MDE_File_Sample_81ddf239c492e10ab656b1bb8d576580f712bad8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_81ddf239c492e10ab656b1bb8d576580f712bad8.zip
Size

851KB
MD5

f653131afb7a41eada814919fdfafccf
SHA1

5f63af0258ed9dd8e83814c61f5d951d72dfc017
SHA256

515937ba8f54b67ed048d1258aaff65ed1081d8ade80e56667a8a420dc29d7bb
SHA512

54e288ebfed362b56a3447991b48fb09309482a023fb997b7c3464f4902534699c943790bcb8e0c895e49a1d0516f9f86470d3af9d4b6a57b1b9c64a1f000bbc
SSDEEP

12288:oolhoDii6TZ/mIg6aafQ1+gxX08n+NXHrCGv0yKeexyRIuWHlUpwRNTp9YT/7wmI:oIhUE1/xpaxkX8yKeexymuAZUT8m86cv

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_81ddf239c492e10ab656b1bb8d576580f712bad8.zip
.zip

Password: infected
Aldi - Vector Logo.exe
.exe windows:5 windows x86 arch:x86

Password: infected

8f37b9b53c6ca075b157b57841aaa3ee

Code Sign

6a:5d:73:f2:62:c3:8b:bd:45:78:ab:6a:d7:13:31:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/06/2011, 00:00

Not After

01/07/2013, 23:59

Subject

CN=W3i\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=W3i\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:25:08:5e:2c:07:57:ab:db:27:a1:92:96:b6:c3:fb:aa:fc:13:51
Signer

Actual PE Digest

7a:25:08:5e:2c:07:57:ab:db:27:a1:92:96:b6:c3:fb:aa:fc:13:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

GetDiskFreeSpaceW
LockFileEx
GetTempPathW
CreateFileW
CreateFileMappingA
GetDiskFreeSpaceA
FormatMessageW
DeleteFileW
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
GetFileAttributesExW
LoadLibraryW
AreFileApisANSI
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
SystemTimeToFileTime
GetLocalTime
WritePrivateProfileStringA
WaitForSingleObject
CreateMutexA
ReleaseMutex
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
Sleep
GetLastError
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetFileAttributesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
HeapAlloc
GetProcessHeap
UpdateResourceA
HeapFree
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FreeLibrary
LoadLibraryExA
GetUserDefaultUILanguage
GetTempPathA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
MoveFileA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
GetPrivateProfileSectionNamesA
CloseHandle
CreateProcessA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
GetExitCodeProcess
Module32First
Module32Next
GetProcAddress
GetCurrentProcessId
VirtualQuery
GetCurrentThread
GetCurrentProcess
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
FileTimeToSystemTime
GetTimeZoneInformation
CreateFileA
GetFileTime
FileTimeToLocalFileTime
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetVersionExA
GetSystemInfo
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalMemoryStatus
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetStdHandle
InterlockedExchange
InitializeCriticalSectionAndSpinCount

user32

EnumWindows
IsWindowEnabled
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
EnumChildWindows
GetSystemMetrics
SystemParametersInfoA
GetShellWindow
FindWindowA
GetDesktopWindow
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
SetCursor
LoadStringA
GetKeyboardState
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
SendMessageA
SetDlgItemTextA
AdjustWindowRectEx
OffsetRect
SetClassLongA
GetDC
DrawIcon
ReleaseDC
GetMessagePos
ScreenToClient
DialogBoxParamA
ClientToScreen
SetWindowPos
SetTimer
KillTimer
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
GetDlgCtrlID
ShowWindow
EnableWindow
SetForegroundWindow
UpdateWindow
GetSysColor
GetSysColorBrush
GetCursorPos
PostQuitMessage
LoadIconA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MessageBoxExA
MessageBoxA
IsWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SetWindowLongA
GetWindowLongA
DestroyWindow
LoadAcceleratorsA
WaitForInputIdle
ReleaseCapture
MoveWindow
GetClientRect
GetWindowRect
PostMessageA

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

OleUninitialize
CoInitializeSecurity
OleInitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoInitializeEx

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
VariantChangeType
SysAllocString
SafeArrayAccessData
SafeArrayCreateVector

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetCloseHandle
InternetReadFileExA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetSetStatusCallback
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
InternetOpenA

shlwapi

UrlEscapeA
SHDeleteEmptyKeyA
PathRenameExtensionA
PathCombineA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
PathFindExtensionA

urlmon

IsValidURL

advapi32

RevertToSelf
RegEnumValueA
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA

gdi32

SetBkColor

comdlg32

GetOpenFileNameA

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-fr
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-de
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-de
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-fr
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8f37b9b53c6ca075b157b57841aaa3ee

Code Sign

6a:5d:73:f2:62:c3:8b:bd:45:78:ab:6a:d7:13:31:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7a:25:08:5e:2c:07:57:ab:db:27:a1:92:96:b6:c3:fb:aa:fc:13:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

psapi

version

userenv

wininet

shlwapi

urlmon

advapi32

gdi32

comdlg32

Sections

.text Size: 362KB - Virtual size: 361KB

.text-co Size: 16KB - Virtual size: 15KB

.text-co Size: 99KB - Virtual size: 98KB

.text-co Size: 36KB - Virtual size: 36KB

.text-co Size: 55KB - Virtual size: 55KB

.text-co Size: 11KB - Virtual size: 10KB

.text-co Size: 19KB - Virtual size: 19KB

.text-co Size: 13KB - Virtual size: 13KB

.text-co Size: 43KB - Virtual size: 43KB

.text-fr Size: 39KB - Virtual size: 39KB

.text-co Size: 38KB - Virtual size: 38KB

.text-co Size: 69KB - Virtual size: 68KB

.text-co Size: 12KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 25KB - Virtual size: 25KB

.text-ti Size: 41KB - Virtual size: 40KB

.text-co Size: 9KB - Virtual size: 9KB

.text-de Size: 86KB - Virtual size: 85KB

.rdata Size: 259KB - Virtual size: 259KB

.data Size: 16KB - Virtual size: 25KB

.data-de Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 136B

.data-co Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 40B

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 68B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-fr Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 24B

.rsrc Size: 229KB - Virtual size: 228KB

6a:5d:73:f2:62:c3:8b:bd:45:78:ab:6a:d7:13:31:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7a:25:08:5e:2c:07:57:ab:db:27:a1:92:96:b6:c3:fb:aa:fc:13:51
Signer

.text
Size: 362KB - Virtual size: 361KB

.text-co
Size: 16KB - Virtual size: 15KB

.text-co
Size: 99KB - Virtual size: 98KB

.text-co
Size: 36KB - Virtual size: 36KB

.text-co
Size: 55KB - Virtual size: 55KB

.text-co
Size: 11KB - Virtual size: 10KB

.text-co
Size: 19KB - Virtual size: 19KB

.text-co
Size: 13KB - Virtual size: 13KB

.text-co
Size: 43KB - Virtual size: 43KB

.text-fr
Size: 39KB - Virtual size: 39KB

.text-co
Size: 38KB - Virtual size: 38KB

.text-co
Size: 69KB - Virtual size: 68KB

.text-co
Size: 12KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 25KB - Virtual size: 25KB

.text-ti
Size: 41KB - Virtual size: 40KB

.text-co
Size: 9KB - Virtual size: 9KB

.text-de
Size: 86KB - Virtual size: 85KB

.rdata
Size: 259KB - Virtual size: 259KB

.data
Size: 16KB - Virtual size: 25KB

.data-de
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 136B

.data-co
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 40B

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 68B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-fr
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 24B

.rsrc
Size: 229KB - Virtual size: 228KB