ze[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ze.rar
Size

30.2MB
MD5

c55c40da6f64fb73001393a8b00f727b
SHA1

b09c17d794a335506dcc93b894ad0a176fe0e59f
SHA256

dc44cb81946f5fc54e7c3841462a56c91bf27722a8093b06199179993e34a08d
SHA512

8476abed0879e8afa9107b13df9cc001beb93d116b23d2efd1ae2fa386a4b1fe71c5702d2145ffeff4de552e778c736466be9a2d5f9a4fe00bd5d1e3e6ae934d
SSDEEP

786432:Zu/b7pK8IO3t3i05G2RrujH4kzhobeFp4J87AqJZJ:Ub7pKOVicG2Ryz48o6Fa/qrJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ze/rmp_dll.DLL
unpack001/ze/rmp_launcher.EXE

Files

ze.rar
.rar

Password: ggfsgdsfqdscsdvsd
ze/EP0000248680.exe
.exe windows:4 windows x86 arch:x86

Password: ggfsgdsfqdscsdvsd

e4f6f32c4810f43e2fdaf5f5968919dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:1d:53:63:be:f0:af:bf:01:73:32:12:30:3b:d7:ed
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-03-2011 00:00

Not After

27-03-2012 23:59

Subject

CN=Sony Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sec.5 General Engineering Dept. Biz Div.No.1 V&M Biz Gp NPSG,O=Sony Corporation,L=Azumino-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:9f:29:13:c5:c9:f9:f0:1c:25:94:52:fe:86:55:68:2f:c3:a0:78:6b:cd:a4:c2:b2:59:05:25:10:9a:35:4f
Signer

Actual PE Digest

f9:9f:29:13:c5:c9:f9:f0:1c:25:94:52:fe:86:55:68:2f:c3:a0:78:6b:cd:a4:c2:b2:59:05:25:10:9a:35:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

InstallerForVAIOUpdate.pdb

Imports

cabinet

ord23
ord22
ord20

kernel32

LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
ExitThread
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
MulDiv
GetModuleHandleW
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
GetProcAddress
GetSystemDefaultUILanguage
GetVersionExW
FindResourceW
LoadResource
SizeofResource
LockResource
FindResourceExW
lstrlenW
GetModuleFileNameW
FindFirstFileW
GetPrivateProfileStringW
FindClose
CreateDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
WaitForSingleObject
Sleep
MultiByteToWideChar
DeleteFileW
GetCurrentThreadId
SetFileAttributesW
TlsSetValue
TlsGetValue
GetTickCount
CreateFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetLastError
GetFileAttributesW
GetFileSize
TlsAlloc
lstrcmpW
DuplicateHandle
GetCurrentProcess
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrlenA
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetCurrentProcessId
WritePrivateProfileStringW
FormatMessageW
LocalFree
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
SetLastError
GetVersionExA
InterlockedDecrement
WideCharToMultiByte
CreateThread
lstrcpynW

user32

PostThreadMessageW
CharUpperW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
GetWindowThreadProcessId
SetCursor
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
EnableWindow
GetDC
UnregisterClassA
ReleaseDC
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClipboardFormatW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
GetClassInfoW
RegisterClassW
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
GetDesktopWindow
CharNextW
GetSystemMetrics
GetSystemMenu
PostMessageW
KillTimer
GetWindowRect
GetWindowInfo
GetTitleBarInfo
IsWindow
SendMessageW
LoadIconW
IsIconic
SetTimer
GetClientRect
DrawIcon
FillRect
MoveWindow
SystemParametersInfoW
FindWindowW
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
GetParent
AdjustWindowRectEx
GetSysColor

gdi32

SaveDC
RestoreDC
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
Escape
ExtTextOutW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
CreateRectRgnIndirect
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32W
CreateFontW
CreateSolidBrush
SelectObject
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
OleRun
CoCreateInstance
StringFromGUID2
CoUninitialize
CoCreateGuid
CoInitializeEx
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
SysAllocString
VariantInit
SysStringLen
VariantCopy
SysAllocStringLen
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
SysFreeString

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ze/rmp_dll.DLL
.dll windows:1 windows x86 arch:x86

Password: ggfsgdsfqdscsdvsd

1ed8bba52b5632dcd8548885e23d6c3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualProtect
lstrcmpW
GetModuleHandleA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ze/rmp_launcher.EXE
.exe windows:1 windows x86 arch:x86

Password: ggfsgdsfqdscsdvsd

c46ab5c6f7b486109dfe0375e37f3fbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateRemoteThread
ExitProcess
GetProcAddress
LoadLibraryA
ResumeThread
SuspendThread
WriteProcessMemory
CreateProcessA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: ggfsgdsfqdscsdvsd

Password: ggfsgdsfqdscsdvsd

e4f6f32c4810f43e2fdaf5f5968919dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

40:1d:53:63:be:f0:af:bf:01:73:32:12:30:3b:d7:edCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f9:9f:29:13:c5:c9:f9:f0:1c:25:94:52:fe:86:55:68:2f:c3:a0:78:6b:cd:a4:c2:b2:59:05:25:10:9a:35:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cabinet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 276KB - Virtual size: 272KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 40KB - Virtual size: 36KB

Password: ggfsgdsfqdscsdvsd

1ed8bba52b5632dcd8548885e23d6c3f

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

Password: ggfsgdsfqdscsdvsd

c46ab5c6f7b486109dfe0375e37f3fbb

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: 1KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

40:1d:53:63:be:f0:af:bf:01:73:32:12:30:3b:d7:ed
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f9:9f:29:13:c5:c9:f9:f0:1c:25:94:52:fe:86:55:68:2f:c3:a0:78:6b:cd:a4:c2:b2:59:05:25:10:9a:35:4f
Signer

.text
Size: 276KB - Virtual size: 272KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 40KB - Virtual size: 36KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: 1KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB