zip[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zip.exe
Size

300KB
MD5

8489bfe7b5ebd2db22adb7a4c86d656b
SHA1

f7465f50fa8acfa4a6f8b765621358b84e41f760
SHA256

f86c8d771210240308a7c1795fe7dfa524ee632a0d29c0455494cf2558ce1a53
SHA512

918c022bfd295cfeb1bf665eadd42720678321c36329a3e719da8b74c8fa7c27f5fb2233a38e563863eac4540d1b5e5733b77853435c6155a78a973ea879d6b5
SSDEEP

6144:9emIWncUsq/i4vo6cRwtf/STC47MSzISIJTc6TDzbF:gjccjai4vo6cRb+4QScSI7DbF

Score

1^/10

Malware Config

Signatures

Files

zip.exe
.exe windows:4 windows x86 arch:x86

81184a9f7e2b304efdf1fcfabdac9864

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/12/2019, 00:00

Not After

07/12/2022, 12:00

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US,1.2.840.113549.1.9.1=#0c126e6f7265706c7940766d776172652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/08/2018, 00:00

Not After

11/09/2021, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:9a:60:2a:28:63:2f:c0:52:47:74:23:b7:b4:f1:38:eb:4d:6a:aa:bb:f6:d9:d2:56:33:f8:e6:c5:dd:f1:f9
Signer

Actual PE Digest

96:9a:60:2a:28:63:2f:c0:52:47:74:23:b7:b4:f1:38:eb:4d:6a:aa:bb:f6:d9:d2:56:33:f8:e6:c5:dd:f1:f9

Digest Algorithm

sha256

PE Digest Matches

true

67:1b:1d:73:a4:a5:fa:ea:64:59:57:30:06:8a:e5:39:6f:82:0b:52
Signer

Actual PE Digest

67:1b:1d:73:a4:a5:fa:ea:64:59:57:30:06:8a:e5:39:6f:82:0b:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateFileA
GetCurrentProcess
GetVolumeInformationW
GetFileAttributesA
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
lstrlenA
FindFirstFileA
GetVersion
GetFileType
GetFileTime
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
ReadFile
SetConsoleMode
GetConsoleMode
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindNextFileA
GetDriveTypeA
lstrcmpiA
GetVolumeInformationA
SetFileAttributesA
FindClose
SetStdHandle
GetCurrentDirectoryA
SetEnvironmentVariableW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetDriveTypeW
ExitProcess
TerminateProcess
MoveFileA
lstrcpynA
HeapReAlloc
SetFilePointer
GetFileInformationByHandle
PeekNamedPipe
SetConsoleCtrlHandler
DuplicateHandle
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetStartupInfoA
LCMapStringA
LCMapStringW
RemoveDirectoryA
GetEnvironmentStrings
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CreatePipe
GetExitCodeProcess
GetProcAddress
SetEndOfFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetEnvironmentStringsW
RtlUnwind
GetCurrentDirectoryW
GetACP
GetOEMCP
CompareStringA
CompareStringW
GetCurrentProcessId
CreateProcessA
LoadLibraryA
GetLocaleInfoW
DeleteFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

user32

OemToCharA
CharToOemA

advapi32

GetSecurityDescriptorLength
GetKernelObjectSecurity
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81184a9f7e2b304efdf1fcfabdac9864

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3dCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

96:9a:60:2a:28:63:2f:c0:52:47:74:23:b7:b4:f1:38:eb:4d:6a:aa:bb:f6:d9:d2:56:33:f8:e6:c5:dd:f1:f9Signer

67:1b:1d:73:a4:a5:fa:ea:64:59:57:30:06:8a:e5:39:6f:82:0b:52Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 64KB - Virtual size: 383KB

.rsrc Size: 4KB - Virtual size: 800B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

96:9a:60:2a:28:63:2f:c0:52:47:74:23:b7:b4:f1:38:eb:4d:6a:aa:bb:f6:d9:d2:56:33:f8:e6:c5:dd:f1:f9
Signer

67:1b:1d:73:a4:a5:fa:ea:64:59:57:30:06:8a:e5:39:6f:82:0b:52
Signer

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 64KB - Virtual size: 383KB

.rsrc
Size: 4KB - Virtual size: 800B