General

Malware Config

Signatures

Files

• quantizer.zip.zip

  .zip

  Password: infected

• quantizer.zip

  .zip
• quantizer/READ ME!!!.txt
• quantizer/quantizer.exe

  .exe windows:5 windows x86 arch:x86

  c8a20509092d71f3959c1834f1f91ca0

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  E:\Visual Studio Projects\quantizer\Release\quantizer.pdb

  Imports

  msimg32

  AlphaBlend

  winmm

  waveOutWrite

  waveOutUnprepareHeader

  waveOutClose

  waveOutOpen

  waveOutPrepareHeader

  kernel32

  SetFileAttributesW

  DeleteFileW

  CloseHandle

  LoadLibraryW

  GetProcAddress

  CreateProcessW

  FreeLibrary

  CopyFileW

  TerminateThread

  GetTempPathW

  GetTickCount

  GetModuleHandleW

  GetStartupInfoW

  IsProcessorFeaturePresent

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetModuleFileNameW

  IsDebuggerPresent

  WriteFile

  ReadFile

  CreateFileW

  GetProcessHeap

  HeapAlloc

  Sleep

  HeapFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  CreateThread

  user32

  DefWindowProcW

  MessageBoxW

  CreateWindowExW

  RegisterClassExW

  ShowWindow

  PeekMessageW

  LoadIconW

  LoadCursorW

  EnumDisplayMonitors

  UnionRect

  GetMessageW

  DispatchMessageW

  SetTimer

  TranslateMessage

  UpdateLayeredWindow

  EnumChildWindows

  SetWindowTextW

  RedrawWindow

  MoveWindow

  ReleaseDC

  GetDC

  SetWindowPos

  EnumWindows

  ExitWindowsEx

  gdi32

  CreatePen

  DeleteDC

  StretchBlt

  Polygon

  SelectObject

  CreateCompatibleBitmap

  BitBlt

  CreateDIBSection

  SetStretchBltMode

  DeleteObject

  CreateCompatibleDC

  CreateSolidBrush

  advapi32

  RegCreateKeyExW

  RegSetValueExW

  RegCloseKey

  vcruntime140

  __current_exception_context

  __current_exception

  wcsrchr

  _except_handler4_common

  memset

  memcpy

  api-ms-win-crt-string-l1-1-0

  wcsncmp

  wcscat_s

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  _CIfmod

  _CIatan2

  _libm_sse2_sin_precise

  cbrt

  _libm_sse2_sqrt_precise

  _libm_sse2_tan_precise

  floor

  api-ms-win-crt-runtime-l1-1-0

  terminate

  _controlfp_s

  _crt_atexit

  _c_exit

  _cexit

  _register_onexit_function

  _exit

  exit

  _initterm_e

  _initterm

  _get_wide_winmain_command_line

  _initialize_wide_environment

  _configure_wide_argv

  _initialize_onexit_table

  _set_app_type

  _seh_filter_exe

  _register_thread_local_exe_atexit_callback

  api-ms-win-crt-stdio-l1-1-0

  __p__commode

  _set_fmode

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  vcomp140

  _vcomp_for_static_end

  _vcomp_for_static_simple_init

  _vcomp_fork

  _vcomp_set_num_threads

  Sections

  .text

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 38KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 145KB - Virtual size: 145KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• quantizer/vc_redist.x86.exe

  .exe windows:5 windows x86 arch:x86

  8e2588a9cf43886de3449dfff03137b6

  
  

  Code Sign

  33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  03-05-2016 17:13

  Not After

  03-08-2017 17:13

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-06-2015 17:42

  Not After

  04-09-2016 17:42

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  28-10-2015 20:31

  Not After

  28-01-2017 20:31

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  4d:12:80:9c:ca:f7:eb:86:79:f3:3f:cb:2a:a5:60:d7:0d:dc:44:88:bc:55:c1:a3:7b:54:00:7a:b1:82:77:ed

  Signer

  Actual PE Digest

  4d:12:80:9c:ca:f7:eb:86:79:f3:3f:cb:2a:a5:60:d7:0d:dc:44:88:bc:55:c1:a3:7b:54:00:7a:b1:82:77:ed

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  82:d9:a5:27:22:5d:9a:32:85:b0:da:6e:7a:b5:fd:fd:e5:15:e1:df

  Signer

  Actual PE Digest

  82:d9:a5:27:22:5d:9a:32:85:b0:da:6e:7a:b5:fd:fd:e5:15:e1:df

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

  Imports

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipDeleteGraphics

  GdipFree

  GdipCloneImage

  GdipDisposeImage

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateBitmapFromResource

  GdipCreateFromHDC

  GdipSetInterpolationMode

  GdipDrawImageRectI

  GdipAlloc

  advapi32

  QueryServiceConfigW

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptReleaseContext

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegEnumValueW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegCloseKey

  RegDeleteValueW

  RegQueryValueExW

  GetUserNameW

  InitiateSystemShutdownExW

  CreateWellKnownSid

  InitializeAcl

  SetEntriesInAclW

  DecryptFileW

  ChangeServiceConfigW

  ControlService

  CloseServiceHandle

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  RegQueryInfoKeyW

  RegSetValueExW

  SetEntriesInAclA

  SetSecurityDescriptorGroup

  RegOpenKeyExW

  GetTokenInformation

  CheckTokenMembership

  AllocateAndInitializeSid

  FreeSid

  LookupAccountNameW

  SetNamedSecurityInfoW

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  user32

  GetMessageW

  PeekMessageW

  PostMessageW

  IsWindow

  PostQuitMessage

  GetWindowLongW

  SetWindowLongW

  DefWindowProcW

  UnregisterClassW

  DispatchMessageW

  TranslateMessage

  IsDialogMessageW

  MsgWaitForMultipleObjects

  WaitForInputIdle

  LoadCursorW

  BeginPaint

  EndPaint

  GetCursorPos

  MonitorFromPoint

  GetMonitorInfoW

  ReleaseDC

  MessageBoxW

  PostThreadMessageW

  RegisterClassW

  CreateWindowExW

  oleaut32

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  gdi32

  GetDeviceCaps

  CreateDCW

  shell32

  ShellExecuteExW

  SHGetFolderPathW

  CommandLineToArgvW

  ole32

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoUninitialize

  CoInitializeEx

  StringFromGUID2

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCurrentProcess

  InitializeCriticalSection

  TlsFree

  DeleteCriticalSection

  CloseHandle

  TlsGetValue

  Sleep

  GetLastError

  ReleaseMutex

  TlsSetValue

  TlsAlloc

  GetCurrentThreadId

  GetVersionExW

  GetModuleHandleW

  ReadFile

  SetFilePointerEx

  CreateFileW

  GetCurrentProcessId

  GetProcessId

  WriteFile

  ConnectNamedPipe

  SetNamedPipeHandleState

  lstrlenW

  CompareStringW

  LocalFree

  CreateNamedPipeW

  WaitForSingleObject

  OpenProcess

  lstrlenA

  RemoveDirectoryW

  GetFileAttributesW

  ExpandEnvironmentStringsW

  LeaveCriticalSection

  EnterCriticalSection

  FreeLibrary

  GetProcAddress

  VerifyVersionInfoW

  VerSetConditionMask

  GetComputerNameW

  GetTempPathW

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  GetVolumePathNameW

  HeapAlloc

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetDateFormatW

  GetSystemTime

  InterlockedExchange

  LoadLibraryW

  InterlockedCompareExchange

  GetExitCodeThread

  CreateThread

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  ProcessIdToSessionId

  InterlockedIncrement

  InterlockedDecrement

  GetStringTypeW

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateProcessW

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  HeapSetInformation

  MapViewOfFile

  CreateFileMappingW

  CreateMutexW

  SetEndOfFile

  ResetEvent

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  CreateFileA

  GetSystemTimeAsFileTime

  VirtualFree

  VirtualAlloc

  DeleteFileW

  GetThreadLocale

  GetTimeZoneInformation

  TerminateProcess

  UnhandledExceptionFilter

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GlobalAlloc

  IsProcessorFeaturePresent

  GetTickCount

  QueryPerformanceCounter

  HeapCreate

  SetLastError

  EncodePointer

  GetFileType

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  GetEnvironmentStringsW

  GlobalFree

  MoveFileExW

  CopyFileW

  GetFileSizeEx

  GetModuleHandleA

  RaiseException

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  RtlUnwind

  SetFilePointer

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  HeapSize

  HeapReAlloc

  LCMapStringW

  MultiByteToWideChar

  SetStdHandle

  WriteConsoleW

  FlushFileBuffers

  GetLocalTime

  UnmapViewOfFile

  IsDebuggerPresent

  DuplicateHandle

  HeapFree

  FormatMessageW

  GetTempFileNameW

  GetWindowsDirectoryW

  CompareStringA

  FreeEnvironmentStringsW

  GetModuleFileNameW

  GetStdHandle

  DecodePointer

  ExitProcess

  SetUnhandledExceptionFilter

  GetStartupInfoW

  GetCommandLineW

  GetFullPathNameW

  CreateDirectoryW

  GetProcessHeap

  cabinet

  ord22

  ord20

  ord23

  crypt32

  CertGetCertificateContextProperty

  CryptHashPublicKeyInfo

  msi

  ord88

  ord17

  ord125

  ord116

  ord115

  ord118

  ord8

  ord171

  ord205

  ord45

  ord137

  ord141

  ord238

  ord190

  ord169

  ord90

  ord173

  ord111

  ord70

  rpcrt4

  UuidCreate

  wininet

  InternetCloseHandle

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetErrorDlg

  InternetReadFile

  HttpSendRequestW

  InternetSetOptionW

  InternetOpenW

  HttpQueryInfoW

  InternetCrackUrlW

  InternetConnectW

  wintrust

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  CryptCATAdminCalcHashFromFileHandle

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  Sections

  .text

  Size: 229KB - Virtual size: 228KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ