hw[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

hw.zip
Size

383KB
MD5

c6923301274e830c9c4231c12deced87
SHA1

3ebb18609a94ee68a2163df671021af0e6ae4e31
SHA256

481b76d724b3b1e50d2fd8c463ff26f7c24d43a1cbde081d01d46dc3bc28d989
SHA512

69344379b6c1003884e35beeb9abbd7e43861b7cd6c7e7a866cff56a1c324cec4f3ebce17db056893dd64731b7536aef35963cf146f94a8bca4bb0d89139c8c2
SSDEEP

6144:FzNcsNYlL2WrIntIHieW1Y9JitJwahJVfj5RF4bqI8Xx+79FxAoCaMRxOt4C4L1Y:dysNY4Wr/ieW1SitJH/Vf+bfes9FxrCO

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hwlib32.dll
unpack001/netlib.dll

Files

hw.zip
.zip
HardwareAnalyzer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:f5:82:36:5b:4e:30:d5:29:7a:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:31C5-30BA-7C91,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:98:ac:8d:b1:64:b6:2e:c5:56:1e:a0:ce:cb:40:4b:6a:c1:05:fb:d2:fc:6f:9b:87:99:e5:83:28:c4:50:21
Signer

Actual PE Digest

bf:98:ac:8d:b1:64:b6:2e:c5:56:1e:a0:ce:cb:40:4b:6a:c1:05:fb:d2:fc:6f:9b:87:99:e5:83:28:c4:50:21

Digest Algorithm

sha256

PE Digest Matches

true

3f:30:13:a2:ff:b7:3e:fd:bd:a5:c9:11:0b:2d:30:3e:58:ce:be:1b
Signer

Actual PE Digest

3f:30:13:a2:ff:b7:3e:fd:bd:a5:c9:11:0b:2d:30:3e:58:ce:be:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HardwareAnalyzer.exe.config
HardwareAnalyzer.exe.manifest
hwlib32.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hwlib32.manifest
netlib.dll
.dll windows:6 windows x64 arch:x64

7e7d53d50cde087bbec1e11952e1efcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
_fileno
_setmode
fflush
fputc
fwrite

api-ms-win-crt-environment-l1-1-0

__p__environ
_putenv
_wgetenv
_wputenv
getenv

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_seh_filter_dll
abort
exit
signal
terminate

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc

api-ms-win-crt-convert-l1-1-0

mbstowcs_s
strtod
wcstombs

api-ms-win-crt-string-l1-1-0

memset
strlen
wcsncmp

kernel32

AllocConsole
CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeConsole
FreeLibrary
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject

Exports

Exports

initialize

Sections

.text
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:f5:82:36:5b:4e:30:d5:29:7a:00:00:00:00:00:f5Certificate

Extended Key Usages

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate

Extended Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

bf:98:ac:8d:b1:64:b6:2e:c5:56:1e:a0:ce:cb:40:4b:6a:c1:05:fb:d2:fc:6f:9b:87:99:e5:83:28:c4:50:21Signer

3f:30:13:a2:ff:b7:3e:fd:bd:a5:c9:11:0b:2d:30:3e:58:ce:be:1bSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 131KB - Virtual size: 131KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 672B

.reloc Size: 512B - Virtual size: 12B

7e7d53d50cde087bbec1e11952e1efcf

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 626KB - Virtual size: 625KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 62KB - Virtual size: 419KB

.pdata Size: 23KB - Virtual size: 23KB

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:00:f5:82:36:5b:4e:30:d5:29:7a:00:00:00:00:00:f5
Certificate

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

bf:98:ac:8d:b1:64:b6:2e:c5:56:1e:a0:ce:cb:40:4b:6a:c1:05:fb:d2:fc:6f:9b:87:99:e5:83:28:c4:50:21
Signer

3f:30:13:a2:ff:b7:3e:fd:bd:a5:c9:11:0b:2d:30:3e:58:ce:be:1b
Signer

.text
Size: 131KB - Virtual size: 131KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 672B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 626KB - Virtual size: 625KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 62KB - Virtual size: 419KB

.pdata
Size: 23KB - Virtual size: 23KB

.reloc
Size: 4KB - Virtual size: 4KB