Memz-Virus-Clean-Password_215817[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Memz-Virus-Clean-Password_215817.exe
Size

22.9MB
MD5

ed8214f9fb7f942772bd8953c75d808c
SHA1

1e198fcb4a2c05aa2fee02431d484b6e5fe283c9
SHA256

9db70cf175ad9b2fde04ea7a69c7244174e8c7389b497e69bd8ebb96865221da
SHA512

c4b261da35d7682617ec2b9c626f6cdcd9e3c925729a685be34d80b0ee95c4cf4e1457de1b5c80d3111a0608b562a6f52254eb14e9edf8230d9197c86ef29cf9
SSDEEP

393216:+0Jg/CyySxSdSVpKK3myBKTV1PM1n6MMGGX721tQ3B3j5Xov/2MjdshHzeobmKN2:3g/CypKK3myBKTV1PM1n6x721tQ3B3ji

Score

1^/10

Malware Config

Signatures

Files

Memz-Virus-Clean-Password_215817.exe
.exe windows:6 windows x86 arch:x86

907753358094ab91cae93bbe63f8c58a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

18/08/2023, 00:00

Not After

17/08/2024, 23:59

Subject

SERIALNUMBER=0450768115,CN=Cyber Holding Partners LLC,O=Cyber Holding Partners LLC,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:20:85:c3:8b:64:d5:17:55:45:7c:ee:35:ac:ca:20:3e:30:1e:78:f5:f0:a7:66:5e:57:88:cc:16:5e:98:f0
Signer

Actual PE Digest

de:20:85:c3:8b:64:d5:17:55:45:7c:ee:35:ac:ca:20:3e:30:1e:78:f5:f0:a7:66:5e:57:88:cc:16:5e:98:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
SetEndOfFile
FindFirstFileExW
RaiseException
EncodePointer
IsValidCodePage
TlsFree
SetFileTime
IsDebuggerPresent
QueryPerformanceCounter
SetStdHandle
GetCPInfo
Sleep
SwitchToThread
CreateThread
SetFilePointerEx
GetProcessHeap
GetConsoleMode
DecodePointer
GetModuleFileNameW
ResetEvent
GetThreadPriority
VirtualFree
ExitThread
SetFilePointer
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetLocaleInfoW
GetTimeFormatW
GetCommandLineW
WaitForSingleObjectEx
CreateTimerQueueTimer
CreateDirectoryW
GlobalFree
SystemTimeToTzSpecificLocalTime
GetStringTypeW
ReleaseSRWLockExclusive
LCMapStringW
GetDateFormatW
GetTimeZoneInformation
InitializeCriticalSectionEx
TryEnterCriticalSection
HeapSize
ReadConsoleW
SetPriorityClass
FileTimeToSystemTime
UnregisterWaitEx
CompareFileTime
HeapFree
GetStdHandle
GetUserDefaultLCID
CreateSemaphoreW
GetModuleHandleA
RemoveDirectoryW
VerSetConditionMask
FindFirstFileW
GlobalAlloc
ReleaseSemaphore
FindNextFileW
RegisterWaitForSingleObject
InterlockedPushEntrySList
GetCurrentProcessId
GetModuleHandleExW
GlobalMemoryStatus
GetEnvironmentStringsW
AcquireSRWLockExclusive
GlobalLock
HeapAlloc
InitializeSListHead
InitializeCriticalSection
FlushFileBuffers
CompareStringW
ExitProcess
TerminateProcess
SetThreadAffinityMask
InitializeCriticalSectionAndSpinCount
lstrcatA
GetCommandLineA
LoadLibraryW
MoveFileExW
CloseHandle
QueryPerformanceFrequency
GetThreadTimes
UnregisterWait
TlsAlloc
GetCurrentThreadId
RtlUnwind
InterlockedFlushSList
GetVersion
GetVersionExW
GetProcAddress
DeleteCriticalSection
WriteFile
GetFileInformationByHandle
WriteConsoleW
GetEnvironmentVariableA
SetEnvironmentVariableW
QueryDepthSList
HeapReAlloc
GetFullPathNameW
GlobalUnlock
DuplicateHandle
SignalObjectAndWait
MoveFileW
GetNumaHighestNodeNumber
DeleteFileW
GetStartupInfoW
VirtualAlloc
GetConsoleOutputCP
GetLastError
LocalFree
SetLastError
GetFileAttributesW
DeleteTimerQueueTimer
SetEvent
GetTickCount64
ChangeTimerQueueTimer
CreateEventW
SetThreadPriority
GetOEMCP
GetProcessAffinityMask
ReadFile
lstrlenA
GetLogicalDriveStringsW
GetFileAttributesExW
WaitForSingleObject
IsValidLocale
WaitForMultipleObjects
EnterCriticalSection
GetCurrentThread
GetFileType
GetModuleHandleW
InterlockedPopEntrySList
GetSystemDirectoryW
GetLogicalProcessorInformation
CreateTimerQueue
LoadLibraryExW
EnumSystemLocalesW
GetTickCount
FreeEnvironmentStringsW
IsProcessorFeaturePresent
GetSystemInfo
FreeLibraryAndExitThread
TlsSetValue
GetACP
CreateFileW
GetFileSize
MultiByteToWideChar
SetUnhandledExceptionFilter
FreeLibrary
FormatMessageW
FindClose
LeaveCriticalSection
VirtualProtect
SleepEx
GetCurrentProcess
WideCharToMultiByte
SetFileAttributesW
PeekNamedPipe
FileTimeToLocalFileTime
TlsGetValue
GetFileSizeEx
UnhandledExceptionFilter
GetDriveTypeW

user32

GetMonitorInfoA
GetWindowRect
GetWindowTextW
DialogBoxParamW
KillTimer
SetCursor
GetParent
MonitorFromWindow
SetTimer
OpenClipboard
CharUpperW
InvalidateRect
GetKeyState
CloseClipboard
ScreenToClient
EnableWindow
PostMessageW
wsprintfA
GetWindowTextLengthW
LoadIconW
LoadStringW
MapDialogRect
SetDlgItemTextW
GetWindowLongW
SetFocus
IsDlgButtonChecked
SetWindowLongW
EndDialog
EmptyClipboard
SendMessageW
LoadCursorW
MessageBoxA
ShowWindow
SetClipboardData
SystemParametersInfoW
MessageBoxW
CheckDlgButton
GetDlgItem
GetFocus
SetWindowTextW
MoveWindow

advapi32

CryptDestroyHash
CryptHashData
CryptEncrypt
CloseServiceHandle
CryptDestroyKey
CryptGetHashParam
CryptReleaseContext
CryptImportKey
CryptAcquireContextW
CryptCreateHash

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertOpenStore
CertCreateCertificateChainEngine
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertGetCertificateChain
CryptStringToBinaryW
CertEnumCertificatesInStore
PFXImportCertStore
CertFindExtension
CertAddCertificateContextToStore
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptDecodeObjectEx

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
freeaddrinfo
WSAWaitForMultipleEvents
getsockopt
send
getaddrinfo
WSAIoctl
WSACloseEvent
socket
WSACreateEvent
WSAEnumNetworkEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAEventSelect
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSAResetEvent

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

907753358094ab91cae93bbe63f8c58a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

de:20:85:c3:8b:64:d5:17:55:45:7c:ee:35:ac:ca:20:3e:30:1e:78:f5:f0:a7:66:5e:57:88:cc:16:5e:98:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 277KB - Virtual size: 276KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 95KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

de:20:85:c3:8b:64:d5:17:55:45:7c:ee:35:ac:ca:20:3e:30:1e:78:f5:f0:a7:66:5e:57:88:cc:16:5e:98:f0
Signer

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 277KB - Virtual size: 276KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 95KB