14044996938[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

14044996938.zip
Size

733KB
MD5

e227a0fe12dcb686214862c53b7c2a14
SHA1

b727e742d542e68c21c54b9c96d29faba70c63d5
SHA256

74fe9804739c9abea3aefe01d2762ca45e15c99465ed93631bca7508e4620c24
SHA512

5e0ad8d2e86c8a3d0133c33747cfc07235b977b636096a9ed48b4a1847945a7c61082b3f8e7206e6d4d05aa6f2e0781de0042ba89712ac81cd23dcf4f943209e
SSDEEP

12288:vzGc0pCvT65Ftvy+H3RKIxvQvMOwPMeycXvkzSnq83EvOGWeY+jtJZQyxd:vacFvT65b3RKIxIvMOwP/yGvUm0Y+hJL

Score

1^/10

Malware Config

Signatures

Files

14044996938.zip
.zip

Password: infected
0f30c8a4fa1d9a90dfb03d52dcebde2919da3f0b94b5edd92e34d1afd518ffd3
.exe windows:5 windows x86 arch:x86

f5c445ea99436b4cd0f54b2e99ce345b

Code Sign

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:7a:4c:9e:3f:3d:34:c7:61:9f:c2:a9:7b:d7:90:ee
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/07/2020, 00:00

Not After

11/08/2021, 12:00

Subject

CN=淮安成思科技有限公司,O=淮安成思科技有限公司,L=淮安市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:e6:3a:c9:92:ef:67:ba
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/09/2020, 07:00

Not After

09/09/2025, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:7a:4c:9e:3f:3d:34:c7:61:9f:c2:a9:7b:d7:90:ee
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/07/2020, 00:00

Not After

11/08/2021, 12:00

Subject

CN=淮安成思科技有限公司,O=淮安成思科技有限公司,L=淮安市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:e6:3a:c9:92:ef:67:ba
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/09/2020, 07:00

Not After

09/09/2025, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

72:25:d8:bb:0c:5b:1f:66:86:0c:27:8a:bc:c1:fb:fa:4c:ce:d9:0b:5f:2c:a2:91:93:d9:0b:7f:2c:20:c9:f8
Signer

Actual PE Digest

72:25:d8:bb:0c:5b:1f:66:86:0c:27:8a:bc:c1:fb:fa:4c:ce:d9:0b:5f:2c:a2:91:93:d9:0b:7f:2c:20:c9:f8

Digest Algorithm

sha256

PE Digest Matches

true

06:2f:2f:01:ff:2d:7b:cc:dd:30:4f:cb:68:84:d2:3c:84:37:90:cc
Signer

Actual PE Digest

06:2f:2f:01:ff:2d:7b:cc:dd:30:4f:cb:68:84:d2:3c:84:37:90:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
IsWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
SetFocus
GetActiveWindow
GetFocus
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
PostMessageW
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
SetForegroundWindow
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
GetKeyState
CharNextW
ShowWindow
DestroyWindow
PostQuitMessage
GetCursorPos
SetPropW
GetPropW
SetWindowRgn
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
UpdateWindow
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
wsprintfW
SetRect
FillRect
DrawTextW
CharPrevW
GetWindowRgn
MoveWindow
UpdateLayeredWindow
MessageBoxW

ole32

OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
VarUI4FromStr

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipMeasureString
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipStringFormatGetGenericTypographic

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

kernel32

VirtualAlloc
InitializeCriticalSection
SleepEx
LoadLibraryA
GetSystemDirectoryA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsW
RtlUnwind
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
OutputDebugStringW
GetStartupInfoW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
EncodePointer
lstrcpynW
GetLocalTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
MulDiv
ExitProcess
LockResource
FreeResource
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetACP
GetVersionExW
FormatMessageW
GetSystemInfo
GetCurrentThreadId
GetLongPathNameW
WideCharToMultiByte
GetProcessHeap
GetFullPathNameW
WriteConsoleW
DecodePointer
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
MultiByteToWideChar
CreateThread
Sleep
GetFileSize
ReadFile
CloseHandle
GetTempPathW
CreateFileW
DeleteFileW
lstrlenW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
ReleaseMutex
CreateMutexW
CreateDirectoryW
FindFirstFileW
WriteFile
FindClose
FileTimeToSystemTime
lstrcpyW
GetFileAttributesW
FindNextFileW
CopyFileW
MoveFileExW
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
OpenProcess
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
SetEndOfFile
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetTickCount
HeapAlloc
HeapReAlloc
HeapFree
HeapSize

advapi32

RegSetValueExW
RegOpenKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
RegQueryValueExW
OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
LookupAccountSidW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW

shlwapi

PathFileExistsW

gdi32

SetWindowOrgEx
GetObjectW
RestoreDC
CreateRoundRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
CreateRectRgn
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
PtInRegion
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchDIBits
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RectVisible
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreateBitmap
CombineRgn
CreateDIBSection
GetTextMetricsW

ws2_32

getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
__WSAFDIsSet
WSASetLastError
setsockopt
ntohs
htons
getsockopt
select
recvfrom
sendto
accept
listen
ioctlsocket
htonl
gethostbyname
gethostname
WSAStartup
WSACleanup
closesocket
socket
WSAGetLastError
recv
send
bind
connect
getpeername
getsockname

Sections

.text
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f5c445ea99436b4cd0f54b2e99ce345b

Code Sign

07Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:7a:4c:9e:3f:3d:34:c7:61:9f:c2:a9:7b:d7:90:eeCertificate

Extended Key Usages

Key Usages

0b:e6:3a:c9:92:ef:67:baCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:7a:4c:9e:3f:3d:34:c7:61:9f:c2:a9:7b:d7:90:eeCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

0b:e6:3a:c9:92:ef:67:baCertificate

Extended Key Usages

Key Usages

72:25:d8:bb:0c:5b:1f:66:86:0c:27:8a:bc:c1:fb:fa:4c:ce:d9:0b:5f:2c:a2:91:93:d9:0b:7f:2c:20:c9:f8Signer

06:2f:2f:01:ff:2d:7b:cc:dd:30:4f:cb:68:84:d2:3c:84:37:90:ccSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

oleaut32

comctl32

gdiplus

imm32

kernel32

advapi32

shell32

shlwapi

gdi32

ws2_32

Sections

.text Size: 923KB - Virtual size: 922KB

.rdata Size: 196KB - Virtual size: 196KB

.data Size: 9KB - Virtual size: 23KB

.rsrc Size: 279KB - Virtual size: 278KB

07
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:7a:4c:9e:3f:3d:34:c7:61:9f:c2:a9:7b:d7:90:ee
Certificate

0b:e6:3a:c9:92:ef:67:ba
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:7a:4c:9e:3f:3d:34:c7:61:9f:c2:a9:7b:d7:90:ee
Certificate

07
Certificate

0b:e6:3a:c9:92:ef:67:ba
Certificate

72:25:d8:bb:0c:5b:1f:66:86:0c:27:8a:bc:c1:fb:fa:4c:ce:d9:0b:5f:2c:a2:91:93:d9:0b:7f:2c:20:c9:f8
Signer

06:2f:2f:01:ff:2d:7b:cc:dd:30:4f:cb:68:84:d2:3c:84:37:90:cc
Signer

.text
Size: 923KB - Virtual size: 922KB

.rdata
Size: 196KB - Virtual size: 196KB

.data
Size: 9KB - Virtual size: 23KB

.rsrc
Size: 279KB - Virtual size: 278KB