16471611592_malware[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

16471611592_malware.zip
Size

1.5MB
MD5

20402f311f7ea326f4d2645ef1ab671b
SHA1

065c3aac87ca8e1fc53a1da3de8a3f6e04d0a9ee
SHA256

7e38890e02172bebd2ffd552145e07cf62a3ea4f4fcec8f4309cea1ac240d97a
SHA512

2ed6a9bb375577713a5f24d1a71b2e5da09d8403899b83c63446028f8feb4e1f006e6bfd594fc998a75d7dc4aae3c88315ee46f500f3bcd1ee469daaf2dcb01a
SSDEEP

24576:hHyErVQpuWc+wgR/ttCPjIiZNhAFMsH6ZjOc7CZDdmDKdGpsIgKexRLq3fJ7i:hHyErVk0DgRttEjJNK/6MCJpsIgKAReo

Score

1^/10

Malware Config

Signatures

Files

16471611592_malware.zip
.zip

Password: infected
275be7d414498ed841232cee005cb97dfc1c22977b841b72d674959629d5ce02
.exe windows:6 windows x64 arch:x64

6fe68d69ef96280313858fd1365b5cc1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:5c:84:93:b2:e5:5c:2c:eb:86:d4:ce:e9:16:ce:d4
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

28/07/2021, 00:00

Not After

27/07/2024, 23:59

Subject

SERIALNUMBER=516426681,CN=ASOMAK LTD,O=ASOMAK LTD,L=Rishon Lezion,C=IL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:80:05:43:d8:e9:44:5d:74:82:9d:be:7f:d6:e8:9b:5e:31:61:76:3f:2c:06:d8:2d:18:d1:df:98:61:e6:82
Signer

Actual PE Digest

f1:80:05:43:d8:e9:44:5d:74:82:9d:be:7f:d6:e8:9b:5e:31:61:76:3f:2c:06:d8:2d:18:d1:df:98:61:e6:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Lior\programming\tagger\target\release\deps\GlobalUpdateMgr.pdb

Imports

ntdll

NtQueryInformationProcess
RtlGetVersion
NtDeviceIoControlFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtWriteFile
RtlNtStatusToDosError
RtlUnwindEx
NtQuerySystemInformation
RtlCaptureContext
RtlPcToFileHeader
NtCancelIoFileEx

kernel32

GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTempPathA
FormatMessageW
WriteFile
GetDiskFreeSpaceA
SetHandleInformation
GetLastError
GetDiskFreeSpaceW
GetFileAttributesA
OutputDebugStringA
LockFile
GetFileAttributesExW
InitializeSListHead
OutputDebugStringW
FlushViewOfFile
SetFilePointer
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
LoadLibraryW
PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
HeapAlloc
GetFullPathNameA
IsDebuggerPresent
HeapCompact
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
HeapDestroy
UnlockFile
VirtualQueryEx
ReadProcessMemory
GetProcAddress
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetSystemTimeAsFileTime
RaiseException
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
SetEndOfFile
GetTickCount
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
FlushFileBuffers
CreateFileW
LoadLibraryExW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetFileAttributesW
UnmapViewOfFile
HeapValidate
IsProcessorFeaturePresent
TerminateProcess
OpenProcess
SleepConditionVariableSRW
LoadLibraryExA
CloseHandle
HeapSize
MultiByteToWideChar
GetModuleHandleA
ReleaseSRWLockExclusive
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
TlsGetValue
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateMutexA
GetCurrentThread
lstrlenW
TlsSetValue
TlsFree
AcquireSRWLockExclusive
CreateThread
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
WriteConsoleW
SetFileInformationByHandle
GetStdHandle
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
GetModuleFileNameW

advapi32

GetLengthSid
SystemFunction036
CopySid
IsValidSid
GetTokenInformation
OpenProcessToken

ws2_32

send
recv
ioctlsocket
connect
WSASocketW
closesocket
setsockopt
WSAGetLastError
getaddrinfo
WSAStartup
WSACleanup
getsockopt
freeaddrinfo
select

iphlpapi

GetAdaptersAddresses

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

shell32

CommandLineToArgvW
SHGetKnownFolderPath

pdh

PdhOpenQueryA
PdhCloseQuery
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter

powrprof

CallNtPowerInformation

ole32

CoTaskMemFree

oleaut32

GetErrorInfo
SysFreeString
SysStringLen

bcrypt

BCryptGenRandom

api-ms-win-crt-string-l1-1-0

strcpy_s
strlen
strcspn
strncmp
wcsncmp
wcslen
strcmp

api-ms-win-crt-heap-l1-1-0

malloc
_msize
realloc
calloc
free
_set_new_mode

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_exit
_initialize_narrow_environment
_set_app_type
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_endthreadex
_crt_atexit
terminate
abort
_beginthreadex
__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6fe68d69ef96280313858fd1365b5cc1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

1b:5c:84:93:b2:e5:5c:2c:eb:86:d4:ce:e9:16:ce:d4Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f1:80:05:43:d8:e9:44:5d:74:82:9d:be:7f:d6:e8:9b:5e:31:61:76:3f:2c:06:d8:2d:18:d1:df:98:61:e6:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

iphlpapi

psapi

shell32

pdh

powrprof

ole32

oleaut32

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 624KB - Virtual size: 624KB

.data Size: 14KB - Virtual size: 17KB

.pdata Size: 106KB - Virtual size: 106KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 14KB - Virtual size: 13KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

1b:5c:84:93:b2:e5:5c:2c:eb:86:d4:ce:e9:16:ce:d4
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f1:80:05:43:d8:e9:44:5d:74:82:9d:be:7f:d6:e8:9b:5e:31:61:76:3f:2c:06:d8:2d:18:d1:df:98:61:e6:82
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 624KB - Virtual size: 624KB

.data
Size: 14KB - Virtual size: 17KB

.pdata
Size: 106KB - Virtual size: 106KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 14KB - Virtual size: 13KB