Themed hotel rooms[.]zip

Resubmissions

18/01/2024, 23:05

240118-22z4kaebcl 3

18/01/2024, 22:55

240118-2walqadcfq 3

Sharing

Copy URL Twitter E-mail

General

Target

Themed hotel rooms.zip
Size

1.1MB
MD5

9b6fe160b557d00e56b07641e9f8e017
SHA1

5fd01eed214acfcf46d74711fae79c6ca13cb4d3
SHA256

512c5c76eaef3fb1168fa55a811a1c3e4f4696520bb9d69f114504cfb81bd9f4
SHA512

8a159c135a2827ef51537eccae11357fd579d93a3274ff60e5d7938c568f163e3c94435bfbd038abf51c6009d0305c493de90850ba4c247ef69f4b1e0af49476
SSDEEP

24576:5gOuCRnZZ3vPtFzjnYs02I07rFr/KyjVp2CVjmzm+aaK:55FxfPY1pyCz/aaK

Score

1^/10

Malware Config

Signatures

Files

Themed hotel rooms.zip
.zip

Password: 123456
Photo_12.01.2024.scr
.exe windows:5 windows x86 arch:x86

Password: 123456

afe9d238e315d9482832f52d54aeafe0

Code Sign

15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:df
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

18/12/2023, 20:19

Not After

17/12/2024, 20:19

Subject

SERIALNUMBER=50103549581,CN=GL Solutions SIA,O=GL Solutions SIA,L=Lielvārde,ST=Lielvārde Municipality,C=LV,1.3.6.1.4.1.311.60.2.1.3=#13024c56,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:e1:6c:8d:b0:a6:20:a8:6d:83:8f:02:ef:ad:33:b3:d8:23:14:01:77:1d:77:d8:21:e0:74:d7:a7:dc:73:dd
Signer

Actual PE Digest

c6:e1:6c:8d:b0:a6:20:a8:6d:83:8f:02:ef:ad:33:b3:d8:23:14:01:77:1d:77:d8:21:e0:74:d7:a7:dc:73:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
LocalCompact
GetTickCount
LocalFlags
GetConsoleAliasesA
LoadLibraryW
GetLocaleInfoW
HeapDestroy
GetAtomNameW
IsBadStringPtrA
SetConsoleTitleA
WritePrivateProfileStringW
RaiseException
InterlockedExchange
GetLastError
SetLastError
TlsGetValue
SetComputerNameA
LoadLibraryA
OpenWaitableTimerW
LocalAlloc
GetTapeParameters
GetModuleFileNameA
EraseTape
FreeEnvironmentStringsW
CompareStringA
SetCalendarInfoA
LocalFree
SetFileAttributesW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetProcAddress
GetEnvironmentVariableW
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
Sleep
HeapSize
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
IsValidLocale

user32

GetKeyNameTextA
GetMonitorInfoA
SetActiveWindow

advapi32

OpenEventLogA

Sections

.text
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123456

Password: 123456

afe9d238e315d9482832f52d54aeafe0

Code Sign

15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:dfCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

c6:e1:6c:8d:b0:a6:20:a8:6d:83:8f:02:ef:ad:33:b3:d8:23:14:01:77:1d:77:d8:21:e0:74:d7:a7:dc:73:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 418KB - Virtual size: 417KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 7KB - Virtual size: 14KB

.tls Size: 2KB - Virtual size: 2KB

.rsrc Size: 43KB - Virtual size: 135KB

15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:df
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

c6:e1:6c:8d:b0:a6:20:a8:6d:83:8f:02:ef:ad:33:b3:d8:23:14:01:77:1d:77:d8:21:e0:74:d7:a7:dc:73:dd
Signer

.text
Size: 418KB - Virtual size: 417KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 7KB - Virtual size: 14KB

.tls
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 43KB - Virtual size: 135KB