General

Malware Config

Signatures

Files

• 16597677064.zip

  .zip

  Password: infected

• 3159ff0abe241d8b4b9fd51368883f1016b0909544bf4eb759775b2a4b8f19c7

  .zip
• TAX DOCUMENTS 2/1099-MISC.inf

  .pdf
• TAX DOCUMENTS 2/W2_2023.exe

  .exe windows:5 windows x86 arch:x86

  6eb9cccf95968b8becec4c870f1101db

  
  

  Code Sign

  79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  01-05-2012 00:00

  Not After

  31-12-2012 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  5c:5f:2b:a5:c9:99:4b:e5:ef:25:4f:fe:51:12:88:e1

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  30-04-2012 00:00

  Not After

  01-05-2014 23:59

  Subject

  CN=Citrix Online,OU=Operations+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Citrix Online,L=Fort Lauderdale,ST=Florida,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  a9:67:63:96:99:c5:5b:7e:88:69:58:46:cb:9b:f7:d1:bb:bf:20:aa

  Signer

  Actual PE Digest

  a9:67:63:96:99:c5:5b:7e:88:69:58:46:cb:9b:f7:d1:bb:bf:20:aa

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb

  Imports

  g2m

  g2mcomm_winmain

  kernel32

  GetModuleHandleW

  GetCommandLineW

  GetProcAddress

  GetModuleHandleA

  GetModuleFileNameA

  GetStartupInfoW

  ExitProcess

  user32

  MessageBoxA

  Sections

  .text

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 684B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 29KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• TAX DOCUMENTS 2/g2m.dll

  .dll regsvr32 windows:5 windows x86 arch:x86

  59dfb51e8ff8a618e14f9e6e82affff5

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  c:\p4builds\Products\GoToMeeting\v5.1_builds\output\G2M.pdb

  Imports

  rpcrt4

  NdrDllGetClassObject

  RpcStringFreeW

  UuidToStringW

  NdrOleAllocate

  NdrOleFree

  IUnknown_QueryInterface_Proxy

  IUnknown_AddRef_Proxy

  IUnknown_Release_Proxy

  CStdStubBuffer_QueryInterface

  CStdStubBuffer_AddRef

  CStdStubBuffer_Connect

  CStdStubBuffer_Disconnect

  CStdStubBuffer_Invoke

  CStdStubBuffer_IsIIDSupported

  CStdStubBuffer_CountRefs

  CStdStubBuffer_DebugServerQueryInterface

  CStdStubBuffer_DebugServerRelease

  NdrCStdStubBuffer_Release

  UuidCreate

  netapi32

  Netbios

  psapi

  EnumProcesses

  GetModuleBaseNameW

  EnumProcessModules

  GetModuleFileNameExW

  GetModuleInformation

  shlwapi

  PathRemoveExtensionW

  PathStripPathW

  StrFormatByteSizeW

  StrChrW

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  msacm32

  acmStreamOpen

  acmStreamConvert

  acmStreamUnprepareHeader

  acmStreamPrepareHeader

  powrprof

  CallNtPowerInformation

  wininet

  InternetReadFileExA

  HttpOpenRequestW

  InternetSetStatusCallbackW

  HttpQueryInfoW

  InternetSetOptionW

  InternetOpenW

  HttpSendRequestExW

  InternetQueryOptionW

  InternetCloseHandle

  InternetConnectW

  InternetErrorDlg

  HttpEndRequestW

  kernel32

  CopyFileW

  GetFileAttributesW

  GetDiskFreeSpaceExW

  GetTempFileNameW

  FindFirstFileW

  MoveFileW

  GetSystemWindowsDirectoryW

  GetLocaleInfoW

  GetSystemInfo

  GlobalMemoryStatusEx

  lstrlenA

  LocalAlloc

  lstrcmpiW

  ReleaseMutex

  CreateMutexW

  ResumeThread

  GetThreadContext

  SuspendThread

  InterlockedIncrement

  SetThreadPriority

  GetThreadPriority

  TerminateThread

  CreateProcessW

  TerminateProcess

  GetExitCodeProcess

  GetShortPathNameW

  CompareFileTime

  CreateDirectoryW

  RemoveDirectoryW

  GetSystemDirectoryW

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetLocalTime

  InitializeCriticalSection

  DeleteCriticalSection

  TryEnterCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  WaitForMultipleObjects

  GetProcessTimes

  GetTickCount

  GetTimeFormatW

  GetDateFormatW

  GetTimeZoneInformation

  QueryPerformanceCounter

  QueryPerformanceFrequency

  ResetEvent

  OpenEventW

  CreateEventW

  FindVolumeClose

  FindNextVolumeW

  QueryDosDeviceW

  FindFirstVolumeW

  FindNextFileW

  DeleteFileW

  GetUserDefaultLCID

  GetUserDefaultUILanguage

  EnumResourceLanguagesW

  OpenThread

  GetThreadTimes

  DisableThreadLibraryCalls

  InterlockedDecrement

  lstrlenW

  SizeofResource

  LoadResource

  FindResourceW

  OpenMutexW

  SetEnvironmentVariableW

  GetEnvironmentVariableW

  GetWindowsDirectoryW

  GetTempPathA

  CreateDirectoryA

  SetLastError

  SetWaitableTimer

  CreateWaitableTimerW

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  VirtualFree

  VirtualAlloc

  GlobalLock

  GlobalFree

  GlobalUnlock

  GlobalAlloc

  FlushInstructionCache

  lstrcmpW

  MulDiv

  LockResource

  GetVersionExA

  ExpandEnvironmentStringsW

  GetFileTime

  ExitProcess

  Thread32Next

  Thread32First

  CreateToolhelp32Snapshot

  Process32NextW

  Process32FirstW

  SetThreadExecutionState

  FlushFileBuffers

  SetEndOfFile

  SetFilePointer

  WriteFile

  ReadFile

  FindClose

  OpenProcess

  GetCurrentThread

  InterlockedExchange

  MultiByteToWideChar

  WideCharToMultiByte

  GetSystemTime

  SystemTimeToFileTime

  FileTimeToSystemTime

  TlsFree

  HeapFree

  HeapAlloc

  HeapDestroy

  HeapCreate

  GetCurrentThreadId

  GetTempPathW

  CreateFileW

  GetCurrentProcessId

  GetFileSize

  CreateFileMappingW

  MapViewOfFile

  SetEvent

  WaitForSingleObject

  UnmapViewOfFile

  CloseHandle

  GetSystemTimeAsFileTime

  CreateEventA

  LoadLibraryExW

  OutputDebugStringW

  LocalFree

  GetLastError

  SetUnhandledExceptionFilter

  GetVersionExW

  LoadLibraryW

  Sleep

  GetCurrentProcess

  GetModuleFileNameW

  FormatMessageW

  IsBadReadPtr

  GetModuleHandleW

  GetProcAddress

  TlsAlloc

  TlsSetValue

  TlsGetValue

  RaiseException

  FreeLibrary

  FileTimeToLocalFileTime

  GetDriveTypeA

  ReadConsoleInputA

  SetConsoleMode

  LCMapStringA

  InitializeCriticalSectionAndSpinCount

  SetConsoleCtrlHandler

  CompareStringW

  GetDateFormatA

  GetTimeFormatA

  HeapReAlloc

  GetFullPathNameA

  PeekNamedPipe

  GetCurrentDirectoryA

  FoldStringW

  GetConsoleMode

  GetConsoleCP

  HeapSize

  GetModuleHandleA

  LCMapStringW

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetModuleFileNameA

  GetStartupInfoA

  GetFileType

  GetStdHandle

  SetHandleCount

  RtlUnwind

  CreateThread

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  CreateFileA

  GetProcessHeap

  CompareStringA

  SetEnvironmentVariableA

  InterlockedCompareExchange

  IsProcessorFeaturePresent

  GetCommandLineW

  ReleaseSemaphore

  CreateSemaphoreW

  GetVolumeInformationW

  DuplicateHandle

  GetVersion

  ExitThread

  IsDebuggerPresent

  UnhandledExceptionFilter

  GetCommandLineA

  GetPrivateProfileSectionNamesW

  FindFirstFileA

  GlobalMemoryStatus

  LoadLibraryA

  GetSystemDefaultLCID

  GetPrivateProfileSectionW

  CancelWaitableTimer

  DeleteFileA

  GetFileAttributesExA

  SetThreadAffinityMask

  GetProcessAffinityMask

  CreateWaitableTimerA

  OutputDebugStringA

  AllocConsole

  FreeConsole

  FormatMessageA

  CreateSemaphoreA

  SetPriorityClass

  CreateMutexA

  GetFileInformationByHandle

  FlushConsoleInputBuffer

  gdi32

  CreateDCW

  GetRegionData

  ExtTextOutW

  OffsetRgn

  GetRgnBox

  EqualRgn

  CreateBitmap

  SetROP2

  FillRgn

  CreateRectRgnIndirect

  DPtoLP

  Ellipse

  RestoreDC

  Polyline

  SaveDC

  CreatePen

  SetPolyFillMode

  GetSystemPaletteEntries

  CreatePalette

  GetPaletteEntries

  GetDIBColorTable

  SetDIBColorTable

  CreateDIBSection

  GetDCOrgEx

  Polygon

  FrameRgn

  PaintRgn

  CreatePolygonRgn

  CreateRoundRectRgn

  SetStretchBltMode

  StretchBlt

  GetDIBits

  CreateDIBitmap

  SetDIBits

  SelectClipRgn

  ExcludeClipRect

  SetMapMode

  SetWindowExtEx

  SetViewportExtEx

  SetWindowOrgEx

  SetViewportOrgEx

  LineTo

  MoveToEx

  GetClipBox

  SetPixelV

  GetTextMetricsW

  GetTextExtentPoint32W

  SetBkColor

  CreateRectRgn

  SetRectRgn

  CombineRgn

  GetBitmapBits

  SetTextColor

  TextOutW

  GetBkMode

  GetTextColor

  CreateFontW

  CreateFontIndirectW

  GetStockObject

  GetObjectW

  GetDeviceCaps

  BitBlt

  CreateSolidBrush

  GetPixel

  SetBkMode

  SetBrushOrgEx

  CreateCompatibleDC

  CreateCompatibleBitmap

  SelectObject

  CreatePatternBrush

  DeleteDC

  DeleteObject

  SetPixel

  comdlg32

  GetOpenFileNameW

  CommDlgExtendedError

  ChooseColorW

  GetSaveFileNameW

  ole32

  CoGetCallContext

  CoRevokeClassObject

  CoRegisterClassObject

  CoInitializeSecurity

  CoGetObject

  CoDisconnectObject

  CoGetCurrentProcess

  CoCreateFreeThreadedMarshaler

  CoTaskMemFree

  CoTaskMemAlloc

  CoFreeUnusedLibraries

  StringFromGUID2

  CoCreateInstance

  CoCreateGuid

  CLSIDFromProgID

  OleLockRunning

  CoGetClassObject

  CLSIDFromString

  CreateStreamOnHGlobal

  CoInitialize

  CoSetProxyBlanket

  OleUninitialize

  CoUninitialize

  CoInitializeEx

  CoTaskMemRealloc

  OleInitialize

  CoRegisterPSClsid

  StringFromCLSID

  oleaut32

  SystemTimeToVariantTime

  UnRegisterTypeLi

  LoadTypeLi

  SysAllocString

  SysFreeString

  SysStringLen

  RegisterTypeLi

  VarUI4FromStr

  LPSAFEARRAY_UserSize

  LPSAFEARRAY_UserMarshal

  LPSAFEARRAY_UserUnmarshal

  OleCreateFontIndirect

  LoadRegTypeLi

  OleLoadPicture

  LPSAFEARRAY_UserFree

  SysStringByteLen

  SysAllocStringLen

  BSTR_UserUnmarshal

  DispCallFunc

  BSTR_UserFree

  SafeArrayGetElement

  SafeArrayDestroy

  SafeArrayPutElement

  SafeArrayCreate

  SysAllocStringByteLen

  VariantCopy

  BSTR_UserSize

  OleCreatePropertyFrame

  VariantInit

  VarBstrCat

  VarBstrCmp

  OleLoadPicturePath

  BSTR_UserMarshal

  VariantClear

  VariantChangeType

  secur32

  GetUserNameExW

  InitSecurityInterfaceA

  wtsapi32

  WTSQuerySessionInformationW

  WTSFreeMemory

  comctl32

  InitCommonControlsEx

  userenv

  DestroyEnvironmentBlock

  CreateEnvironmentBlock

  winmm

  mixerGetDevCapsA

  mixerGetLineControlsA

  mixerGetLineInfoA

  waveInGetDevCapsA

  waveOutGetDevCapsA

  mixerGetControlDetailsA

  timeSetEvent

  timeGetTime

  timeKillEvent

  mmioOpenA

  timeEndPeriod

  timeBeginPeriod

  waveInUnprepareHeader

  waveInReset

  waveInPrepareHeader

  waveInAddBuffer

  waveInStart

  waveInStop

  waveInGetErrorTextW

  waveInGetPosition

  mmioOpenW

  mmioDescend

  mmioAscend

  waveOutUnprepareHeader

  waveOutReset

  waveOutPrepareHeader

  mmioRead

  waveOutPause

  waveOutWrite

  mmioClose

  mixerGetNumDevs

  mixerOpen

  mixerSetControlDetails

  mixerGetLineInfoW

  mixerGetDevCapsW

  waveInOpen

  waveOutOpen

  waveOutGetPosition

  waveOutClose

  mixerGetID

  waveInGetID

  waveOutGetID

  mixerGetLineControlsW

  mixerGetControlDetailsW

  waveOutGetNumDevs

  waveInGetNumDevs

  waveInGetDevCapsW

  waveOutGetDevCapsW

  mixerClose

  waveOutGetVolume

  waveOutSetVolume

  waveInClose

  avifil32

  AVIStreamWrite

  AVIFileInit

  AVIFileExit

  AVIFileRelease

  AVIFileCreateStreamA

  AVIStreamRead

  AVIStreamTimeToSample

  AVIStreamSampleToTime

  AVIStreamFindSample

  AVIStreamLength

  AVIStreamReadFormat

  AVIStreamRelease

  AVIStreamSetFormat

  AVIFileOpenA

  AVIFileGetStream

  AVIFileInfoA

  msvfw32

  ICOpen

  ICDecompress

  ICSendMessage

  ICClose

  avicap32

  capGetDriverDescriptionA

  capCreateCaptureWindowA

  d3d9

  Direct3DCreate9

  wsock32

  recvfrom

  htonl

  getsockname

  gethostname

  getsockopt

  inet_ntoa

  select

  WSACleanup

  closesocket

  shutdown

  WSAGetLastError

  recv

  WSASetLastError

  send

  inet_addr

  ntohs

  sendto

  htons

  ioctlsocket

  WSAStartup

  gethostbyname

  ntohl

  socket

  setsockopt

  accept

  listen

  bind

  connect

  getpeername

  __WSAFDIsSet

  ws2_32

  WSAWaitForMultipleEvents

  WSAResetEvent

  WSAEnumNetworkEvents

  WSACreateEvent

  WSACloseEvent

  WSASetEvent

  WSAEventSelect

  getnameinfo

  WSAIoctl

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  g2mchat_winmain

  g2mcomm_winmain

  g2mfeedback_winmain

  g2mhost_winmain

  g2minstaller_winmain

  g2minsthigh_winmain

  g2mlauncher_winmain

  g2mmatchmaking_winmain

  g2mmaterials_winmain

  g2mpolling_winmain

  g2mqanda_winmain

  g2mrecorder_winmain

  g2msessioncontrol_winmain

  g2mstart_winmain

  g2mtesting_winmain

  g2mtranscoder_winmain

  g2mui_winmain

  g2muninstall_winmain

  g2mvideoconference_winmain

  g2mview_winmain

  Sections

  .text

  Size: 11.9MB - Virtual size: 11.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .orpc

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2.2MB - Virtual size: 2.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 187KB - Virtual size: 684KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 813KB - Virtual size: 813KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ