Software_1[.]30[.]1[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Software_1.30.1.rar
Size

15.9MB
MD5

3b9e43b4e9fe5f10c5efb9bb6e622554
SHA1

da9f863503697d6c3c04f648b260886c04442b0a
SHA256

d2f9aaec30a7e98706e17b8217e8e106d983cc48ce11bfedf7f1448f998cdb72
SHA512

903e96cb97804e01bce86ab11582a28051f7a85527822c612923d0bf4155c7615577bfc26f5b985d63b6745079272e853128709d040da16bcd492a3a8f7baabc
SSDEEP

393216:JR3LndlFEe69AU+mqg4Rd6EfQkalpfv18+vxCbqqyjn1gZiLG1Czr:JRbndvEe67+mqZdIXlpf9Hoq91ciLG1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Packaged/Software_1.30.1.exe

Files

Software_1.30.1.rar
.rar

Password: 3578
Debug/Addition.dll
Debug/Autoupdater.ini
Debug/Cracker.dll
Debug/DebugPPF.tmp
Debug/DebugPPT.tmp
Debug/Helper.dll
Debug/Management.log
Debug/Resource.dll
Debug/main.ini
Language.pimx
Main.ini
Packaged/Main.ini
.xml
Packaged/Resource.dll
Packaged/Software_1.30.1.exe
.exe windows:4 windows x86 arch:x86

Password: 3578

d9861d0d8a03a6f1ddfc473aaecbc98f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
sprintf
_adjust_fdiv
ldiv
floor
fclose
fgets
ftell
_get_osfhandle
fopen
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_exit
fgetc
fseek
strncat
_wtol
wcsspn
isupper
wcsncpy
_getcwd
_chdir
islower
wcscpy
wcsncmp
wcspbrk
wcsstr
gmtime
memmove
isdigit
wcschr
wcsrchr
swprintf
_wcsicmp
wcslen
_snwprintf
_getdcwd
isxdigit
toupper
bsearch
fabs
frexp
pow
wcscmp
_snprintf
strtol
strncpy
_mkdir
_errno
_chmod
system
memcmp
strcat
_stricmp
_except_handler3
log10
_strnicmp
_atoi64
sscanf
ceil
isalpha
strpbrk
tolower
strcspn
atol
strchr
strncmp
memcpy
qsort
strcmp
strspn
strlen
strstr
memset
_ftol
sin
cos
atan
log
exp
sqrt
strcpy
_onexit

kernel32

CommConfigDialogA
GetCommModemStatus
ClearCommError
SetupComm
GetCommProperties
WaitForMultipleObjects
GetCommandLineA
OpenFileMappingA
GetProfileStringA
EnumResourceTypesA
EnumResourceNamesA
CreateFileW
GetFullPathNameW
GetEnvironmentVariableW
CreatePipe
SetHandleInformation
CreateProcessA
GetExitCodeProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemPowerStatus
InterlockedIncrement
SuspendThread
GetCurrentThread
CloseHandle
WaitForSingleObject
CreateThread
GetLastError
ResumeThread
GetProcAddress
VirtualFree
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
VirtualAlloc
WriteFile
SetFilePointer
CreateFileA
InterlockedExchange
LocalFree
GetFullPathNameA
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetPriorityClass
GetDateFormatA
GetLocaleInfoA
GetUserDefaultLCID
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
InterlockedDecrement
GetSystemTimeAsFileTime
ReadFile
GetFileSize
GetFileAttributesA
TerminateThread
SetLastError
GetCurrentProcess
DeviceIoControl
ResetEvent
CreateEventA
GetVersion
SetEvent
DefineDosDeviceA
QueryDosDeviceA
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetFileType
LoadLibraryA
SetEnvironmentVariableA
SetErrorMode
HeapAlloc
GetProcessHeap
HeapFree
FindClose
FindFirstFileA
GetOverlappedResult
SetCommTimeouts
SetCommConfig
GetCommConfig
PurgeComm
GetComputerNameA
OpenMutexA
GetTimeZoneInformation
FindNextFileA
FreeLibrary
GetModuleHandleA
OpenProcess
VirtualProtect
GetSystemTime
GetWindowsDirectoryA
GetEnvironmentVariableA
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceA
GetVolumeInformationA
GetLogicalDrives
CompareFileTime
GetFileTime
GetACP
EnumSystemCodePagesA
EnumSystemLocalesA
OpenEventA
GetTickCount
RaiseException
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
VerLanguageNameA
GetModuleFileNameA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
ReleaseMutex
ReleaseSemaphore
CreateMutexA
CreateSemaphoreA
GetCurrentThreadId
FileTimeToLocalFileTime
DuplicateHandle
OpenSemaphoreA
LockResource
LoadResource
SizeofResource
FindResourceA
LoadLibraryExA
SetCurrentDirectoryA
GetCurrentDirectoryA
GlobalMemoryStatus
SleepEx
GlobalFree
SetFileTime
MoveFileA
DeleteFileA
FlushFileBuffers
MultiByteToWideChar
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
WideCharToMultiByte
GlobalAlloc
GetUserDefaultLangID
GetStartupInfoA
GetSystemInfo
EscapeCommFunction
GetPrivateProfileStringA
GetPrivateProfileIntA
GetVersionExA
FormatMessageA
GetStdHandle
OutputDebugStringA
GetCurrentProcessId

user32

DeleteMenu
RemovePropA
EnumPropsA
RegisterWindowMessageA
CheckMenuItem
DefWindowProcA
SetForegroundWindow
SetScrollInfo
GetWindowPlacement
GetScrollInfo
EndDialog
LoadStringA
DestroyWindow
EndPaint
BeginPaint
GetCursorPos
GetForegroundWindow
wsprintfW
EnumDisplaySettingsA
KillTimer
SetWindowTextW
ExitWindowsEx
RegisterClipboardFormatA
GetClientRect
OpenClipboard
CountClipboardFormats
EnumClipboardFormats
GetClipboardFormatNameA
GetClipboardData
CloseClipboard
LockWindowUpdate
DrawTextW
DrawFrameControl
DrawStateA
DrawFocusRect
EnumChildWindows
SetClassLongA
GetSystemMetrics
GetWindowTextW
SetFocus
SetCursor
DialogBoxIndirectParamA
MapDialogRect
CreateIconFromResourceEx
CreateWindowExA
SetPropA
LoadIconA
LoadImageA
GetSubMenu
CreateMenu
PostMessageA
SetWindowTextA
EnableWindow
SetDlgItemTextA
SendMessageA
GetDlgItem
CheckDlgButton
LoadCursorA
GetSysColor
GetSysColorBrush
RegisterClassA
FindWindowA
GetWindow
UnregisterClassA
IsWindowVisible
SetTimer
ReleaseDC
MessageBoxA
GetWindowTextLengthA
GetAsyncKeyState
MapVirtualKeyA
GetKeyNameTextA
UnregisterHotKey
RegisterHotKey
SetMenuItemBitmaps
GetMenuItemInfoA
EnumWindows
GetWindowThreadProcessId
GetDC
CreatePopupMenu
AppendMenuA
IsWindowEnabled
TrackPopupMenuEx
DestroyMenu
EnableMenuItem
ClientToScreen
GetSystemMenu
GetPropA
GetDlgCtrlID
GetClassNameA
ShowWindow
GetWindowLongA
GetDlgItemTextA
AdjustWindowRect
GetWindowRect
SetWindowPos
GetWindowTextA
SetWindowLongA
InvalidateRect
UpdateWindow
IsDlgButtonChecked
GetDesktopWindow
EmptyClipboard
GetMenuStringA
SetClipboardData

gdi32

SetTextAlign
ExtTextOutW
GetDIBits
SetDIBits
SetBkMode
SetTextColor
SetBkColor
ExtTextOutA
BitBlt
CreateDIBSection
CreateSolidBrush
PatBlt
GetDeviceCaps
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetPixel
DeleteDC
GetTextMetricsA
CreateFontIndirectA
GetStockObject
SelectObject
EnumFontFamiliesExA
EnumFontFamiliesA

winspool.drv

EnumMonitorsA
EnumPortsA

comdlg32

ChooseFontA
ChooseColorA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

OpenServiceA
GetUserNameA
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegConnectRegistryA
LookupAccountNameA
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
SetThreadToken
RegEnumKeyA
AllocateAndInitializeSid
FreeSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeSid
SetSecurityDescriptorOwner
SetKernelObjectSecurity
RegQueryInfoKeyA
RegOpenKeyA
EnumServicesStatusA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
StartServiceA
ChangeServiceConfigA
QueryServiceConfigA
CreateServiceA
CloseServiceHandle
QueryServiceStatus
OpenSCManagerA
DeleteService
ControlService
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

midiOutGetDevCapsA
midiOutGetNumDevs
midiInGetDevCapsA
midiInGetNumDevs
waveOutGetDevCapsA
waveOutGetNumDevs
waveInGetDevCapsA
waveInGetNumDevs
auxGetDevCapsA
auxGetNumDevs
mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetDevCapsA
mixerGetNumDevs
waveOutOpen
timeGetTime
joyGetDevCapsA
joyGetNumDevs
PlaySoundA
waveInOpen

mpr

WNetGetLastErrorA
WNetGetUserA
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection3A

ole32

OleInitialize
CoCreateInstance
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 3.9MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Packaged/Utils.dll
.xml
Software_1.30.1.exe
.exe windows:4 windows x86 arch:x86

Password: 3578

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c6:94:58:8d:b0:f9:5a:85:3d:6f:14:76:4b:a8:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/11/2021, 00:00

Not After

02/01/2025, 23:59

Subject

SERIALNUMBER=CHE-230.898.459,CN=IO Bureau SA,O=IO Bureau SA,L=Lausanne,ST=Vaud,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130456617564,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:60:57:31:65:f2:2f:b4:da:af:e7:7b:90:e5:41:93:76:ce:c5:40
Signer

Actual PE Digest

a7:60:57:31:65:f2:2f:b4:da:af:e7:7b:90:e5:41:93:76:ce:c5:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 3578

Password: 3578

d9861d0d8a03a6f1ddfc473aaecbc98f

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

version

winmm

mpr

ole32

oleaut32

Sections

.text Size: 3.9MB - Virtual size: 3.8MB

.rdata Size: 184KB - Virtual size: 181KB

.data Size: 1.1MB - Virtual size: 1.6MB

.rsrc Size: 380KB - Virtual size: 380KB

Password: 3578

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:c6:94:58:8d:b0:f9:5a:85:3d:6f:14:76:4b:a8:11Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a7:60:57:31:65:f2:2f:b4:da:af:e7:7b:90:e5:41:93:76:ce:c5:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 603KB - Virtual size: 602KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.9MB - Virtual size: 3.8MB

.rdata
Size: 184KB - Virtual size: 181KB

.data
Size: 1.1MB - Virtual size: 1.6MB

.rsrc
Size: 380KB - Virtual size: 380KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:c6:94:58:8d:b0:f9:5a:85:3d:6f:14:76:4b:a8:11
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a7:60:57:31:65:f2:2f:b4:da:af:e7:7b:90:e5:41:93:76:ce:c5:40
Signer

.text
Size: 603KB - Virtual size: 602KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 12B