EYE CANDY -20240529T081423Z-001[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

EYE CANDY -20240529T081423Z-001.zip
Size

48.5MB
MD5

4b95c05305b20a9acc941101060f17f9
SHA1

db12d9d68723b1e9ffcca1ff0916b0c9937fc695
SHA256

8b79a8abc749ce7552acb07e1bee425222d0f5cb3935189865338cb47e4f0684
SHA512

1a909b07d64b0d9c5efbe143a8016c933e6b6df0b07acc67e087b32ae2360c4348dec88f85458498be5f4a3e5dbc9694ea2f232132bb5a3b22b554eb4a70238f
SSDEEP

786432:+ej7KNZoYM3IT5AdBOCPM+MD8zqvfAmG7l2hpoOmYPTwkX8fx9vNOOPx:+o7Kvos6O6h/Wvf86poBYEnlJ

Score

1^/10

Malware Config

Signatures

Files

EYE CANDY -20240529T081423Z-001.zip
.zip
EYE CANDY /eye-candy-7.0.0.1104.exe
.exe windows:5 windows x86 arch:x86

64a16d538c2a30a367b9364a4691a38b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:b4:24:06:59:ef:5c
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

04/08/2011, 19:49

Not After

04/08/2014, 19:49

Subject

CN=Alien Skin Software\, LLC,OU=Operations,O=Alien Skin Software\, LLC,L=Raleigh,ST=NC,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:ec:92:c6:24:51:4c:06:3f:50:39:2d:f0:49:06:cf:15:fe:e1:28
Signer

Actual PE Digest

f1:ec:92:c6:24:51:4c:06:3f:50:39:2d:f0:49:06:cf:15:fe:e1:28

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\Go Agent\pipelines\EyeCandy7\Eye Candy 7\installer\win\Release\Eye Candy 7 Installer.pdb

Imports

gdiplus

GdipCreateBitmapFromStream
GdipSetSmoothingMode
GdipDeletePen
GdipAlloc
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdiplusStartup
GdipCreatePen1
GdipDrawLineI
GdipCloneImage
GdipDrawImageRect
GdipCreateFromHDC
GdipDisposeImage

comctl32

ord17
InitCommonControlsEx

shlwapi

SHDeleteKeyW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCanonicalizeUrlW

kernel32

GetModuleHandleW
GetLastError
FindFirstFileW
FreeLibrary
MoveFileExW
CompareFileTime
CreateDirectoryW
WaitForSingleObject
WriteFile
LoadLibraryW
Sleep
GetFileAttributesW
GetModuleFileNameW
CreateFileW
GetProcAddress
FindClose
RemoveDirectoryW
FindNextFileW
GetFileTime
CloseHandle
DeleteFileW
SetFileAttributesW
GetVersionExW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
LockResource
GetCurrentProcess
GetTempPathW
OpenProcess
CompareStringW
GetCurrentThread
FormatMessageW
TlsAlloc
ExpandEnvironmentStringsW
SetFilePointer
SystemTimeToFileTime
SetFileTime
WideCharToMultiByte
ReadFile
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateProcessW
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
RtlUnwind
RaiseException
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
SetLastError
GetCurrentThreadId
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
ExitProcess
GetConsoleCP
TlsGetValue
TlsSetValue
TlsFree
GetConsoleMode
FlushFileBuffers
HeapCreate
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetStdHandle
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetLocaleInfoW
WriteConsoleW
SetEndOfFile
LocalFree
GetProcessHeap

user32

SetTimer
UpdateWindow
SetForegroundWindow
IsIconic
LoadAcceleratorsW
DispatchMessageW
MonitorFromRect
GetMonitorInfoW
PeekMessageW
SystemParametersInfoW
IsDialogMessageW
KillTimer
InvalidateRect
GetDlgCtrlID
SendDlgItemMessageW
SetFocus
TranslateMessage
CreateDialogParamW
ClientToScreen
GetWindowRect
PostQuitMessage
FillRect
LoadCursorW
GetClientRect
BeginPaint
SetPropW
RegisterClassExW
LoadIconW
GetWindowLongW
SetClassLongW
SetWindowLongW
GetSysColor
SetWindowPos
ShowWindow
GetSysColorBrush
IsWindow
CreateWindowExW
MessageBoxW
SendMessageW
EnableWindow
SetWindowTextW
GetPropW
DefWindowProcW
GetParent
GetMessageW
TranslateAcceleratorW
LoadStringW
GetShellWindow
GetWindowThreadProcessId
GetDlgItem
EndPaint

gdi32

CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
BitBlt

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
OpenThreadToken
ImpersonateSelf
DuplicateTokenEx
RevertToSelf

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
ord165
SHChangeNotify

ole32

StringFromGUID2
CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48.8MB - Virtual size: 48.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64a16d538c2a30a367b9364a4691a38b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

27:b4:24:06:59:ef:5cCertificate

Extended Key Usages

Key Usages

f1:ec:92:c6:24:51:4c:06:3f:50:39:2d:f0:49:06:cf:15:fe:e1:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

comctl32

shlwapi

version

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 218KB - Virtual size: 217KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 48.8MB - Virtual size: 48.8MB

.reloc Size: 94KB - Virtual size: 94KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

03:01
Certificate

27:b4:24:06:59:ef:5c
Certificate

f1:ec:92:c6:24:51:4c:06:3f:50:39:2d:f0:49:06:cf:15:fe:e1:28
Signer

.text
Size: 218KB - Virtual size: 217KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 48.8MB - Virtual size: 48.8MB

.reloc
Size: 94KB - Virtual size: 94KB