fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.zip
Size

678KB
MD5

1e352ba666136dad506efba594b9f751
SHA1

980feb0dff2420de7e87d91495b344de61efc977
SHA256

bcabc3f244e2bd0754c776aa430de16340149102f9d929cff643465976145ce4
SHA512

8a78bc04806345bee5850b34096eb2a9843baf8c373556641f8664a17d6cc6d30e115f965f5855380cf342182bb8ff7b104d830db186d3026eced7c991081542
SSDEEP

12288:xHMT7Ktg916Jme5VUUXit/Em7/lKpYHyqWw9/BsK1Uz9TtZRa1CKpGQp:ivKtg916Jt5Xyt/hRKpYHyqWw9/BIz9Y

Score

1^/10

Malware Config

Signatures

Files

fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.zip
.zip

Password: infected
fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe
.exe windows:5 windows x64 arch:x64

Password: infected

a638f6b413d02de0f382750aa46eeb04

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31-05-2017 18:14

Not After

30-05-2042 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:3f:0b:f2:68:62:26:3d:ac:49:60:33:f5:05:94:cb
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

15-12-2023 14:59

Not After

14-12-2024 14:59

Subject

SERIALNUMBER=12713418,CN=SOFTWARE MEDICAL DEVICES LIMITED,O=SOFTWARE MEDICAL DEVICES LIMITED,L=Tadworth,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09-12-2022 18:30

Not After

06-12-2032 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:8e:26:53:65:a2:b6:72:66:08:df:22:5f:dc:a5:6f:f9:90:b1:57:8c:b9:ea:11:a2:89:2d:4f:08:77:8c:d4
Signer

Actual PE Digest

a1:8e:26:53:65:a2:b6:72:66:08:df:22:5f:dc:a5:6f:f9:90:b1:57:8c:b9:ea:11:a2:89:2d:4f:08:77:8c:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapQueryInformation
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiW
GetStringTypeExW
FileTimeToSystemTime
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
GlobalGetAtomNameW
lstrlenA
lstrcmpA
GetCurrentProcessId
WideCharToMultiByte
FormatMessageW
LocalFree
lstrlenW
CompareStringW
LoadLibraryA
lstrcmpW
MultiByteToWideChar
GetVersionExA
ExitThread
ReadFile
GetFileSize
CreateProcessW
GetShortPathNameW
CreateThread
TerminateProcess
SetPriorityClass
GetPriorityClass
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetLastError
SetLastError
MulDiv
GetVersionExW
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
FreeResource
GetModuleHandleW
IsBadReadPtr
ReadProcessMemory
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
GetSystemInfo
OpenProcess
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
VirtualAlloc
CloseHandle
CreateFileW
RtlCaptureContext

user32

PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
GetSysColorBrush
UnregisterClassW
CharUpperW
CharNextW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
GetClassLongPtrW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
UpdateWindow
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
SetWindowLongW
SystemParametersInfoA
GetWindowTextLengthW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
PostMessageW
EnumChildWindows
IsWindowEnabled
GetWindowTextW
EnumWindows
GetWindowThreadProcessId
SetForegroundWindow
TranslateMDISysAccel
DrawIcon
IsIconic
SetRectEmpty
ReleaseCapture
SetFocus
SetCapture
PtInRect
GetCursorPos
IsChild
GetFocus
MenuItemFromPoint
EndPaint
BeginPaint
ValidateRect
DefWindowProcW
DrawMenuBar
SetMenu
DestroyMenu
CallNextHookEx
SetPropW
GetClassNameW
CallWindowProcW
RemovePropW
GetPropW
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetLayeredWindowAttributes
SetWindowLongPtrW
IntersectRect
CreatePopupMenu
DeleteMenu
RedrawWindow
ClientToScreen
IsRectEmpty
GetMenuState
LoadMenuW
GetDesktopWindow
ModifyMenuW
AppendMenuW
GetMenuDefaultItem
DrawFocusRect
DrawEdge
GetMessagePos
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
InflateRect
DrawStateW
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenu
WindowFromDC
GetMenuInfo
GetKeyNameTextW
MapVirtualKeyW
CopyAcceleratorTableW
DestroyIcon
GetIconInfo
CopyImage
FillRect
GetWindowLongPtrW
OffsetRect
GetWindowRect
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
LoadAcceleratorsW
WindowFromPoint
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemRect
SetMenuInfo
IsMenu
GetWindowDC
IsWindowVisible
SetMenuItemBitmaps
GetMenuItemCount
GetWindowLongW
GetSystemMetrics
CopyRect
SetRect
LoadBitmapW
SetTimer
SetWindowPlacement
GetWindowPlacement
MoveWindow
GetWindow
IsDialogMessageW
IsWindow
GetMessageW
ShowWindow
SetWindowTextW
CreateDialogParamW
EndDialog
InvalidateRect
TrackMouseEvent
SetCursor
ShowCursor
GetSysColor
LoadCursorW
SetDlgItemTextW
GetParent
GetDlgItemTextW
LoadIconW
ReleaseDC
GetDC
wsprintfW
GetClientRect
SetWindowPos
CreateWindowExW
SendMessageW
EnableWindow
DispatchMessageW
TranslateMessage
SetParent

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
GetStockObject
GetMapMode
GetBkColor
GetRgnBox
ExcludeClipRect
IntersectClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
PatBlt
DPtoLP
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
DeleteObject
SetBrushOrgEx
UnrealizeObject
Rectangle
PtVisible
RectVisible
Escape
RoundRect
GetNearestColor
SetWindowOrgEx
CreateSolidBrush
CreatePatternBrush
CreateCompatibleBitmap
GetTextColor
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
MoveToEx
SetTextAlign
GetLayout
CreateFontIndirectW
GetTextMetricsW
GetTextAlign
GetCurrentObject
SetPixel
GetPixel
SetBkColor
CreateBitmap
GetObjectW
GetDeviceCaps
TextOutW
GetTextExtentPoint32W
CreatePen
CreateFontW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateRectRgn

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
DragFinish
DragQueryFileW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Add
InitCommonControlsEx
ImageList_Destroy

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString

psapi

EnumProcesses
GetModuleInformation
GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a638f6b413d02de0f382750aa46eeb04

Code Sign

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

4a:3f:0b:f2:68:62:26:3d:ac:49:60:33:f5:05:94:cbCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

a1:8e:26:53:65:a2:b6:72:66:08:df:22:5f:dc:a5:6f:f9:90:b1:57:8c:b9:ea:11:a2:89:2d:4f:08:77:8c:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

version

Sections

.text Size: 515KB - Virtual size: 515KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 17KB - Virtual size: 42KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 523KB - Virtual size: 523KB

56:b6:29:cd:34:bc:78:f6
Certificate

4a:3f:0b:f2:68:62:26:3d:ac:49:60:33:f5:05:94:cb
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

a1:8e:26:53:65:a2:b6:72:66:08:df:22:5f:dc:a5:6f:f9:90:b1:57:8c:b9:ea:11:a2:89:2d:4f:08:77:8c:d4
Signer

.text
Size: 515KB - Virtual size: 515KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 17KB - Virtual size: 42KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 523KB - Virtual size: 523KB