQ1TpJigjG+d70vTmUV+Rci93TXvM0:LR0UA6+aG+d70q/Rci9DvM0

Score

1^/10

Malware Config

Signatures

Files

933e21bb15b631849c6dbe482bfbfb07d9fe0736d71a1554ccfbcab0196f7d9e.exe.zip
.zip

Password: infected
933e21bb15b631849c6dbe482bfbfb07d9fe0736d71a1554ccfbcab0196f7d9e.exe
.exe windows:4 windows x64 arch:x64

55f67bdbb25b1e020156048ae57b89c3

Code Sign

08:43:4f:5e:e3:be:27:16:b1:2e:8c:0f:89:8a:f8:ce
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/11/2022, 00:00

Not After

18/10/2025, 23:59

Subject

CN=Datto Inc,O=Datto Inc,L=Norwalk,ST=Connecticut,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ce:4c:07:61:52:a5:eb:22:6c:b5:79:fc:ca:c0:5a:03:70:8b:db:80
Signer

Actual PE Digest

ce:4c:07:61:52:a5:eb:22:6c:b5:79:fc:ca:c0:5a:03:70:8b:db:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDecrypt
BCryptDeriveKey
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptEncrypt
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptVerifySignature

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringA
CertNameToStrA
CertOpenStore
CryptDecodeObject
CryptDecodeObjectEx
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

fwpuclnt

FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterAdd0
FwpmFilterCreateEnumHandle0
FwpmFilterDeleteById0
FwpmFilterDestroyEnumHandle0
FwpmFilterEnum0
FwpmFreeMemory0
FwpmProviderAdd0
FwpmProviderDeleteByKey0
FwpmProviderGetByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0

kernel32

AreFileApisANSI
CreateFileA
CreateFileMappingW
CreateMutexW
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFileSizeEx
GetFullPathNameA
GetModuleFileNameA
GetSystemTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapCompact
HeapCreate
HeapDestroy
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExA
LoadLibraryW
LockFile
LockFileEx
OutputDebugStringA
OutputDebugStringW
RemoveVectoredExceptionHandler
RtlVirtualUnwind
SetEndOfFile
SetFilePointer
TryEnterCriticalSection
UnlockFile
UnlockFileEx
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CancelIoEx
CloseHandle
CompareStringOrdinal
ConnectNamedPipe
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessAsUserW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameExW
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimes
GetTickCount64
GetTimeZoneInformation
GetVolumeInformationW
GetWindowsDirectoryW
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
IsDBCSLeadByteEx
LoadLibraryA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OpenProcess
OpenThread
PostQueuedCompletionStatus
Process32First
Process32Next
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputW
ReadConsoleW
ReadFile
ReadFileEx
ReadProcessMemory
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlAddFunctionTable
RtlUnwindEx
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetErrorMode
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx
__C_specific_handler

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
SysStringLen
VariantClear

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

powrprof

CallNtPowerInformation

shell32

CommandLineToArgvW
SHGetFolderPathW

tdh

TdhGetEventInformation
TdhGetProperty
TdhGetPropertySize

user32

CloseClipboard
GetClipboardData
OpenClipboard

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WinVerifyTrust

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
ioctlsocket
recv
select
send
setsockopt
shutdown

wtsapi32

WTSQueryUserToken

psapi

EnumDeviceDrivers
EnumProcessModulesEx
GetDeviceDriverFileNameW
GetMappedFileNameA
GetModuleFileNameExW
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessMemoryInfo

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
ControlService
ControlTraceW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSidToSidA
CopySid
CreateServiceW
DeleteService
EnableTrace
GetLengthSid
GetTokenInformation
ImpersonateSelf
IsValidSid
IsWellKnownSid
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
OpenTraceW
ProcessTrace
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
StartTraceW
SystemFunction036

iphlpapi

FreeMibTable
GetAdaptersAddresses
GetBestInterface
GetExtendedTcpTable
GetIfTable2

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_difftime64
_endthreadex
_errno
_fmode
_fpreset
_fstat64
_gmtime64
_initterm
_localtime64
_lock
_mktime64
_onexit
_pclose
_popen
_setjmp
_snprintf
_stricmp
_strnicmp
_strtoi64
_time64
_unlock
_vsnprintf
abort
acos
asin
atan2
atof
atoi
calloc
ceil
clearerr
clock
cos
exit
exp
fclose
feof
ferror
fflush
fgets
floor
fmod
fopen
fprintf
fputc
fread
free
freopen
frexp
fseek
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
ldexp
localeconv
log
log10
malloc
memchr
memcmp
memcpy
memmove
memset
pow
printf
putchar
puts
qsort
rand
realloc
remove
rename
rewind
setlocale
setvbuf
signal
sin
sprintf
sqrt
srand
sscanf
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
system
tan
tmpfile
tmpnam
tolower
toupper
ungetc
vfprintf
wcslen
longjmp
_read
_open
_close

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

ntdll

NtCancelIoFileEx
NtClose
NtCreateFile
NtDeleteKey
NtDeleteValueKey
NtDeviceIoControlFile
NtEnumerateKey
NtEnumerateValueKey
NtOpenKey
NtQueryInformationProcess
NtQueryInformationThread
NtQuerySystemInformation
NtReadFile
NtSetValueKey
NtWriteFile
RtlCaptureContext
RtlGetVersion
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlNtStatusToDosError

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
TranslateNameA

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

55f67bdbb25b1e020156048ae57b89c3

Code Sign

08:43:4f:5e:e3:be:27:16:b1:2e:8c:0f:89:8a:f8:ceCertificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

ce:4c:07:61:52:a5:eb:22:6c:b5:79:fc:ca:c0:5a:03:70:8b:db:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

fwpuclnt

kernel32

ole32

oleaut32

pdh

powrprof

shell32

tdh

user32

wintrust

ws2_32

wtsapi32

psapi

advapi32

iphlpapi

msvcrt

netapi32

ntdll

secur32

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.data Size: 25KB - Virtual size: 22KB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.pdata Size: 171KB - Virtual size: 171KB

.xdata Size: 196KB - Virtual size: 195KB

.bss Size: - Virtual size: 9KB

.idata Size: 20KB - Virtual size: 20KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 48KB - Virtual size: 48KB

08:43:4f:5e:e3:be:27:16:b1:2e:8c:0f:89:8a:f8:ce
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

ce:4c:07:61:52:a5:eb:22:6c:b5:79:fc:ca:c0:5a:03:70:8b:db:80
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 25KB - Virtual size: 22KB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.pdata
Size: 171KB - Virtual size: 171KB

.xdata
Size: 196KB - Virtual size: 195KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 20KB - Virtual size: 20KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 48KB - Virtual size: 48KB