1706520846660[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

1706520846660.zip
Size

263KB
MD5

c825a95e6eaf37b68ae8d9066d3f0cb1
SHA1

6519e4a8baaeace3516dee1f754f25536f8c00ab
SHA256

53e1eb0217038b9b47c5f2ae565927c59941713e2f9b8711e6d49ba6b80db6b2
SHA512

0fc4ab3939db8f1b0ff994d1cec9d170f61e66f9b1c2ff129238f91c339dc7eef24c186b598870429d3afd80664981aef853653a49182e4cadfaf809e6e58d55
SSDEEP

6144:L1kQUJbidlj7XSCfuwStzRjFkavdzPKnasx6gqxRbo5U:L1rUVAx7rfBKReGAas9qxT

Score

1^/10

Malware Config

Signatures

Files

1706520846660.zip
.zip

Password: cautionhandlewithcare
avremove.exe
.exe windows:5 windows x64 arch:x64

Password: cautionhandlewithcare

273688b8e51c8e3096da7909c037331f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:1e:84:b0:21:b5:8a:47:29:d1:06:9b:a2:84:80:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14-08-2013 00:00

Not After

12-10-2016 23:59

Subject

CN=Quick Heal Technologies (Pvt) Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Quick Heal Technologies (Pvt) Ltd.,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:9b:4d:7b:e5:85:ad:43:ba:7d:11:cc:cc:39:49:ee:5f:31:0c:15
Signer

Actual PE Digest

c4:9b:4d:7b:e5:85:ad:43:ba:7d:11:cc:cc:39:49:ee:5f:31:0c:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\WORKINGDIR\cat\projects\qh\qh2014\toolsrc\qhremove\x64\Release\avremove.pdb

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

shlwapi

SHDeleteKeyW
SHDeleteValueW
SHDeleteKeyA

msi

ord189
ord141
ord112

kernel32

GetCurrentThread
GetModuleHandleA
GetCommandLineW
LoadLibraryW
GetSystemDirectoryW
LoadLibraryExW
FindClose
FindNextFileW
DeleteFileW
MoveFileExW
RemoveDirectoryW
FindFirstFileW
GetDiskFreeSpaceA
CopyFileW
CreateDirectoryW
GetEnvironmentVariableW
CreateEventW
RemoveDirectoryA
FindNextFileA
MoveFileExA
DeleteFileA
SetFileAttributesA
FindFirstFileA
SetEvent
OpenEventA
GetFileAttributesA
LocalAlloc
Sleep
SetFilePointer
ReadFile
CreateFileA
WriteFile
VerSetConditionMask
GetVersionExA
IsProcessorFeaturePresent
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
GetCurrentThreadId
GetCurrentProcessId
GetLongPathNameA
FatalAppExitA
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LocalFree
MultiByteToWideChar
LoadLibraryA
GetCurrentProcess
GetLongPathNameW
WideCharToMultiByte
GetModuleFileNameW
GetLastError
GetModuleFileNameA
OpenProcess
TerminateProcess
CloseHandle
GetSystemWindowsDirectoryA
GetShortPathNameA
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryExA
FreeLibrary
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetConsoleCtrlHandler
HeapSize
GetLocaleInfoW
CompareStringA
CompareStringW
SetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
ExitProcess
GetModuleHandleW
GetProcessHeap
SetEndOfFile
GetStdHandle
HeapFree
HeapReAlloc
GetFileAttributesW
GetFileType
CreateFileW
HeapAlloc
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
GetConsoleCP
GetConsoleMode
GetDateFormatA
GetTimeFormatA
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
SetStdHandle
SetHandleCount

user32

GetActiveWindow
LoadBitmapA
LoadStringA
LoadStringW
GetSystemMetrics
FindWindowA
MessageBoxA
SendMessageA

advapi32

InitializeSecurityDescriptor
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
DeleteService
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExW
QueryServiceStatusEx
QueryServiceConfigA
RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
GetUserNameA

shell32

SHFileOperationA
SHGetFolderPathA
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
avremove.exe.METADATA

Sharing

General

Malware Config

Signatures

Files

Password: cautionhandlewithcare

Password: cautionhandlewithcare

273688b8e51c8e3096da7909c037331f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

1b:1e:84:b0:21:b5:8a:47:29:d1:06:9b:a2:84:80:bbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c4:9b:4d:7b:e5:85:ad:43:ba:7d:11:cc:cc:39:49:ee:5f:31:0c:15Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

shlwapi

msi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 96KB - Virtual size: 96KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

1b:1e:84:b0:21:b5:8a:47:29:d1:06:9b:a2:84:80:bb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c4:9b:4d:7b:e5:85:ad:43:ba:7d:11:cc:cc:39:49:ee:5f:31:0c:15
Signer

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 96KB - Virtual size: 96KB