General

Malware Config

Signatures

Files

• 89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9.zip

  .zip

  Password: infected

• 89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9.exe

  .exe windows:5 windows x86 arch:x86

  5e4731b579fcbf2ee2d5b665a7fef172

  
  

  Code Sign

  56:b6:29:cd:34:bc:78:f6

  Certificate

  Issuer

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  31-05-2017 18:14

  Not After

  30-05-2042 18:14

  Subject

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04

  Certificate

  Issuer

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  26-03-2019 17:44

  Not After

  22-03-2034 17:44

  Subject

  CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5

  Certificate

  Issuer

  CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  25-01-2024 16:51

  Not After

  24-01-2025 16:51

  Subject

  SERIALNUMBER=51 770 075,CN=A.P.Hernandez Consulting s.r.o.,O=A.P.Hernandez Consulting s.r.o.,L=Sered,ST=Trnava Region,C=SK,1.3.6.1.4.1.311.60.2.1.3=#1302534b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b

  Certificate

  Issuer

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  09-12-2022 18:30

  Not After

  06-12-2032 18:30

  Subject

  CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  13-11-2019 18:50

  Not After

  12-11-2034 18:50

  Subject

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3e:1e:76:ac:88:fc:cb:f9:7b:fa:db:60:18:ad:f6:ce:59:68:f0:65:40:1f:36:be:54:fd:d9:d6:75:55:d0:4b

  Signer

  Actual PE Digest

  3e:1e:76:ac:88:fc:cb:f9:7b:fa:db:60:18:ad:f6:ce:59:68:f0:65:40:1f:36:be:54:fd:d9:d6:75:55:d0:4b

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\work\msi\Git\MxMSI_Master\_MsiBuildSystem\bin\SfxMaker\stub_Release_Win32_v120_xp.pdb

  Imports

  kernel32

  LoadLibraryExW

  GlobalDeleteAtom

  lstrcmpA

  lstrcmpW

  GetPrivateProfileIntW

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GlobalAddAtomW

  LoadLibraryA

  EncodePointer

  GlobalFindAtomW

  GetFileSizeEx

  GetFileTime

  SystemTimeToFileTime

  GetFullPathNameW

  GetVolumeInformationW

  LockFile

  UnlockFile

  DuplicateHandle

  GetStringTypeExW

  GetThreadLocale

  GlobalFlags

  CompareStringW

  GetSystemDefaultUILanguage

  SetErrorMode

  GetUserDefaultLCID

  RtlUnwind

  CreateThread

  ExitThread

  GetCPInfo

  GetSystemTimeAsFileTime

  ExitProcess

  GetModuleHandleExW

  AreFileApisANSI

  IsDebuggerPresent

  IsProcessorFeaturePresent

  SetStdHandle

  GetFileType

  HeapQueryInformation

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  GetStartupInfoW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  UnhandledExceptionFilter

  GetCurrentThread

  TerminateProcess

  IsValidCodePage

  GetOEMCP

  GetStringTypeW

  GetTimeZoneInformation

  GetConsoleCP

  GetConsoleMode

  ReadConsoleW

  OutputDebugStringW

  GetDateFormatW

  GetTimeFormatW

  LCMapStringW

  IsValidLocale

  EnumSystemLocalesW

  WriteConsoleW

  SetEnvironmentVariableA

  FreeResource

  LocalReAlloc

  LocalAlloc

  GlobalHandle

  EnterCriticalSection

  GlobalReAlloc

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  LocalFree

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  OutputDebugStringA

  GetACP

  MulDiv

  GetVersion

  FindResourceExW

  lstrlenA

  CreateProcessW

  GetEnvironmentVariableW

  LoadLibraryW

  FreeLibrary

  EnumResourceNamesW

  SetFilePointerEx

  FlushFileBuffers

  ResumeThread

  SuspendThread

  GetThreadPriority

  SetThreadPriority

  GetDriveTypeW

  GetCommandLineW

  FormatMessageW

  GetLongPathNameW

  InitializeCriticalSectionAndSpinCount

  RaiseException

  GetProcessHeap

  LCMapStringA

  GetStringTypeExA

  FormatMessageA

  WaitForSingleObjectEx

  CreateEventA

  CreateSemaphoreA

  WaitForMultipleObjectsEx

  OpenEventA

  SetWaitableTimer

  CreateWaitableTimerA

  CreateTimerQueue

  SignalObjectAndWait

  SwitchToThread

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  GetThreadTimes

  FreeLibraryAndExitThread

  InitializeSListHead

  InterlockedPopEntrySList

  HeapSize

  HeapFree

  HeapReAlloc

  HeapAlloc

  DecodePointer

  Sleep

  GetExitCodeProcess

  GetDiskFreeSpaceExW

  MapViewOfFileEx

  GetFileAttributesExW

  GetFileAttributesW

  GetModuleFileNameW

  CreateFileMappingW

  UnmapViewOfFile

  GetCurrentProcess

  GetUserDefaultLangID

  GetUserDefaultUILanguage

  GetLocaleInfoW

  FindResourceW

  SizeofResource

  LoadResource

  LockResource

  WaitForMultipleObjects

  GetStdHandle

  GetFileInformationByHandle

  InterlockedPushEntrySList

  InterlockedFlushSList

  QueryDepthSList

  UnregisterWaitEx

  SetFilePointer

  SetEndOfFile

  ReadFile

  WriteFile

  GetFileSize

  FindNextFileW

  FindFirstFileW

  GetModuleHandleA

  GetLogicalDriveStringsW

  FindClose

  MoveFileW

  DeleteFileW

  SetFileAttributesW

  CreateFileW

  RemoveDirectoryW

  CreateDirectoryW

  GetCurrentDirectoryW

  GetTempPathW

  GetSystemDirectoryW

  GetModuleHandleW

  SetFileTime

  SetLastError

  GetProcAddress

  FileTimeToLocalFileTime

  CreateSemaphoreW

  CreateEventW

  CloseHandle

  WaitForSingleObject

  ReleaseSemaphore

  ResetEvent

  SetEvent

  InitializeCriticalSection

  GetLastError

  GetVersionExW

  VirtualFree

  VirtualAlloc

  FileTimeToSystemTime

  WideCharToMultiByte

  MultiByteToWideChar

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  DeleteCriticalSection

  LeaveCriticalSection

  SetUnhandledExceptionFilter

  user32

  IntersectRect

  GetSysColorBrush

  DestroyMenu

  SetWindowTextW

  MoveWindow

  ShowWindow

  GetMonitorInfoW

  MonitorFromWindow

  WinHelpW

  GetClassLongW

  SetWindowLongW

  EqualRect

  AdjustWindowRectEx

  RemovePropW

  GetPropW

  SetPropW

  SetForegroundWindow

  UpdateWindow

  SetMenu

  GetMenu

  GetCapture

  GetDlgCtrlID

  GetClassInfoExW

  GetClassInfoW

  CallWindowProcW

  DefWindowProcW

  GetMessageTime

  RealChildWindowFromPoint

  GetWindowTextLengthW

  SetFocus

  IsDialogMessageW

  GetTopWindow

  MessageBeep

  IsChild

  SetWindowContextHelpId

  WindowFromPoint

  GetLastActivePopup

  MessageBoxW

  PostQuitMessage

  LoadStringA

  CallNextHookEx

  SetWindowsHookExW

  ValidateRect

  DispatchMessageW

  TranslateMessage

  GetMessageW

  GetDesktopWindow

  SetActiveWindow

  IsWindowEnabled

  GetActiveWindow

  GetNextDlgTabItem

  EndDialog

  CreateDialogIndirectParamW

  DestroyWindow

  LoadBitmapW

  SetMenuItemInfoW

  GetMenuCheckMarkDimensions

  SetMenuItemBitmaps

  EnableMenuItem

  CheckMenuItem

  ClientToScreen

  EndPaint

  BeginPaint

  GetWindowDC

  CharNextW

  OffsetRect

  SetCapture

  ReleaseCapture

  CopyAcceleratorTableW

  InvalidateRgn

  SetRect

  RegisterClipboardFormatW

  PostThreadMessageW

  TabbedTextOutW

  GrayStringW

  DrawTextExW

  DrawTextW

  UnhookWindowsHookEx

  GetMessagePos

  GetMenuItemCount

  GetMenuItemID

  GetSubMenu

  SendDlgItemMessageA

  PtInRect

  IsRectEmpty

  DrawFrameControl

  ShowCaret

  HideCaret

  GetCursorPos

  SetCursor

  GetWindow

  GetParent

  GetWindowLongW

  MapWindowPoints

  GetWindowTextW

  GetForegroundWindow

  FlashWindowEx

  CreateWindowExW

  FillRect

  GetSysColor

  SystemParametersInfoW

  InvalidateRect

  DeleteMenu

  GetSystemMenu

  KillTimer

  SetTimer

  GetKeyState

  SetDlgItemTextW

  InflateRect

  CopyRect

  RedrawWindow

  GetFocus

  TrackMouseEvent

  ScreenToClient

  GetClientRect

  GetDlgItem

  EndDeferWindowPos

  DeferWindowPos

  BeginDeferWindowPos

  SetWindowPos

  IsWindow

  AllowSetForegroundWindow

  GetWindowThreadProcessId

  GetClassNameW

  MsgWaitForMultipleObjects

  PeekMessageW

  IsWindowVisible

  UnregisterClassW

  MapDialogRect

  LoadIconW

  LoadCursorW

  GetWindowRect

  ReleaseDC

  GetDC

  DefDlgProcW

  RegisterClassW

  ReplyMessage

  RegisterWindowMessageW

  LoadImageW

  GetSystemMetrics

  PostMessageW

  SendMessageW

  EnableWindow

  DestroyIcon

  CharUpperW

  GetNextDlgGroupItem

  LoadStringW

  gdi32

  SetWindowExtEx

  ScaleViewportExtEx

  ScaleWindowExtEx

  CreateRectRgnIndirect

  GetMapMode

  GetBkColor

  SetViewportExtEx

  GetRgnBox

  SetMapMode

  ExtTextOutW

  TextOutW

  SetTextColor

  GetTextColor

  SetBkColor

  ExtSelectClipRgn

  SaveDC

  RestoreDC

  RectVisible

  PtVisible

  GetWindowExtEx

  GetViewportExtEx

  GetStockObject

  GetClipBox

  ExcludeClipRect

  Escape

  DeleteDC

  CreateBitmap

  OffsetViewportOrgEx

  SetViewportOrgEx

  DeleteObject

  CreateFontIndirectW

  GetDeviceCaps

  GetObjectW

  SelectObject

  CreateSolidBrush

  winspool.drv

  OpenPrinterW

  DocumentPropertiesW

  ClosePrinter

  advapi32

  RegDeleteValueW

  RegEnumValueW

  RegQueryValueW

  RegEnumKeyW

  RegSetValueExW

  RegDeleteKeyW

  RegCreateKeyExW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  shell32

  SHOpenFolderAndSelectItems

  SHParseDisplayName

  SHGetSpecialFolderPathW

  SHCreateItemFromParsingName

  ShellExecuteExW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  ord165

  ShellExecuteW

  comctl32

  ord413

  ord410

  InitCommonControlsEx

  ord412

  shlwapi

  UrlCreateFromPathW

  PathCreateFromUrlAlloc

  UrlIsW

  PathFindExtensionW

  PathFindFileNameW

  PathIsUNCW

  PathStripToRootW

  ole32

  CreateILockBytesOnHGlobal

  CoFreeUnusedLibraries

  StgCreateDocfileOnILockBytes

  CoGetClassObject

  CLSIDFromProgID

  CLSIDFromString

  CoCreateGuid

  CoTaskMemAlloc

  StringFromCLSID

  CoTaskMemFree

  CoCreateInstance

  CoUninitialize

  CoInitialize

  StgOpenStorageOnILockBytes

  OleInitialize

  OleUninitialize

  CoRevokeClassObject

  OleFlushClipboard

  OleIsCurrentClipboard

  CoRegisterMessageFilter

  oleaut32

  OleCreateFontIndirect

  SysFreeString

  SysAllocString

  SysAllocStringLen

  VariantClear

  VariantCopy

  VariantInit

  VariantChangeType

  SysStringLen

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SafeArrayDestroy

  oledlg

  OleUIBusyW

  msi

  ord118

  ord48

  ord92

  ord171

  ord160

  ord159

  ord8

  ord32

  oleacc

  CreateStdAccessibleObject

  LresultFromObject

  Sections

  .text

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 274KB - Virtual size: 274KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 47KB - Virtual size: 91KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 2B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 76KB - Virtual size: 76KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ