d6e6b4cc367d2870e59674ecfb09718725da12b0e5505457dd92a1c2425edb22[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d6e6b4cc367d2870e59674ecfb09718725da12b0e5505457dd92a1c2425edb22.zip
Size

1.2MB
MD5

78838f5119a3229f8742fb24a70a482e
SHA1

cdc990105379c5cdc9cb55b7526df5e23a4a7579
SHA256

d6e6b4cc367d2870e59674ecfb09718725da12b0e5505457dd92a1c2425edb22
SHA512

42ee081ef26d7ceda53cde841c56d92dab26e96760f23ee10f4236ba709609f1960f605e417c9edad6f8e652f66141399532ffff3a2af66914eb362adc07a6d5
SSDEEP

6144:KzGFLOWv+5GX+FYTGSAXst+lVmmBtHzqpyQBzbdDIVS+s:KzwOm+5GuFmGXcKYmBtHzqDPWSz

Score

1^/10

Malware Config

Signatures

Files

d6e6b4cc367d2870e59674ecfb09718725da12b0e5505457dd92a1c2425edb22.zip
.zip
Places to visit.scr
.exe windows:5 windows x86 arch:x86

0d0280f45c49ac1fba17f4aad1a0c59d

Code Sign

15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:df
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

18-12-2023 20:19

Not After

17-12-2024 20:19

Subject

SERIALNUMBER=50103549581,CN=GL Solutions SIA,O=GL Solutions SIA,L=Lielvārde,ST=Lielvārde Municipality,C=LV,1.3.6.1.4.1.311.60.2.1.3=#13024c56,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19-02-2024 16:18

Not After

16-02-2034 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:a4:cb:8a:11:9c:6f:99:b7:25:a4:d8:b4:3e:36:13:74:e7:25:b7:23:0f:83:eb:89:a0:b8:23:0c:74:33:53
Signer

Actual PE Digest

ca:a4:cb:8a:11:9c:6f:99:b7:25:a4:d8:b4:3e:36:13:74:e7:25:b7:23:0f:83:eb:89:a0:b8:23:0c:74:33:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\tiveruxo\40\recotap cazur\voruyizocoy\89.pdb

Imports

kernel32

FindVolumeClose
GetNumaProcessorNode
GetLocaleInfoA
GetUserDefaultLCID
GetNumberFormatA
GlobalFindAtomA
LoadLibraryW
ReadConsoleInputA
ReadProcessMemory
WriteConsoleW
GetModuleFileNameW
GetCompressedFileSizeA
SetThreadLocale
GetStdHandle
GetLastError
ChangeTimerQueueTimer
VirtualAlloc
GetThreadContext
LocalAlloc
CreateHardLinkW
GetExitCodeThread
AddAtomW
RemoveDirectoryW
SetCommMask
GetOEMCP
FindFirstChangeNotificationA
VirtualProtect
SetCalendarInfoA
GetWindowsDirectoryW
GetCurrentProcessId
AddConsoleAliasA
SetFileAttributesW
GetVolumeInformationW
CreateThread
CreateFileW
CopyFileA
DebugActiveProcess
OutputDebugStringW
FlushFileBuffers
SetStdHandle
ReadFile
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
HeapFree
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP
GetCurrentThreadId
IsDebuggerPresent
GetFileType
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
CloseHandle
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LoadLibraryExW

user32

GetMenuItemID

gdi32

GetCharacterPlacementW

ole32

CoMarshalHresult

winhttp

WinHttpReadData

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 201KB - Virtual size: 41.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d0280f45c49ac1fba17f4aad1a0c59d

Code Sign

15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:dfCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

ca:a4:cb:8a:11:9c:6f:99:b7:25:a4:d8:b4:3e:36:13:74:e7:25:b7:23:0f:83:eb:89:a0:b8:23:0c:74:33:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

winhttp

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 201KB - Virtual size: 41.1MB

.rsrc Size: 101KB - Virtual size: 101KB

15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:df
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

ca:a4:cb:8a:11:9c:6f:99:b7:25:a4:d8:b4:3e:36:13:74:e7:25:b7:23:0f:83:eb:89:a0:b8:23:0c:74:33:53
Signer

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 201KB - Virtual size: 41.1MB

.rsrc
Size: 101KB - Virtual size: 101KB