Office Professional Plus 2019[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Office Professional Plus 2019.rar
Size

1.9MB
MD5

fadd3b0232ce20282dfe6a6a6f77f908
SHA1

1ff67c40e4452af0ed1ced7d54546321fe9cc163
SHA256

f27aa0d6ff0f66331bff6d651567672b98c3f32ddcf5c7153924072308ad580f
SHA512

e8baaba608e7d140ec8d56f12ac104153686b02b86e5ec01d9fc7c18d4dfac14501b789f82582d7558c26cf5edd35e88ceaa83e7ea41e31a6f10894e0453ab90
SSDEEP

49152:L5vxWDPU+iuVTQQqrBd6huRjxNCm8m0VnpSPumsU8n+tQMji:HWDPU+iuV5gN7N8n6ql2QMji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Office Professional Plus 2019/Office Professional Plus 2019/Pacote Office Original.exe

Files

Office Professional Plus 2019.rar
.rar
Office Professional Plus 2019/Chave Licença Original/Chave Licença Original.bat
Office Professional Plus 2019/Office Professional Plus 2019/Pacote Office Original.exe
.exe windows:5 windows x64 arch:x64

829c76980f324ad1d7c91d3e2d93ccde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

F:\Office\Target\x64\ship\click2run\en-us.pre\Bootstrapper.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
CryptAcquireContextW
CryptReleaseContext
EventRegister
EventUnregister
EventWriteTransfer
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteTreeW
RegGetValueW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
AllocateAndInitializeSid
CreateWellKnownSid
EqualSid
FreeSid
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
RevertToSelf
LookupAccountNameW
ConvertSidToStringSidW
OpenThreadToken
EventWrite
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatusEx
SetServiceObjectSecurity
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAce
AddAccessDeniedAce
CheckTokenMembership
CopySid
GetLengthSid
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidA
CredWriteW
CreateProcessAsUserW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegNotifyChangeKeyValue
RegSetKeySecurity

kernel32

GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
CloseHandle
DeviceIoControl
GetModuleHandleA
GetProcAddress
CopyFileW
MoveFileExW
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Sleep
FreeLibrary
GetStringTypeExW
LCMapStringW
GetUserDefaultLCID
LocalFree
FormatMessageA
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
FlsGetValue
FlsSetValue
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetSystemTime
GetCPInfoExW
IsValidCodePage
GetUserDefaultLocaleName
GetCurrentProcessId
CreateEventExW
GetModuleHandleExW
GlobalMemoryStatusEx
RaiseException
GetModuleHandleW
GetVersionExW
GetStringTypeW
VerSetConditionMask
OpenProcess
VerifyVersionInfoW
TerminateProcess
CreateProcessW
GetTickCount64
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
SetErrorMode
GetComputerNameW
GetSystemDirectoryW
GetLogicalProcessorInformation
GetNativeSystemInfo
MulDiv
FormatMessageW
ReleaseMutex
WaitForSingleObjectEx
GetCommandLineW
ExpandEnvironmentStringsW
GlobalFree
ProcessIdToSessionId
WaitForMultipleObjects
GetCurrentThreadId
GetExitCodeThread
SignalObjectAndWait
GetLastError
SetWaitableTimerEx
CancelWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjectsEx
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetFileSizeEx
GetTempFileNameW
ReadFile
GetTempPathW
HeapFree
GetProcessHeap
GetTickCount
GetThreadLocale
SetEvent
FindFirstFileExW
CreateMutexW
ReleaseSemaphore
lstrcmpW
CreateMutexA
CreateEventA
OpenEventA
OpenMutexA
CreateSemaphoreA
OpenSemaphoreA
OpenFileMappingA
HeapAlloc
LocalAlloc
GetDiskFreeSpaceExW
DeleteFileA
GetTempPathA
WriteFile
GetExitCodeProcess
GetPriorityClass
GetTimeZoneInformation
IsValidLocale
QueryUnbiasedInterruptTime
LCMapStringEx
WaitForSingleObject
CreateEventW
CreateThread
OutputDebugStringA
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
SetThreadAffinityMask
IsProcessorFeaturePresent
QueryFullProcessImageNameW
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetThreadIOPendingFlag
IsDebuggerPresent
RtlCaptureStackBackTrace
ResetEvent
CreateMemoryResourceNotification
IsSystemResumeAutomatic
GetSystemPowerStatus
RtlCaptureContext
VirtualAlloc
VirtualFree
GetLongPathNameW
K32GetProcessMemoryInfo
GetOverlappedResult
FlushFileBuffers
CancelIoEx
GetFileType
SetFileInformationByHandle
GetFileInformationByHandleEx
GetDriveTypeW
GetLocaleInfoEx
LockResource
LCIDToLocaleName
LocaleNameToLCID
GetSystemDefaultLCID
GetProductInfo
LoadLibraryExA
VirtualQuery
GetSystemInfo
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
SetStdHandle
GetACP
ExitProcess
HeapReAlloc
HeapSize
GetConsoleCP
ReadConsoleW
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
CreateTimerQueue
InterlockedFlushSList
RtlUnwindEx
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
RtlLookupFunctionEntry
GetLocaleInfoW
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
DuplicateHandle
DecodePointer
EncodePointer
RtlPcToFileHeader
GetUserGeoID
OpenThread
lstrcmpA
WriteConsoleW
AllocConsole
AttachConsole
GetFileAttributesExW
CreateDirectoryW
GetCurrentDirectoryW
GetThreadTimes
GetCurrentThread
GetProcessTimes
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GetModuleFileNameW
CompareStringEx
IsWow64Process
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
FlsFree
GlobalAlloc
FlsAlloc
FreeConsole
GetStdHandle
GetProcessAffinityMask
GetLocalTime

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

cabinet

ord10
ord13
ord14

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

setupapi

SetupIterateCabinetW

ws2_32

WSAStartup
GetAddrInfoW
FreeAddrInfoW

iphlpapi

FreeMibTable
CreateSortedAddressPairs

gdi32

Rectangle
CreatePen
CreateFontW
SetTextColor
SetBkColor
GetStockObject
SelectObject
DeleteObject
GetDeviceCaps
SetDCPenColor
GetTextMetricsW
GetTextExtentPoint32W
CreateSolidBrush
SetDCBrushColor

gdiplus

GdipDrawImageRectRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipCreateSolidFill
GdipDeleteBrush
GdiplusStartup
GdipFree
GdipAlloc

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 558KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

829c76980f324ad1d7c91d3e2d93ccde

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

cabinet

wintrust

setupapi

ws2_32

iphlpapi

gdi32

gdiplus

rpcrt4

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 109KB - Virtual size: 307KB

.pdata Size: 179KB - Virtual size: 179KB

.didat Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 558KB - Virtual size: 560KB

.reloc Size: 148KB - Virtual size: 147KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 109KB - Virtual size: 307KB

.pdata
Size: 179KB - Virtual size: 179KB

.didat
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 558KB - Virtual size: 560KB

.reloc
Size: 148KB - Virtual size: 147KB