Adobe-GenP-Release[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Adobe-GenP-Release.zip
Size

115KB
MD5

59b9374c54c390cf765ddda7d2cb88b7
SHA1

9852f96afde025683224ccc47bca3f1b43032e7f
SHA256

550fa61895700e1189916d0146e3886e24d64755bb36aef8208a972f298191fa
SHA512

d5193ba5cf783b6001f6c35b418b2a1f70e404c8cccadda1353ee8df7df1802c0ac633457f91ab7d10cc0b190ece6429bfb6e7c5a9fc876715d41f0a1a4975db
SSDEEP

1536:dZTjqeYAX6Hdk6/ty4bo7kvdJd8+9E+bLY+U1Oq22nSXcx8u9GrIdjrVICyn9iXO:dZmeYAX69htekv/4+UkRwB3vICysnMmu

Score

1^/10

Malware Config

Signatures

Files

Adobe-GenP-Release.zip
.zip
Adobe-GenP-Release/AdobeGenP-3.2.1.au3
.ps1
Adobe-GenP-Release/README.md
Adobe-GenP-Release/RunAsTI.exe
.exe windows:4 windows x64 arch:x64

9b7a77472b758f560894cabfc7ab4b3d

Code Sign

17:dd:f1:7b:6c:1d:1a:59:b5:e0:e9:7a:39:f7:4c:af
Certificate

Issuer

CN=Nikzzzz Soft,C=RU

Not Before

31/12/2016, 21:00

Not After

31/12/2026, 21:00

Subject

CN=Nikzzzz Soft,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12
Signer

Actual PE Digest

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsstr
memcpy
wcscmp
wcslen

kernel32

GetModuleHandleW
HeapCreate
WTSGetActiveConsoleSessionId
GetModuleFileNameW
HeapDestroy
ExitProcess
GetCurrentProcess
CloseHandle
OpenProcess
GetLastError
RtlZeroMemory
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
InitializeCriticalSection
GetCommandLineW
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
GetCurrentDirectoryW
HeapReAlloc

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetLengthSid
OpenSCManagerW
OpenServiceW
StartServiceA
CloseServiceHandle
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority

user32

CharLowerW

Sections

.code
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Adobe-GenP-Release/Skull.ico
Adobe-GenP-Release/config.ini

Sharing

General

Malware Config

Signatures

Files

9b7a77472b758f560894cabfc7ab4b3d

Code Sign

17:dd:f1:7b:6c:1d:1a:59:b5:e0:e9:7a:39:f7:4c:afCertificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

Sections

.code Size: 6KB - Virtual size: 5KB

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1024B - Virtual size: 540B

.pdata Size: 512B - Virtual size: 504B

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

17:dd:f1:7b:6c:1d:1a:59:b5:e0:e9:7a:39:f7:4c:af
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:20:59:de:89:77:53:61:cf:4c:16:d6:68:74:07:62:fa:98:76:12
Signer

.code
Size: 6KB - Virtual size: 5KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1024B - Virtual size: 540B

.pdata
Size: 512B - Virtual size: 504B

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB