89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9.zip
Size

1.2MB
MD5

16274f8fffd4e953f46c3ffc13fb7045
SHA1

5257883f429eaa1fc2fb25070837991930cdfc36
SHA256

f635f614efe260dae8f643cf75b52e3061779c47fd049775bfe50817226bbdc0
SHA512

dd2c16f71d36dcb8ff322834e7e5766170119a8c2c6673050b9285c7aab034d77ac3a6f72fdd45634e97083a21a288cc98f88dd0d8e030e88dee7b439b0d6de2
SSDEEP

24576:21puk+Inpd5Vq3289VVd31MxN1QjmBGFO1qDCGlmJDi0Gpxs1QJw:i7d50328zV5+1OcwOEDCGYQhpOH

Score

8^/10

dave

Malware Config

Signatures

Dave packer 1 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

dave

resource	yara_rule
static1/unpack001/89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9.exe	dave

Files

89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9.zip
.zip

Password: infected
89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9.exe
.exe windows:5 windows x86 arch:x86

Password: infected

5e4731b579fcbf2ee2d5b665a7fef172

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31-05-2017 18:14

Not After

30-05-2042 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

25-01-2024 16:51

Not After

24-01-2025 16:51

Subject

SERIALNUMBER=51 770 075,CN=A.P.Hernandez Consulting s.r.o.,O=A.P.Hernandez Consulting s.r.o.,L=Sered,ST=Trnava Region,C=SK,1.3.6.1.4.1.311.60.2.1.3=#1302534b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09-12-2022 18:30

Not After

06-12-2032 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:1e:76:ac:88:fc:cb:f9:7b:fa:db:60:18:ad:f6:ce:59:68:f0:65:40:1f:36:be:54:fd:d9:d6:75:55:d0:4b
Signer

Actual PE Digest

3e:1e:76:ac:88:fc:cb:f9:7b:fa:db:60:18:ad:f6:ce:59:68:f0:65:40:1f:36:be:54:fd:d9:d6:75:55:d0:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\msi\Git\MxMSI_Master\_MsiBuildSystem\bin\SfxMaker\stub_Release_Win32_v120_xp.pdb

Imports

kernel32

LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
LoadLibraryA
EncodePointer
GlobalFindAtomW
GetFileSizeEx
GetFileTime
SystemTimeToFileTime
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
GetStringTypeExW
GetThreadLocale
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
RtlUnwind
CreateThread
ExitThread
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
GetFileType
HeapQueryInformation
GetSystemInfo
VirtualProtect
VirtualQuery
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentThread
TerminateProcess
IsValidCodePage
GetOEMCP
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
FreeResource
LocalReAlloc
LocalAlloc
GlobalHandle
EnterCriticalSection
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
GetACP
MulDiv
GetVersion
FindResourceExW
lstrlenA
CreateProcessW
GetEnvironmentVariableW
LoadLibraryW
FreeLibrary
EnumResourceNamesW
SetFilePointerEx
FlushFileBuffers
ResumeThread
SuspendThread
GetThreadPriority
SetThreadPriority
GetDriveTypeW
GetCommandLineW
FormatMessageW
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
LCMapStringA
GetStringTypeExA
FormatMessageA
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
InterlockedPopEntrySList
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
Sleep
GetExitCodeProcess
GetDiskFreeSpaceExW
MapViewOfFileEx
GetFileAttributesExW
GetFileAttributesW
GetModuleFileNameW
CreateFileMappingW
UnmapViewOfFile
GetCurrentProcess
GetUserDefaultLangID
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceW
SizeofResource
LoadResource
LockResource
WaitForMultipleObjects
GetStdHandle
GetFileInformationByHandle
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
FindNextFileW
FindFirstFileW
GetModuleHandleA
GetLogicalDriveStringsW
FindClose
MoveFileW
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
GetModuleHandleW
SetFileTime
SetLastError
GetProcAddress
FileTimeToLocalFileTime
CreateSemaphoreW
CreateEventW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetLastError
GetVersionExW
VirtualFree
VirtualAlloc
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter

user32

IntersectRect
GetSysColorBrush
DestroyMenu
SetWindowTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetClassLongW
SetWindowLongW
EqualRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetClassInfoExW
GetClassInfoW
CallWindowProcW
DefWindowProcW
GetMessageTime
RealChildWindowFromPoint
GetWindowTextLengthW
SetFocus
IsDialogMessageW
GetTopWindow
MessageBeep
IsChild
SetWindowContextHelpId
WindowFromPoint
GetLastActivePopup
MessageBoxW
PostQuitMessage
LoadStringA
CallNextHookEx
SetWindowsHookExW
ValidateRect
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
CharNextW
OffsetRect
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
SetRect
RegisterClipboardFormatW
PostThreadMessageW
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
GetMessagePos
GetMenuItemCount
GetMenuItemID
GetSubMenu
SendDlgItemMessageA
PtInRect
IsRectEmpty
DrawFrameControl
ShowCaret
HideCaret
GetCursorPos
SetCursor
GetWindow
GetParent
GetWindowLongW
MapWindowPoints
GetWindowTextW
GetForegroundWindow
FlashWindowEx
CreateWindowExW
FillRect
GetSysColor
SystemParametersInfoW
InvalidateRect
DeleteMenu
GetSystemMenu
KillTimer
SetTimer
GetKeyState
SetDlgItemTextW
InflateRect
CopyRect
RedrawWindow
GetFocus
TrackMouseEvent
ScreenToClient
GetClientRect
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
IsWindow
AllowSetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
MsgWaitForMultipleObjects
PeekMessageW
IsWindowVisible
UnregisterClassW
MapDialogRect
LoadIconW
LoadCursorW
GetWindowRect
ReleaseDC
GetDC
DefDlgProcW
RegisterClassW
ReplyMessage
RegisterWindowMessageW
LoadImageW
GetSystemMetrics
PostMessageW
SendMessageW
EnableWindow
DestroyIcon
CharUpperW
GetNextDlgGroupItem
LoadStringW

gdi32

SetWindowExtEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetBkColor
SetViewportExtEx
GetRgnBox
SetMapMode
ExtTextOutW
TextOutW
SetTextColor
GetTextColor
SetBkColor
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateBitmap
OffsetViewportOrgEx
SetViewportOrgEx
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SelectObject
CreateSolidBrush

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHOpenFolderAndSelectItems
SHParseDisplayName
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
ShellExecuteW

comctl32

ord413
ord410
InitCommonControlsEx
ord412

shlwapi

UrlCreateFromPathW
PathCreateFromUrlAlloc
UrlIsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW

ole32

CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
StgOpenStorageOnILockBytes
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
VariantCopy
VariantInit
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy

oledlg

OleUIBusyW

msi

ord118
ord48
ord92
ord171
ord160
ord159
ord8
ord32

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5e4731b579fcbf2ee2d5b665a7fef172

Code Sign

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

3e:1e:76:ac:88:fc:cb:f9:7b:fa:db:60:18:ad:f6:ce:59:68:f0:65:40:1f:36:be:54:fd:d9:d6:75:55:d0:4bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

msi

oleacc

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 47KB - Virtual size: 91KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 76KB - Virtual size: 76KB

56:b6:29:cd:34:bc:78:f6
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

3e:1e:76:ac:88:fc:cb:f9:7b:fa:db:60:18:ad:f6:ce:59:68:f0:65:40:1f:36:be:54:fd:d9:d6:75:55:d0:4b
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 47KB - Virtual size: 91KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 76KB - Virtual size: 76KB