afef4402cc609af37904956ec62a161238e22d9fa89dedf02652476e7ec4b4d3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

afef4402cc609af37904956ec62a161238e22d9fa89dedf02652476e7ec4b4d3.zip
Size

6.2MB
MD5

3bdc36508d4af3b225f1be75ee23dde6
SHA1

3abd57aacc6764c1a8cd63f5ba7aa41a6f24d32b
SHA256

afef4402cc609af37904956ec62a161238e22d9fa89dedf02652476e7ec4b4d3
SHA512

46df8ab0d1e2d81b6666d3428fb4a5b87e1c3efd64376958a8957944058711c1cf0b65758780bea7586bdc4c8476305bd172e085db7ffe7103cff04a399108be
SSDEEP

98304:qy4Z/WSDdmEtGfE1bftMhb8h8LNFnnC+5mZ77QfjTNOnb73g4g14YDpD:q2SDdmEowtMhTLNFnCTZ77Qfv0M

Score

1^/10

Malware Config

Signatures

Files

afef4402cc609af37904956ec62a161238e22d9fa89dedf02652476e7ec4b4d3.zip
.zip
201d595a4597c727WJK.exe
.exe windows:5 windows x86 arch:x86

d94328c3b2944119a74bce3d88413299

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:32:f1:80:04:0e:80:fb:5c:e9:54:3b:55:79:1a:bc:9c:09:e5:7c:30:b2:ef:91:bf:87:3d:b8:b3:e8:f3:a8
Signer

Actual PE Digest

63:32:f1:80:04:0e:80:fb:5c:e9:54:3b:55:79:1a:bc:9c:09:e5:7c:30:b2:ef:91:bf:87:3d:b8:b3:e8:f3:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\gitproj\7z2201-src\CPP\7zip\UI\Console\Release\Console.pdb

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateEventA
CreateSemaphoreA
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryA
LoadLibraryW
LoadLibraryExA
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetCurrentProcessId
GetCurrentThreadId
SetLastError
SetFileTime
GetTickCount
GetModuleHandleW
GetSystemDirectoryA
GetTempPathA
GetTempPathW
GetWindowsDirectoryA
GetWindowsDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileW
SetFileAttributesA
SetFileAttributesW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
GetFileInformationByHandle
FindClose
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
ReleaseSemaphore
FindNextFileW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileSize
WriteFile
ReadFile
DeviceIoControl
SetEndOfFile
SetFilePointer
CreateFileA
GetDriveTypeA
GetDriveTypeW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetVolumeInformationA
GetVolumeInformationW
GetCurrentProcess
CompareFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
GlobalMemoryStatus
GetProcessAffinityMask
GetSystemInfo
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetStdHandle
SetProcessAffinityMask
MapViewOfFile
UnmapViewOfFile
OpenEventA
OpenFileMappingA
GetProcessTimes
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
GetCommandLineW
SetFileApisToOEM
GetConsoleScreenBufferInfo
GetConsoleMode
SetConsoleMode
HeapSize
WriteConsoleW
SetFilePointerEx
ReadConsoleW
GetStringTypeW
ResetEvent
SetEvent
InitializeCriticalSection
ResumeThread
GetLastError
SetThreadAffinityMask
GetSystemDirectoryW
LoadLibraryExW
lstrlenW
lstrcatW
GetVersionExA
IsProcessorFeaturePresent
GetModuleHandleA
VirtualFree
VirtualAlloc
FindNextFileA
GetProcAddress
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
HeapReAlloc
FindFirstFileExA
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
DecodePointer

user32

CharUpperA
CharUpperW
CharPrevExA

advapi32

GetFileSecurityW
LookupPrivilegeValueA
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

oleaut32

VariantCopy
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear
SysStringByteLen

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
templateWatch.dat

Sharing

General

Malware Config

Signatures

Files

d94328c3b2944119a74bce3d88413299

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

63:32:f1:80:04:0e:80:fb:5c:e9:54:3b:55:79:1a:bc:9c:09:e5:7c:30:b2:ef:91:bf:87:3d:b8:b3:e8:f3:a8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 539KB - Virtual size: 539KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 25KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

63:32:f1:80:04:0e:80:fb:5c:e9:54:3b:55:79:1a:bc:9c:09:e5:7c:30:b2:ef:91:bf:87:3d:b8:b3:e8:f3:a8
Signer

.text
Size: 539KB - Virtual size: 539KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 25KB