General

Malware Config

Signatures

Files

• Archive.zip

  .zip
• )}ì~)J0ø‰º!ò@x&ÚâØaßHÍôõ.exe

  .exe windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 202KB - Virtual size: 202KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 3KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 12B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 48B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 384KB - Virtual size: 384KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• 2019-09-02_22-41-10.exe

  .exe windows:5 windows x86 arch:x86

  0b940f4d2992021389a241ab8513fc6b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\huzufawapijoh_fabujavonud39_mihugimosomofexepag-vatipado.pdb

  Imports

  kernel32

  DuplicateHandle

  lstrcatA

  ExitThread

  GetModuleHandleA

  GetLastError

  CloseHandle

  LocalAlloc

  GetProcAddress

  WTSGetActiveConsoleSessionId

  GlobalFix

  GetTickCount

  GetCurrencyFormatA

  LocalShrink

  lstrlenA

  PeekConsoleInputW

  GetHandleInformation

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  GetModuleHandleW

  EncodePointer

  RaiseException

  SetLastError

  RtlUnwind

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  LoadLibraryExW

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  MultiByteToWideChar

  WideCharToMultiByte

  ExitProcess

  GetModuleHandleExW

  GetACP

  HeapFree

  HeapAlloc

  LCMapStringW

  GetFileType

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  ReadFile

  SetFilePointerEx

  GetStringTypeW

  ReadConsoleW

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  GetProcessHeap

  DecodePointer

  CreateFileW

  WriteConsoleW

  HeapSize

  HeapReAlloc

  SetEndOfFile

  advapi32

  CreateProcessAsUserA

  AdjustTokenPrivileges

  Sections

  .text

  Size: 120KB - Virtual size: 119KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 110KB - Virtual size: 110KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 4.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• file (1).exe

  .exe windows:6 windows x64 arch:x64

  f6df573862725a7261d77e9eebaebd3a

  
  

  Code Sign

  10:09:14:04:5e:a7:b9:84:46:f2:30:f4:af:c1:c8:12

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  10-05-2024 11:17

  Not After

  10-05-2025 11:17

  Subject

  CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  03-05-2023 00:00

  Not After

  02-08-2034 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:2f:4e:99:fa:ad:57:e8:3c:ad:a6:f9:b4:e4:70:c0:ee:fe:df:ee:55:f4:e6:22:0f:4a:45:95:92:7b:b1:85

  Signer

  Actual PE Digest

  0e:2f:4e:99:fa:ad:57:e8:3c:ad:a6:f9:b4:e4:70:c0:ee:fe:df:ee:55:f4:e6:22:0f:4a:45:95:92:7b:b1:85

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  advapi32

  RegCloseKey

  RegEnumKeyExW

  RegEnumValueW

  RegOpenKeyExW

  RegQueryValueExW

  RegSetValueExW

  RegSetValueExA

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetTokenInformation

  DuplicateTokenEx

  OpenThreadToken

  RevertToSelf

  ImpersonateLoggedOnUser

  CheckTokenMembership

  EventWrite

  EventRegister

  EventEnabled

  bcrypt

  BCryptGenerateSymmetricKey

  BCryptGenRandom

  BCryptOpenAlgorithmProvider

  BCryptDestroyKey

  BCryptCloseAlgorithmProvider

  kernel32

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  EncodePointer

  CloseThreadpoolIo

  MultiByteToWideChar

  GetStdHandle

  TzSpecificLocalTimeToSystemTime

  SystemTimeToFileTime

  FileTimeToSystemTime

  GetSystemTime

  GetCalendarInfoEx

  CompareStringOrdinal

  CompareStringEx

  FindNLSStringEx

  GetLocaleInfoEx

  ResolveLocaleName

  GetUserPreferredUILanguages

  FindStringOrdinal

  GetTickCount64

  GetCurrentProcess

  GetCurrentThread

  WaitForSingleObject

  Sleep

  CreateThreadpoolWork

  CloseThreadpoolWork

  SubmitThreadpoolWork

  CreateThreadpoolWait

  SetThreadpoolWait

  WaitForThreadpoolWaitCallbacks

  CloseThreadpoolWait

  DeleteCriticalSection

  LocalFree

  EnterCriticalSection

  SleepConditionVariableCS

  LeaveCriticalSection

  WakeConditionVariable

  QueryPerformanceCounter

  InitializeCriticalSection

  InitializeConditionVariable

  WaitForMultipleObjectsEx

  GetLastError

  QueryPerformanceFrequency

  SetLastError

  GetFullPathNameW

  GetLongPathNameW

  WideCharToMultiByte

  LocalAlloc

  GetConsoleOutputCP

  GetProcAddress

  RaiseFailFastException

  CreateThreadpoolIo

  StartThreadpoolIo

  CancelThreadpoolIo

  LocaleNameToLCID

  LCMapStringEx

  EnumTimeFormatsEx

  EnumCalendarInfoExEx

  CopyFileExW

  CreateDirectoryW

  CreateFileW

  DeleteFileW

  DeleteVolumeMountPointW

  CreateSymbolicLinkW

  DeviceIoControl

  ExpandEnvironmentStringsW

  FindNextFileW

  FindClose

  FindFirstFileExW

  FlushFileBuffers

  FreeLibrary

  GetCurrentDirectoryW

  GetFileAttributesExW

  GetFileInformationByHandle

  GetFileInformationByHandleEx

  GetFileType

  GetFinalPathNameByHandleW

  GetLogicalDrives

  GetModuleFileNameW

  GetOverlappedResult

  GetSystemDirectoryW

  GetVolumeInformationW

  LoadLibraryExW

  MoveFileExW

  ReadFile

  RemoveDirectoryW

  ReplaceFileW

  SetFileAttributesW

  SetFileInformationByHandle

  SetFilePointerEx

  SetThreadErrorMode

  GetDynamicTimeZoneInformation

  GetTimeZoneInformation

  WriteFile

  GetCurrentProcessorNumberEx

  CloseHandle

  SetEvent

  CreateEventExW

  GetEnvironmentVariableW

  FormatMessageW

  CreateThread

  ResumeThread

  DuplicateHandle

  GetThreadPriority

  SetThreadPriority

  GetCPInfoExW

  GetConsoleMode

  WriteConsoleW

  GetConsoleWindow

  LoadLibraryA

  GetModuleHandleA

  FreeConsole

  AllocConsole

  VirtualAllocEx

  GetExitCodeProcess

  CreateProcessW

  TerminateProcess

  OpenProcess

  K32EnumProcesses

  GetProcessId

  QueryFullProcessImageNameW

  CreatePipe

  GetConsoleCP

  FlushProcessWriteBuffers

  GetCurrentThreadId

  WaitForSingleObjectEx

  VirtualQuery

  RtlRestoreContext

  AddVectoredExceptionHandler

  FlsAlloc

  FlsGetValue

  FlsSetValue

  CreateEventW

  SwitchToThread

  SuspendThread

  GetThreadContext

  SetThreadContext

  FlushInstructionCache

  VirtualAlloc

  VirtualProtect

  VirtualFree

  QueryInformationJobObject

  GetModuleHandleW

  GetModuleHandleExW

  GetProcessAffinityMask

  InitializeContext

  GetEnabledXStateFeatures

  SetXStateFeaturesMask

  InitializeCriticalSectionEx

  GetSystemTimeAsFileTime

  ResetEvent

  DebugBreak

  SleepEx

  GlobalMemoryStatusEx

  GetSystemInfo

  GetLogicalProcessorInformation

  GetLogicalProcessorInformationEx

  GetLargePageMinimum

  VirtualUnlock

  VirtualAllocExNuma

  IsProcessInJob

  GetNumaHighestNodeNumber

  GetProcessGroupAffinity

  K32GetProcessMemoryInfo

  RaiseException

  RtlPcToFileHeader

  RtlUnwindEx

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  InitializeSListHead

  GetCurrentProcessId

  ole32

  CoGetApartmentType

  CoTaskMemAlloc

  CoUninitialize

  CoTaskMemFree

  CoCreateGuid

  CoWaitForMultipleHandles

  CoInitializeEx

  user32

  LoadStringW

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  sin

  modf

  tan

  ceil

  cos

  floor

  pow

  api-ms-win-crt-heap-l1-1-0

  calloc

  malloc

  _callnewh

  _set_new_mode

  free

  api-ms-win-crt-string-l1-1-0

  strncpy_s

  _stricmp

  strcpy_s

  _wcsicmp

  strcmp

  wcsncmp

  api-ms-win-crt-runtime-l1-1-0

  _exit

  __p___argc

  _initterm_e

  terminate

  _crt_atexit

  _register_onexit_function

  _initialize_onexit_table

  exit

  _initterm

  _get_initial_wide_environment

  abort

  __p___wargv

  _register_thread_local_exe_atexit_callback

  _c_exit

  _cexit

  _seh_filter_exe

  _set_app_type

  _initialize_wide_environment

  _configure_wide_argv

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vsprintf_s

  __p__commode

  __stdio_common_vfprintf

  __stdio_common_vsscanf

  _set_fmode

  __acrt_iob_func

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Exports

  Exports

  DotNetRuntimeDebugHeader

  Sections

  .text

  Size: 461KB - Virtual size: 461KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .managed

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  hydrated

  Size: - Virtual size: 553KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 926KB - Virtual size: 926KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 69KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 115KB - Virtual size: 114KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 500B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .m4lw4r3

  Size: 11KB - Virtual size: 12KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE