file_ca5b492b26f845ebba9a30fd196f5fb7_2024-04-19_12_51_00_076000 (1)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

file_ca5b492b26f845ebba9a30fd196f5fb7_2024-04-19_12_51_00_076000 (1).zip
Size

1.6MB
MD5

e4ebce85c79c2b329c57fe812c4849fb
SHA1

c40f3bf8314b35de918fcd3042e8a8ac95092a18
SHA256

8646f5a8260991a3e4a6f6ff4825dd94a1b7fe951fd5a091841d4d14e42d1510
SHA512

5f102a868ab24116d4ec3152bd25c394932c089ef8e448ed552ddf8b2a267b359702cf2e18ca4d1fc8ebaa8f7658f84779b308de2d62c71a2c5b2c8062719d75
SSDEEP

24576:dufB6rTk+Tmza3BDM7IqJKxKCNZZL/HqwVDRmmjbMkXEmAkCl3tZdunIGVo:dgB6rw++a3Bl3ZewpxjvXEbKo

Score

1^/10

Malware Config

Signatures

Files

file_ca5b492b26f845ebba9a30fd196f5fb7_2024-04-19_12_51_00_076000 (1).zip
.zip
entry_1_0/Setup_20.1_win64.exe
.exe windows:6 windows x64 arch:x64

5842498648e6235b14c52019b9eb5c2b

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:af:94:78:fb:32:b9:1e:1f:17:fb:94:bc:a8:de:c3
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

31-05-2022 10:39

Not After

31-05-2023 10:39

Subject

CN=Open Source Developer\, Derick Payne,O=Open Source Developer,L=George,C=ZA,1.2.840.113549.1.9.1=#0c13696e666f4072697a6f6e65736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-07-2022 08:56

Not After

27-07-2033 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:0d:33:61:ba:d7:f3:ef:85:84:e6:42:f6:a6:07:b8:0c:d1:44:4a:76:c5:3d:da:65:64:47:d5:41:cd:3b:3e
Signer

Actual PE Digest

00:0d:33:61:ba:d7:f3:ef:85:84:e6:42:f6:a6:07:b8:0c:d1:44:4a:76:c5:3d:da:65:64:47:d5:41:cd:3b:3e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Rizonesoft\Develop\Notepad3\Bin\Release_x64_v143\Notepad3.pdb

Imports

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetNtVersionNumbers
RtlVirtualUnwind
VerSetConditionMask
RtlUnwind

comctl32

ord413
ord410
ImageList_AddMasked
ord8
ImageList_Create
ImageList_Destroy
ord412
InitMUILanguage
InitCommonControlsEx
ImageList_ReplaceIcon
ord381
ImageList_GetIcon

shlwapi

StrCmpNIA
StrFormatByteSizeEx
StrCSpnA
ord157
PathCreateFromUrlW
StrChrIW
UrlIsW
StrSpnW
PathFindFileNameW
PathRemoveExtensionW
StrStrA
StrCmpNA
StrChrA
StrStrIA
StrTrimA
StrCmpLogicalW
UrlCreateFromPathW
StrChrIA
StrRetToBufW
PathMatchSpecW
StrToIntExW
SHAutoComplete
StrStrIW
StrStrW
StrTrimW
StrDupW
StrCmpW
StrCmpNIW
StrCmpIW
PathIsUNCW
PathIsRelativeW
StrRChrW
PathStripToRootW
StrChrW

user32

PostQuitMessage
RegisterWindowMessageW
UpdateWindow
IsIconic
LoadMenuW
GetMenuItemCount
LoadStringA
LoadStringW
SetMenu
DispatchMessageW
PeekMessageW
TranslateMessage
IsCharAlphaNumericA
CharLowerA
IsCharLowerW
GetKeyState
CharUpperW
CharLowerW
GetMenu
DestroyWindow
GetActiveWindow
IsWindow
GetCapture
SetTimer
CloseClipboard
IsCharLowerA
EmptyClipboard
GetDoubleClickTime
IsCharUpperA
SetFocus
CharNextW
GetClipboardData
SetClipboardData
GetComboBoxInfo
CheckMenuItem
IsClipboardFormatAvailable
KillTimer
GetSysColorBrush
EnableMenuItem
ReleaseCapture
ChildWindowFromPoint
IsCharUpperW
GetWindowLongW
GetWindowTextLengthW
DrawAnimatedRects
DeferWindowPos
GetSystemMenu
FindWindowExW
GetWindowRect
GetFocus
GetDC
SetWindowPos
CheckRadioButton
GetPropW
CopyImage
MonitorFromRect
MonitorFromWindow
SetActiveWindow
MessageBoxExW
SetWindowLongPtrW
GetIconInfo
CallNextHookEx
RemovePropW
SetWindowTextW
GetWindowDC
CreatePopupMenu
GetWindowLongPtrW
GetWindowPlacement
TrackPopupMenu
BeginDeferWindowPos
DrawMenuBar
GetClassNameW
TranslateAcceleratorW
MonitorFromPoint
SystemParametersInfoA
CreateIconIndirect
InflateRect
AdjustWindowRectEx
DrawTextW
DrawTextA
CallWindowProcW
GetAncestor
NotifyWinEvent
GetScrollInfo
SetScrollInfo
PtInRect
SetCaretPos
ShowCaret
HideCaret
OffsetRect
GetDlgItemTextA
GetMonitorInfoW
GetDlgCtrlID
ClientToScreen
SetMenuItemInfoW
CharPrevW
MapWindowPoints
SetWindowPlacement
GetSysColor
DialogBoxIndirectParamW
IsWindowEnabled
UnhookWindowsHookEx
DestroyMenu
SetLayeredWindowAttributes
DestroyCaret
CreateCaret
ValidateRect
GetMenuStringW
IsCharAlphaNumericW
LoadCursorW
EndDeferWindowPos
SetWindowsHookExW
InsertMenuW
SetCursor
GetDlgItemInt
SetWindowLongW
GetClientRect
IsZoomed
AppendMenuW
SetRect
DrawIconEx
GetDesktopWindow
CreateDialogIndirectParamW
SetDlgItemInt
SetForegroundWindow
LoadImageW
ReleaseDC
BeginPaint
EndPaint
EnableWindow
GetWindowTextW
SetPropW
SystemParametersInfoW
GetSystemMetrics
SetCursorPos
GetCursorPos
CharUpperBuffW
PostMessageW
SendMessageW
EndDialog
ShowWindow
RedrawWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
GetParent
InvalidateRect
GetUpdateRgn
SetWindowCompositionAttribute
TrackPopupMenuEx
MsgWaitForMultipleObjects
RegisterClipboardFormatW
GetMessageTime
TrackMouseEvent
GetKeyboardLayout
DestroyCursor
SetCapture
GetCaretBlinkTime
GetMessageW
GetMenuItemInfoW
DefWindowProcW
ModifyMenuW
ShowWindowAsync
CheckMenuRadioItem
IsWindowVisible
SetClipboardViewer
FillRect
CreateWindowExW
ShowOwnedPopups
ScreenToClient
UnregisterClassW
RegisterClassExW
GetMenuBarInfo
LoadAcceleratorsW
GetSubMenu
IsDialogMessageW
DestroyIcon
ChangeClipboardChain
IsChild
CountClipboardFormats
FrameRect
SetMenuDefaultItem
GetForegroundWindow
MessageBeep
EnumWindows
OpenClipboard
GetMenuState

kernel32

SizeofResource
WaitForSingleObject
GetCurrentThreadId
FreeResource
Sleep
FormatMessageW
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GetFileSizeEx
GetTimeFormatEx
SetFileTime
GetDateFormatEx
lstrcmpA
GetLocalTime
LCMapStringW
lstrcmpiA
GetTickCount
GetFileTime
GetOEMCP
GetCPInfo
IsValidCodePage
GetCPInfoExW
GetACP
CreateEventW
SetEvent
ResetEvent
SetThreadUILanguage
GetUserPreferredUILanguages
ResolveLocaleName
SetProcessPreferredUILanguages
IsValidLocaleName
GetStartupInfoW
GlobalHandle
GetCommandLineW
lstrlenW
HeapLock
SignalObjectAndWait
SetErrorMode
GetTempPathW
HeapWalk
FindFirstChangeNotificationW
GetFileAttributesExW
TerminateThread
FindCloseChangeNotification
DeleteFileW
GetSystemInfo
FindResourceExW
VerifyVersionInfoW
SetCurrentDirectoryW
CreateProcessW
GetTempFileNameW
HeapUnlock
UnlockFileEx
GetDateFormatW
SetLastError
FindFirstFileW
FindNextFileW
FindClose
LCIDToLocaleName
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
MapViewOfFile
CreateFileMappingW
LocaleNameToLCID
UnmapViewOfFile
GetVersionExW
GetLocaleInfoW
GlobalSize
GetLocaleInfoA
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
VirtualQuery
RaiseException
LoadLibraryExW
GetModuleHandleW
CompareStringOrdinal
VirtualProtect
FlushFileBuffers
MulDiv
GetFileSize
LockFileEx
LocalFree
FindNextChangeNotification
TlsFree
ExitProcess
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
EnumSystemLocalesW
SetStdHandle
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetEndOfFile
GetLocaleInfoEx
SetEnvironmentVariableW
GetCurrentProcess
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
GetCurrentDirectoryW
LoadLibraryW
CloseHandle
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetEnvironmentVariableW
GetModuleFileNameW
GetFinalPathNameByHandleW
ExpandEnvironmentStringsW
GetLongPathNameW
SearchPathW
WideCharToMultiByte
GetLastError
HeapReAlloc
MultiByteToWideChar
HeapSize
GlobalUnlock
GetProcessHeap
GlobalLock
HeapAlloc
SetFilePointer
WriteFile
HeapFree
CompareStringW
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
FlsAlloc
FlsGetValue
FlsSetValue
TlsSetValue
FlsFree
InitializeCriticalSectionEx
EncodePointer
TlsAlloc
TlsGetValue
WriteConsoleW
IsValidLocale
GetTimeFormatW
GetUserDefaultLCID

gdi32

LineTo
GetTextMetricsW
CreateFontW
EndDoc
StartPage
SetDIBits
GetDIBits
ExtTextOutW
CreateBitmap
CreateRectRgn
CreateRectRgnIndirect
BitBlt
CreatePatternBrush
EnumFontFamiliesExW
CreatePen
GetTextExtentPoint32A
GetTextExtentExPointA
GetTextExtentExPointW
IntersectClipRect
RestoreDC
RoundRect
SaveDC
StretchBlt
GdiAlphaBlend
CreateDIBSection
ExtCreatePen
ExtTextOutA
Polygon
Polyline
MoveToEx
SetTextAlign
StartDocW
DPtoLP
EndPage
GetStockObject
GetTextExtentPoint32W
SetBkMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
SetMapMode
CreateFontIndirectW
Ellipse
DeleteObject
CreateSolidBrush
CombineRgn
SetBkColor
SetTextColor

comdlg32

PageSetupDlgW
PrintDlgW
ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
CheckTokenMembership
GetTokenInformation
IsTextUnicode
AccessCheck
OpenProcessToken
GetFileSecurityW
DuplicateToken
MapGenericMask

shell32

ShellExecuteW
SHAppBarMessage
SHGetFileInfoW
ShellExecuteExW
SHGetDataFromIDListW
SHGetDesktopFolder
SHAddToRecentDocs
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
DragFinish
SHOpenFolderAndSelectItems
ord155
SHParseDisplayName
SHGetPathFromIDListW
SHGetKnownFolderPath
SetCurrentProcessExplicitAppUserModelID
ord180
SHBrowseForFolderW

ole32

CLSIDFromProgID
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleInitialize
StringFromGUID2
CoCreateGuid
CoGetObjectContext
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
OleUninitialize
CoGetApartmentType

oleaut32

SysAllocStringLen
SysFreeString

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmSetCompositionFontW
ImmEscapeW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

Exports

Exports

CreateLexer
GetLexerCount
GetLexerFactory
GetLexerName
GetLibraryPropertyNames
GetNameSpace
LexerNameFromID
Scintilla_AdjustWindowRectForDpi
Scintilla_GetSystemMetricsForDpi
Scintilla_GetWindowDPI
Scintilla_InputCodePage
Scintilla_RegisterClasses
Scintilla_ReleaseResources
SetLibraryProperty

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 569KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

5842498648e6235b14c52019b9eb5c2b

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

24:af:94:78:fb:32:b9:1e:1f:17:fb:94:bc:a8:de:c3Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

00:0d:33:61:ba:d7:f3:ef:85:84:e6:42:f6:a6:07:b8:0c:d1:44:4a:76:c5:3d:da:65:64:47:d5:41:cd:3b:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

comctl32

shlwapi

user32

kernel32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data Size: 569KB - Virtual size: 653KB

.pdata Size: 75KB - Virtual size: 74KB

.idata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 781KB - Virtual size: 780KB

.reloc Size: 17KB - Virtual size: 17KB

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

24:af:94:78:fb:32:b9:1e:1f:17:fb:94:bc:a8:de:c3
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

00:0d:33:61:ba:d7:f3:ef:85:84:e6:42:f6:a6:07:b8:0c:d1:44:4a:76:c5:3d:da:65:64:47:d5:41:cd:3b:3e
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 569KB - Virtual size: 653KB

.pdata
Size: 75KB - Virtual size: 74KB

.idata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 781KB - Virtual size: 780KB

.reloc
Size: 17KB - Virtual size: 17KB