virus[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

virus.zip
Size

447KB
MD5

e9b03d275269cd9487447f483893ae87
SHA1

751088d58e7fabd3f84fe55bcf160249d7f797b3
SHA256

3edc599416c045adc75cc108bdb3f3268a7888750987b03a2fd513e61d36e492
SHA512

ae387b017b9b0aa6148c57095ba710343b118cc7a98104b24f9afef31b0c50a58e42b09dc7282f22e67b265b0769e1b0fd62018cfc8edaa2fab1c372d8ff9aa8
SSDEEP

6144:/wDS9tSJoGE4x+Yw3+ee83zssL16re9MdJBzz7/eiGCcwhcV3mr2l8E/p/+F:/Kof4xZwve441e9+BH7/RSV3y2qE/pI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/version.dll

Files

virus.zip
.zip
USB Driver.exe
.exe windows:5 windows x86 arch:x86

12264006a4dd1735b47f82b81b998cfb

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3
Signer

Actual PE Digest

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dd\xcp\Silverlight\Desktop_RET\Sllauncher.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
GetKernelObjectSecurity
GetAclInformation
CreateRestrictedToken
CopySid
EqualSid
CreateProcessAsUserW
SetTokenInformation
LookupPrivilegeValueW
GetAce
InitializeAcl
AddAccessAllowedAce
IsValidSid
AddAce
GetLengthSid
GetSecurityDescriptorDacl
CreateWellKnownSid
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

kernel32

GetLastError
GetStartupInfoW
GetModuleFileNameW
GetCurrentProcess
IsDebuggerPresent
GetProcAddress
LoadLibraryW
FreeLibrary
GetCommandLineW
RemoveDirectoryW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateFileW
ReadFile
GetVersionExW
WriteFile
GetModuleHandleW
SetEnvironmentVariableW
SetFilePointer
GetFileSize
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
GlobalAddAtomW
GlobalGetAtomNameW
GetCurrentProcessId
lstrlenW
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThreadId
FreeResource
GetThreadLocale
FileTimeToSystemTime
MulDiv
LocalFree
FormatMessageW
GlobalFree
InterlockedDecrement
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFlags
lstrlenA
GetModuleHandleA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA

user32

GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
GetDesktopWindow
SetWindowPos
SetFocus
ReleaseCapture
TranslateAcceleratorW
ShowWindow
GetWindow
SetMenu
BringWindowToTop
GetLastActivePopup
GetMenu
SetRectEmpty
GetClassInfoW
CreatePopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
InsertMenuItemW
LoadAcceleratorsW
GetCapture
PeekMessageW
SetCursor
LoadIconW
GetKeyState
GetDlgCtrlID
SetWindowLongW
GetDlgItem
GetActiveWindow
GetWindowThreadProcessId
WinHelpW
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetSysColor
GetClassNameW
GetWindowPlacement
SystemParametersInfoA
PtInRect
CallWindowProcW
DefWindowProcW
SetWindowPlacement
DeferWindowPos
ScreenToClient
RegisterClassW
GetClassInfoExW
CreateWindowExW
SetForegroundWindow
TrackPopupMenu
CopyAcceleratorTableW
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
IsChild
SendDlgItemMessageA
SendDlgItemMessageW
IsWindowEnabled
InflateRect
GetMenuItemInfoW
IsDialogMessageW
SetWindowTextW
MoveWindow
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
RegisterClipboardFormatW
ClientToScreen
GetSysColorBrush
LoadCursorW
CharNextW
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
UnregisterClassW
CharUpperW
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
PostThreadMessageW
EndDialog
CreateDialogIndirectParamW
CopyRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
GetSystemMetrics
AdjustWindowRectEx
SetMenuDefaultItem
FlashWindow
DrawMenuBar
MonitorFromWindow
EnableMenuItem
SystemParametersInfoW
GetWindowInfo
IsZoomed
PostMessageW
LoadImageW
IsIconic
SetActiveWindow
GetWindowRect
GetSystemMenu
SetWindowRgn
UpdateWindow
MessageBoxW
RegisterWindowMessageW
WaitForInputIdle
EqualRect
GetWindowLongW
IntersectRect
OffsetRect
SetRect
IsWindow
IsRectEmpty
CheckMenuItem
IsWindowVisible
SendMessageW
EnableWindow
GetMonitorInfoW

gdi32

GetRgnBox
CreateCompatibleBitmap
CreateBitmap
GetClipBox
SetTextColor
CreateCompatibleDC
CreateRectRgnIndirect
GetMapMode
CreateSolidBrush
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
CreateRectRgn
CreateRoundRectRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetStockObject
DeleteObject
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SetBkColor

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathCombineW
PathRemoveFileSpecW
PathIsUNCW

shell32

DragFinish
DragQueryFileW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW

ole32

CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CoInitialize
CoUninitialize

comdlg32

GetFileTitleW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear

oledlg

OleUIBusyW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

GetWindowInterface

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.dll
.dll windows:6 windows x86 arch:x86

bba06cd9b37d9f8c468f3d4cfb581d99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
FindFirstFileW
FindNextFileW
GetDriveTypeW
SetFilePointer
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
OpenEventA
Sleep
CreateProcessW
GetModuleFileNameW
lstrcpyW
lstrcatW
lstrlenW
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
GetLastError
CopyFileW
MoveFileExW
GetCurrentProcessId
lstrcmpiW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameA
lstrcatA
lstrlenA
MoveFileW
GetCommandLineW
lstrcmpW
SetEndOfFile
GetStringTypeW
FlushFileBuffers
SetStdHandle
HeapQueryInformation
HeapSize
HeapReAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
DeleteFileW
ReadFile
HeapValidate
GetSystemInfo
GetCurrentThread
GetStdHandle
GetFileType
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetFileSizeEx
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
DecodePointer

user32

wsprintfW

shell32

CommandLineToArgvW

shlwapi

StrStrW
PathFileExistsW
StrStrIW
SHSetValueW

Exports

Exports

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 783KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12264006a4dd1735b47f82b81b998cfb

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

winspool.drv

shlwapi

shell32

ole32

comdlg32

oleaut32

oledlg

version

Exports

Exports

Sections

.text Size: 309KB - Virtual size: 308KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 34KB - Virtual size: 33KB

bba06cd9b37d9f8c468f3d4cfb581d99

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 783KB - Virtual size: 783KB

.rdata Size: 166KB - Virtual size: 166KB

.data Size: 4KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 4KB

.msvcjmc Size: 512B - Virtual size: 510B

.00cfg Size: 512B - Virtual size: 265B

.reloc Size: 27KB - Virtual size: 26KB

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

39:a8:7f:2c:17:9b:37:1d:56:82:0b:d3:25:97:53:ab:f8:18:85:d3
Signer

.text
Size: 309KB - Virtual size: 308KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 34KB - Virtual size: 33KB

.text
Size: 783KB - Virtual size: 783KB

.rdata
Size: 166KB - Virtual size: 166KB

.data
Size: 4KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 4KB

.msvcjmc
Size: 512B - Virtual size: 510B

.00cfg
Size: 512B - Virtual size: 265B

.reloc
Size: 27KB - Virtual size: 26KB