2394992-060211[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2394992-060211.zip
Size

4.3MB
MD5

e51e3c66d9f0d3ff4ea0c323b06de104
SHA1

10f78356263f8cd87e12999ca5c42c7b7cecbfae
SHA256

8e56e8c7c38a6344f35edc5040586c48e3ff8a62aeb919ea6ef6a1e9930bef71
SHA512

49431dbfd0df7a866d98a57bd5bba0eb0adba405922da3e3eace5dc05b7a89ffc4859d7e2ea504434af53455dbcbd1d236839f97ff359076ac51975c357959b2
SSDEEP

98304:O4Xe8bwiYMpWY+oi4kh6aWieaJxo5C0ithk9xtvE0776CZ:rXbppti4khte0o5w/k9xa07x

Score

1^/10

Malware Config

Signatures

Files

2394992-060211.zip
.zip
_356_959.msi
.msi
__
.exe windows:6 windows x64 arch:x64

6b902f111f53856eeee9024905a51f99

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:cc:e9:85:4e:3f:15:4f:f8:e6:2c:2c:e2:fd:e8:4d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/04/2021, 00:00

Not After

01/04/2023, 23:59

Subject

CN=Intel Corporation,OU=Intel(R) Connectivity Innovation,O=Intel Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:03:36:e7:bb:d8:73:79:a0:26:ef:2d:ae:08:cd:05:b8:8a:e1:d5:68:42:88:20:89:03:33:ee:17:81:d3:c3
Signer

Actual PE Digest

fd:03:36:e7:bb:d8:73:79:a0:26:ef:2d:ae:08:cd:05:b8:8a:e1:d5:68:42:88:20:89:03:33:ee:17:81:d3:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\workspace\wsg-cit\ABI-Integration\Killer_Release_3.1\src\Build\Release\Bin\x64\KAPS.pdb

Imports

kernel32

RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted
OOBEComplete
WTSGetActiveConsoleSessionId
GetSystemPowerStatus
GetCurrentProcess
GetVersionExW
GetCurrentThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
SetThreadInformation
SetProcessInformation
TerminateProcess
K32GetModuleFileNameExW
CreatePipe
GetFileAttributesW
GetComputerNameExW
OpenProcess
CreateToolhelp32Snapshot
GetTimeZoneInformation
Process32NextW
Process32FirstW
GetWindowsDirectoryW
CreateProcessW
GetSystemTimeAsFileTime
GetExitCodeProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
GetFileAttributesExW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetLocalTime
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileA
CreateFileA
GetFileAttributesA
CopyFileA
SetFilePointer
LockFile
WriteFile
ReadFile
TerminateThread
WaitForSingleObject
CloseHandle
FindClose
FindNextFileA
FindFirstFileA
QueryPerformanceCounter
GetCurrentProcessId
QueryPerformanceFrequency
GetComputerNameA
GetUserDefaultGeoName
GetGeoInfoEx
SystemTimeToFileTime
GetModuleHandleW
Sleep
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
GetModuleHandleExW
ResumeThread
ExitThread
RtlPcToFileHeader
lstrlenW
GetNamedPipeClientProcessId
FlushFileBuffers
ConnectNamedPipe
GetOverlappedResult
ResetEvent
ReadFileEx
GlobalFree
GlobalAlloc
SetEvent
DisconnectNamedPipe
WaitForMultipleObjectsEx
WriteFileEx
CreateNamedPipeW
CreateFileW
PeekNamedPipe
ReadConsoleW
UnlockFile
RtlUnwindEx
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InterlockedPopEntrySList
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
LocalFree
GetTickCount64
LocalAlloc
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLastError
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetProcAddress
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
GetStringTypeW
GetCurrentThreadId
TryEnterCriticalSection
OutputDebugStringW
IsDebuggerPresent

user32

PostQuitMessage
UpdateWindow
DispatchMessageW
PostMessageA
EnumWindows
FindWindowW
SetForegroundWindow
LoadStringW
GetMessageW
DefWindowProcW
CreateWindowExW
SendMessageW
UnregisterSuspendResumeNotification
RegisterClassExW
ShowWindow
RegisterSuspendResumeNotification
TranslateMessage
LoadCursorW
LoadIconW
GetWindowTextW

gdi32

CreateSolidBrush

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
CreateProcessAsUserW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyValueW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoCreateGuid
CoUninitialize
StringFromCLSID

oleaut32

SysFreeString

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
InitializeIpForwardEntry
DeleteIpForwardEntry2
GetIfTable
InitializeIpInterfaceEntry
DeleteIpForwardEntry
Icmp6SendEcho2
GetIpInterfaceEntry
CreateIpForwardEntry
GetIpForwardTable
GetTcp6Table
GetTcpTable
GetAdaptersInfo
GetAdaptersAddresses
FreeMibTable
GetIpNetTable2
CreateIpForwardEntry2
Icmp6CreateFile

ws2_32

InetNtopW
WSAGetLastError
setsockopt
getnameinfo
ioctlsocket
sendto
freeaddrinfo
htonl
socket
inet_addr
WSARecvFrom
WSACreateEvent
closesocket
WSAIoctl
bind
WSAStartup
inet_ntop
ntohl
getaddrinfo
WSACleanup

crypt32

CertNameToStrW
CryptQueryObject
CryptMsgGetParam

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhAddCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryW

wlanapi

WlanReasonCodeToString
WlanScan
WlanQueryInterface
WlanGetNetworkBssList
WlanDeleteProfile
WlanGetFilterList
WlanSaveTemporaryProfile
WlanGetInterfaceCapability
WlanGetProfile
WlanGetProfileList
WlanDisconnect
WlanGetAvailableNetworkList
WlanFreeMemory
WlanRegisterNotification
WlanCloseHandle
WlanEnumInterfaces
WlanOpenHandle
WlanSetInterface
WlanConnect
WlanSetProfile

netapi32

NetGetDCName
NetApiBufferFree

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSRegisterSessionNotification
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsA

wintrust

WinVerifyTrust

winhttp

WinHttpOpen
WinHttpAddRequestHeaders
WinHttpDetectAutoProxyConfigUrl
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReceiveResponse

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b902f111f53856eeee9024905a51f99

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

bf:cc:e9:85:4e:3f:15:4f:f8:e6:2c:2c:e2:fd:e8:4dCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

fd:03:36:e7:bb:d8:73:79:a0:26:ef:2d:ae:08:cd:05:b8:8a:e1:d5:68:42:88:20:89:03:33:ee:17:81:d3:c3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

crypt32

pdh

wlanapi

netapi32

userenv

wtsapi32

wintrust

winhttp

ntdll

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 673KB - Virtual size: 672KB

.data Size: 21KB - Virtual size: 37KB

.pdata Size: 82KB - Virtual size: 81KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 7KB - Virtual size: 6KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

bf:cc:e9:85:4e:3f:15:4f:f8:e6:2c:2c:e2:fd:e8:4d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

fd:03:36:e7:bb:d8:73:79:a0:26:ef:2d:ae:08:cd:05:b8:8a:e1:d5:68:42:88:20:89:03:33:ee:17:81:d3:c3
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 673KB - Virtual size: 672KB

.data
Size: 21KB - Virtual size: 37KB

.pdata
Size: 82KB - Virtual size: 81KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 7KB - Virtual size: 6KB