aaaaa[.]zip | Triage

Resubmissions

05/03/2024, 07:54

240305-jrncxaaa9y 8

05/03/2024, 07:41

240305-jjcw7shg91 8

05/03/2024, 07:30

240305-jb73daae35 6

04/03/2024, 19:35

240304-ya5m7abc3y 8

Sharing

Copy URL

Twitter E-mail

General

Target

aaaaa.zip
Size

1.1MB
MD5

35b4197da39e0b243d91fef36781a5a6
SHA1

84fce0b5b629c19a67e342a7e8d6782e2d9c2a84
SHA256

466c27f1f8fb220d304e270a9f44d5a90e565471b5668d1e0d16419fced4661d
SHA512

4de10d07f659e44a032fd8543094fec005872d974c8f64c131b0f41553d63ef32ad72f41c841a641f71ece0274e0e129adca391bafe609035eddd55e2d26cd45
SSDEEP

24576:XY2dKlUaRYQ8eKQmYru12MgMQHFKPdTA1czKJsxGdi2u7Bedd09ymM:I2GdRYQ8eKQBU2MgMQ4PFkdu7Be09ymM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/russian_trusted_sub_ca.cer.exe

Files

aaaaa.zip
.zip

Password: QQQQQ1
russian_trusted_sub_ca.cer.exe
.exe windows:6 windows x64 arch:x64

Password: QQQQQ1

12518aa945f42f9edf5ba573eb288320

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PostQueuedCompletionStatus
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CancelWaitableTimer
Sleep
WaitForMultipleObjects
GetProcessTimes
GetThreadPriorityBoost
GetThreadPriority
GetProcessVersion
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadContext
FlushInstructionCache
GetThreadTimes
OpenProcess
IsProcessorFeaturePresent
GetProcessHandleCount
GetProcessPriorityBoost
SetProcessPriorityBoost
GetThreadIOPendingFlag
GetSystemInfo
SetSystemTimeAdjustment
CreateFileMappingW
FlushViewOfFile
SetProcessWorkingSetSize
GetWriteWatch
ResetWriteWatch
CreateMemoryResourceNotification
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
DisableThreadLibraryCalls
FreeResource
GetModuleFileNameA
GetModuleFileNameW
LockResource
GlobalSize
GlobalUnlock
GlobalCompact
GlobalUnfix
GlobalUnWire
LocalUnlock
LocalShrink
LocalCompact
GetProcessAffinityMask
GetProcessIoCounters
ConvertFiberToThread
CreateFiberEx
CreateFiber
ConvertThreadToFiber
PulseEvent
GlobalDeleteAtom
InitAtomTable
DeleteAtom
SetHandleCount
SetMessageWaitingIndicator
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommMask
GetCommModemStatus
GetCommTimeouts
TransmitCommChar
PrepareTape
EraseTape
CreateTapePartition
GetTapeStatus
EncodeSystemPointer
GetMailslotInfo
SetMailslotInfo
AddAtomW
GetNamedPipeHandleStateA
MapUserPhysicalPagesScatter
CreateIoCompletionPort
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
WriteFile
RtlPcToFileHeader
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
SetFileValidData
SetFilePointer
SetEndOfFile
GetLogicalDrives
GetFileTime
GetFileType
GetFileSizeEx
GetFileInformationByHandle
GetFileAttributesExW
FlushFileBuffers
GetProcessHeap
GetNamedPipeHandleStateW
GetNamedPipeInfo
PeekNamedPipe
DisconnectNamedPipe
SetLastError
SetHandleInformation
WriteConsoleW
FindNextChangeNotification
FindFirstFileExW
CreateFileW
SetStdHandle
GetStdHandle
HeapCreate
MultiByteToWideChar
DecodeSystemPointer
MulDiv
WideCharToMultiByte

user32

GetCursorPos
EnableWindow
IsWindow
DestroyCursor
GetWindowPlacement
DialogBoxParamA
CreatePopupMenu
GetSystemMetrics
EndDialog
PostMessageA
SetActiveWindow
CheckRadioButton
SetWindowPos
DestroyWindow
LoadCursorA
GetMenu
GetWindowRect
DispatchMessageA
CheckMenuRadioItem
GetMessageA
PostQuitMessage
GetSystemMenu
CharLowerBuffA
ChildWindowFromPoint
DefDlgProcA
InvalidateRect
InsertMenuItemA
FindWindowA
SetDlgItemInt
EnableMenuItem
GetSysColorBrush
CheckDlgButton
OpenClipboard
TranslateAcceleratorA
TrackPopupMenu
wsprintfA
GetSubMenu
KillTimer
UnregisterClassA
GetDlgItem
GetClientRect
CheckMenuItem
RemoveMenu
AppendMenuA
CharUpperA
LoadIconA
CreateDialogParamA
SetCursor
SetClipboardData
SendMessageA
SetDlgItemTextA
GetClassInfoA
SendDlgItemMessageA
GetClipboardData
TranslateMessage
SetFocus
DestroyMenu
RegisterClassA
IsDlgButtonChecked
EnumClipboardFormats
MoveWindow
GetSysColor
MessageBoxA
SetWindowTextA
wvsprintfA
SetWindowPlacement
GetWindowLongA
LoadAcceleratorsA
GetWindowTextA
EmptyClipboard
DestroyAcceleratorTable
CallWindowProcA
CloseClipboard
ClientToScreen
SetWindowLongA
IsMenu
SetMenuItemInfoA
IsDialogMessageA
DestroyIcon
RedrawWindow
SetTimer
GetDlgItemTextA
GetActiveWindow

gdi32

DeleteObject
CreateFontIndirectA
SetBkMode
SetTextColor
GetStockObject
SelectObject
GetObjectA

winspool.drv

EnumPrinterKeyW
GetPrinterDataExW
EnumPrintersW
ResetPrinterW
SetJobW
GetJobW
EnumJobsW
SetPrinterW
GetPrinterW
FlushPrinter
GetPrinterDataW
EnumPrinterDataExW
SetPrinterDataW
ConnectToPrinterDlg
SetPortW
ConfigurePortW
EnumFormsW
SetFormW
GetFormW
SetPrinterDataExW

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCreateKeyA
AdjustTokenPrivileges
RegCloseKey
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
LookupPrivilegeValueA
GetUserNameA
OpenProcessToken

shell32

SHBindToParent
ord716
SHParseDisplayName
SHGetSettings
ord176
ord6
ord47
ord88
SHGetDataFromIDListW
SHGetInstanceExplorer
ord645
ord4
ord2
SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
ord154
ord190
ord27
ord23
ord21
ord17
ord16
CommandLineToArgvW
DragQueryPoint
DragFinish
ShellExecuteW
FindExecutableW
ShellAboutW
DuplicateIcon
ExtractAssociatedIconW
ExtractIconW
SHFileOperationW
ShellExecuteExW
Shell_NotifyIconW
SHGetDiskFreeSpaceExA
ord180
SHIsFileAvailableOffline
ord245
ord727
ord18
ord25
ord24

comctl32

ImageList_Destroy
ImageList_Remove
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon

userenv

GetProfilesDirectoryW
GetUserProfileDirectoryW

dxgi

CreateDXGIFactory

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: QQQQQ1

Password: QQQQQ1

12518aa945f42f9edf5ba573eb288320

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

comctl32

userenv

dxgi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 42KB - Virtual size: 50KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 589KB - Virtual size: 588KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 42KB - Virtual size: 50KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 589KB - Virtual size: 588KB

.reloc
Size: 2KB - Virtual size: 1KB