fe810f2f7406764ede9dbed620a2c029755bc3459d2712f6b2e45030edb8aa43

Sharing

Copy URL

Twitter E-mail

General

Target

fe810f2f7406764ede9dbed620a2c029755bc3459d2712f6b2e45030edb8aa43
Size

1.1MB
MD5

ae2cf34006cd7d4cf042ef8e877af056
SHA1

dca076917280fc158e55ccf1a8ff8dd90f191d67
SHA256

fe810f2f7406764ede9dbed620a2c029755bc3459d2712f6b2e45030edb8aa43
SHA512

8dff548b1bf4fa72cb1da2fbac211026822af8f2138766276699d18b6257f6403a6e1978fc691772d3672a4db02737bb1d991b2b3027fc7ba67d3395ec1f08f9
SSDEEP

24576:Gk7z4NhBS2NAI/E2vPUK+aRWNeYwaDlHQ9uK:cBS0A6sK+aRWRDtQAK

Score

1^/10

Malware Config

Signatures

Files

fe810f2f7406764ede9dbed620a2c029755bc3459d2712f6b2e45030edb8aa43
.exe windows:5 windows x86 arch:x86

fe6dcb35824e10d6ed9d6bc4fd8ed983

Code Sign

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-04-2016 00:00

Not After

12-04-2021 23:59

Subject

CN=ALCPU,O=ALCPU,POSTALCODE=67298,STREET=Snapir st. 1/12,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-08-2013 20:26

Not After

15-08-2023 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:fc:53:f9:7f:3a:3a:83:57:52:ab:f7:dc:20:92:d3:7e:28:26:2c:6b:24:2b:2e:ed:3e:d8:6a:c1:d6:13:7f
Signer

Actual PE Digest

ae:fc:53:f9:7f:3a:3a:83:57:52:ab:f7:dc:20:92:d3:7e:28:26:2c:6b:24:2b:2e:ed:3e:d8:6a:c1:d6:13:7f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\521483\out\Release\360zipUpdate.pdb

Imports

kernel32

WritePrivateProfileStringW
GlobalUnlock
FlushInstructionCache
GetTempPathW
RaiseException
GetPrivateProfileIntW
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
GlobalFree
FindClose
LockResource
CreateEventW
lstrcmpiW
FindNextFileW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
DeleteFileW
LocalFree
GetModuleFileNameA
CreateProcessW
MoveFileExW
OutputDebugStringW
OpenProcess
CloseHandle
CreateFileW
DeviceIoControl
GetCurrentProcessId
WaitForMultipleObjects
WideCharToMultiByte
SetFilePointer
SetEndOfFile
GetTickCount
WriteFile
ReadFile
GetFileSizeEx
lstrlenW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
MultiByteToWideChar
GetStringTypeA
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
CompareStringW
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
HeapSize
HeapReAlloc
GetModuleFileNameW
MulDiv
LeaveCriticalSection
GetVersionExW
SizeofResource
Sleep
LoadLibraryW
GetSystemDirectoryW
GlobalAlloc
InitializeCriticalSection
GetPrivateProfileStringW
GetModuleHandleW
SetEvent
InterlockedCompareExchange
WaitForSingleObject
ExitProcess
GlobalLock
GetSystemWindowsDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
FreeResource
FindFirstFileW
CreateMutexW
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetTempFileNameW
GetStringTypeW

user32

CreateDialogParamW
ShowWindow
SetWindowPos
EndDialog
SetWindowLongW
IsWindow
DefWindowProcW
CreateWindowExW
MessageBoxW
SendMessageW
GetDlgItem
MonitorFromWindow
ReleaseDC
PeekMessageW
GetWindowLongW
MapWindowPoints
SetWindowTextW
GetWindow
CallWindowProcW
GetActiveWindow
UnregisterClassA
DispatchMessageW
GetMonitorInfoW
UpdateLayeredWindow
IsDialogMessageW
CopyRect
GetWindowTextLengthW
GetWindowTextW
SetTimer
ScreenToClient
PostQuitMessage
TrackPopupMenu
PostMessageW
DrawTextW
KillTimer
SetForegroundWindow
GetWindowInfo
WindowFromPoint
GetForegroundWindow
LoadIconW
InvalidateRect
AppendMenuW
GetAncestor
GetDesktopWindow
GetCursorPos
CreatePopupMenu
FindWindowExW
GetSystemMetrics
IsWindowVisible
DestroyMenu
GetWindowThreadProcessId
GetShellWindow
EndPaint
DestroyWindow
GetWindowRect
GetMessageW
CharNextW
LoadImageW
DialogBoxParamW
GetParent
LoadCursorW
GetClientRect
BeginPaint
GetClassInfoExW
GetDC
TranslateMessage
RegisterClassExW

gdi32

CreateRectRgnIndirect
SetTextColor
CreateFontW
GetTextExtentPoint32W
SetBkMode
CreateSolidBrush
DeleteDC
GetDeviceCaps
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
SetStretchBltMode
CreateDIBSection
GetClipBox

advapi32

RegQueryValueExA
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

ord680
ShellExecuteExW
ord165
Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysStringLen
VariantClear
SysAllocStringByteLen
VariantInit
VarUI4FromStr
SysStringByteLen
SysFreeString

shlwapi

StrCmpIW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathCombineW
PathAppendW
PathFindFileNameW
PathIsRelativeW

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipCloneImage
GdiplusStartup
GdipFree
GdiplusShutdown
GdipCreateBitmapFromFile

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 227KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 887KB - Virtual size: 887KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe6dcb35824e10d6ed9d6bc4fd8ed983

Code Sign

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0eCertificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ae:fc:53:f9:7f:3a:3a:83:57:52:ab:f7:dc:20:92:d3:7e:28:26:2c:6b:24:2b:2e:ed:3e:d8:6a:c1:d6:13:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

version

gdiplus

psapi

Sections

.text Size: 227KB - Virtual size: 228KB

.rdata Size: 37KB - Virtual size: 40KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 887KB - Virtual size: 887KB

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0e
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ae:fc:53:f9:7f:3a:3a:83:57:52:ab:f7:dc:20:92:d3:7e:28:26:2c:6b:24:2b:2e:ed:3e:d8:6a:c1:d6:13:7f
Signer

.text
Size: 227KB - Virtual size: 228KB

.rdata
Size: 37KB - Virtual size: 40KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 887KB - Virtual size: 887KB