22b6585688de4d36ad8a277307a0ae3f

Sharing

Copy URL Twitter E-mail

General

Target

22b6585688de4d36ad8a277307a0ae3f
Size

4.7MB
MD5

22b6585688de4d36ad8a277307a0ae3f
SHA1

47818150439c392e5fba074f15248defb2251d3a
SHA256

8273f6263cd0c49c1263c695b33280b8cb8dfa8b8f9f68e6673e0a6d01e8c558
SHA512

6f9b7f4cc3288d718c975e6c6aeec10da961d371640b732e725c29b5f345150c4d2b3f04c6d0b3e11456299b84caa636aa6a15cce0bc4847dcf077fcf4eeee21
SSDEEP

49152:U+e5X6s/BmrfLjD/1GQP0Gg/5nSwIrekgLVFRM3T2ZyblTNLdL:c/Yy50r/0TOCZybtNBL

Score

1^/10

Malware Config

Signatures

Files

22b6585688de4d36ad8a277307a0ae3f
.dll windows:6 windows x64 arch:x64

eba5f28d77b41c0917ea1fb57f1c14e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:db:4c:d4:68:dd:eb:54:16:14:05:8a:72:ea:9b:48:c0:d7:38:7a:33:eb:7e:6b:c4:0c:22:54:cd:3d:60:f8
Signer

Actual PE Digest

6f:db:4c:d4:68:dd:eb:54:16:14:05:8a:72:ea:9b:48:c0:d7:38:7a:33:eb:7e:6b:c4:0c:22:54:cd:3d:60:f8

Digest Algorithm

sha256

PE Digest Matches

true

18:f9:37:78:a2:bf:fe:1d:5c:69:49:99:2a:5e:6a:74:cc:bc:a7:31
Signer

Actual PE Digest

18:f9:37:78:a2:bf:fe:1d:5c:69:49:99:2a:5e:6a:74:cc:bc:a7:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

FrameRect
FillRect
DrawFocusRect
SetPropW
GetWindowDC
KillTimer
SetTimer
GetKeyState
GetFocus
GetWindowLongW
EndPaint
BeginPaint
UpdateWindow
GetClassNameW
DrawTextW
GetDlgCtrlID
CreateDialogParamW
CreateWindowExW
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
GetDesktopWindow
PtInRect
IsRectEmpty
SetRectEmpty
GetCursorPos
IsIconic
IsCharAlphaNumericW
IsCharAlphaNumericA
LoadStringW
GetWindowTextW
GetDlgItemTextW
CharToOemBuffW
OemToCharA
CharToOemA
OemToCharBuffA
CharLowerW
CharUpperW
InflateRect
GetPropW
DestroyIcon
CharNextW
DialogBoxIndirectParamW
TrackMouseEvent
AnimateWindow
MapDialogRect
SetCapture
ReleaseCapture
DefWindowProcW
RegisterClassExW
GetClassInfoExW
CreatePopupMenu
DestroyMenu
SetActiveWindow
LoadImageW
SetForegroundWindow
IsWindowVisible
LoadBitmapW
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
MessageBoxA
SystemParametersInfoW
GetWindow
GetWindowLongPtrW
ClientToScreen
MessageBeep
GetClientRect
GetForegroundWindow
GetSystemMetrics
MoveWindow
GetSysColor
InvalidateRect
IsWindowEnabled
LoadStringA
ReleaseDC
GetDC
EndDialog
DialogBoxParamW
IsDialogMessageW
LoadIconW
GetParent
SetWindowLongPtrW
ScreenToClient
MessageBoxW
GetWindowRect
GetWindowTextLengthW
SetWindowTextW
EnableWindow
MsgWaitForMultipleObjects
SetFocus
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
AppendMenuW
TrackPopupMenu
SetWindowLongW
SetParent
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
ShowWindow
LoadCursorW
SetScrollInfo
GetScrollInfo
GetClassLongPtrW
SetClassLongPtrW
DestroyWindow
IsWindow
CallWindowProcW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetComboBoxInfo
DrawTextExW
DrawIconEx
CreateDialogIndirectParamW
GetMessageW

kernel32

GetModuleHandleExW
GetProcAddress
OpenFile
_lclose
LoadLibraryW
CreateActCtxW
ActivateActCtx
PeekNamedPipe
FindActCtxSectionStringW
QueryActCtxW
CreateEventA
SetEvent
MulDiv
CreateFileA
DeleteFileA
WriteFile
ExpandEnvironmentStringsA
CreateDirectoryW
FindClose
FindFirstFileW
GetModuleFileNameW
RemoveDirectoryW
CreateThread
GetLocalTime
GetTickCount
_lcreat
GetPrivateProfileStringW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
GetModuleFileNameA
GlobalMemoryStatus
FormatMessageA
VerifyVersionInfoW
GetACP
GetLocaleInfoA
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
SetErrorMode
ExitProcess
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetUserDefaultUILanguage
SetThreadUILanguage
LocalFree
SetLastError
GetLastError
CloseHandle
OutputDebugStringA
DeleteFileW
SetCurrentDirectoryW
SizeofResource
FindResourceW
IsBadReadPtr
IsBadWritePtr
DecodePointer
lstrcmpiW
FreeResource
InitializeSListHead
CreateFileMappingW
GetVersionExW
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ExitThread
GetFileAttributesW
FreeLibraryAndExitThread
DeactivateActCtx
GetCommandLineW
LockResource
LoadResource
SetVolumeLabelW
FormatMessageW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnlockFile
LockFile
GetVolumeInformationW
GetTempFileNameW
GetDiskFreeSpaceW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTempPathW
GetTimeZoneInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
GetSystemInfo
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
ExpandEnvironmentStringsW
CreateSemaphoreW
GetProcessAffinityMask
CreateEventW
WaitForSingleObject
InitializeCriticalSection
SetThreadPriority
GetWindowsDirectoryW
GetSystemDirectoryW
Sleep
FindNextFileW
MoveFileW
DeviceIoControl
GetDriveTypeW
LocalFileTimeToFileTime
IsDBCSLeadByte
AreFileApisANSI
GetFullPathNameW
GetCurrentDirectoryW
IsDBCSLeadByteEx
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesExW
CompareStringA
SetFileTime
SetFilePointer
GetFileSize
GetFileInformationByHandle
FileTimeToLocalFileTime
MoveFileExW
WaitForMultipleObjectsEx
ResetEvent
GetCurrentProcessId
DuplicateHandle
ReleaseSemaphore
OpenEventA
CreateSemaphoreA
WaitForSingleObjectEx
OutputDebugStringW
HeapReAlloc
HeapSize
WriteConsoleW
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
CreateFileW
GetCPInfo
GetOEMCP
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
HeapAlloc
HeapFree
GetCurrentThread
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetStringTypeW
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
IsValidCodePage

gdi32

Ellipse
MoveToEx
LineTo
CreatePen
SetBkMode
SetDIBits
GetBkColor
SetDCBrushColor
GetTextExtentPoint32W
DPtoLP
GetObjectW
SetTextColor
SetMapMode
SetBkColor
SelectPalette
SelectObject
RealizePalette
PatBlt
GetStockObject
GetMapMode
GetDIBits
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
GetDeviceCaps
DeleteObject
CreateFontIndirectW
TextOutW

advapi32

RegEnumValueW
RegSetValueExA
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExA
RegQueryValueA
RegEnumValueA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SystemFunction036
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
SetFileSecurityW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW
SHFileOperationW
SHChangeNotify
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
OleCreatePictureIndirect
VarUI4FromStr
SysAllocString
VariantClear

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

comctl32

ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ord413
ord412
ord410
ImageList_GetIcon

gdiplus

GdipFlush
GdipCreateLineBrushI
GdipDeleteGraphics
GdipFillRectangleI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC

Exports

Exports

ZAMEntryPoint4

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 951KB - Virtual size: 951KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eba5f28d77b41c0917ea1fb57f1c14e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

6f:db:4c:d4:68:dd:eb:54:16:14:05:8a:72:ea:9b:48:c0:d7:38:7a:33:eb:7e:6b:c4:0c:22:54:cd:3d:60:f8Signer

18:f9:37:78:a2:bf:fe:1d:5c:69:49:99:2a:5e:6a:74:cc:bc:a7:31Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

version

msimg32

comctl32

gdiplus

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 951KB - Virtual size: 951KB

.data Size: 63KB - Virtual size: 192KB

.pdata Size: 151KB - Virtual size: 150KB

.gfids Size: 512B - Virtual size: 408B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 22KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

6f:db:4c:d4:68:dd:eb:54:16:14:05:8a:72:ea:9b:48:c0:d7:38:7a:33:eb:7e:6b:c4:0c:22:54:cd:3d:60:f8
Signer

18:f9:37:78:a2:bf:fe:1d:5c:69:49:99:2a:5e:6a:74:cc:bc:a7:31
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 951KB - Virtual size: 951KB

.data
Size: 63KB - Virtual size: 192KB

.pdata
Size: 151KB - Virtual size: 150KB

.gfids
Size: 512B - Virtual size: 408B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 22KB - Virtual size: 22KB