64a75f8e9d55c2416ad0d29a3a3070973fee8d5f931585d56f71877bb8220f78

Sharing

Copy URL Twitter E-mail

General

Target

64a75f8e9d55c2416ad0d29a3a3070973fee8d5f931585d56f71877bb8220f78
Size

401KB
MD5

9c23099f228a9b02b378ef3b74f0b5b9
SHA1

64971fc8aa91c6dfe3179a78e9e3413a19c9e952
SHA256

24755a85951e98e28b06468f830157cbe3e0e72a6c4afd6b1cf4b86b4f77e650
SHA512

650d39f4c6c1519f38594b89f56bd00e47485924129763e78327c1f0859ddc2c6c8e2e945a0cfe3171aabc97a649090c63be5772faffa2b710f5f6e147ac2a00
SSDEEP

12288:zXJvYqrhKcFfvl7EQTrekh+9DQK+KM98oOcxMl:z7rhKqvxTl4en/98Cxc

Score

1^/10

Malware Config

Signatures

Files

64a75f8e9d55c2416ad0d29a3a3070973fee8d5f931585d56f71877bb8220f78
.zip

Password: S1P@ssw0rd
Device/HarddiskVolume3/Users/User1/Desktop/64a75f8e9d55c2416ad0d29a3a3070973fee8d5f931585d56f71877bb8220f78/C/ProgramData/Sentinel/AFUCache/DW20.exe
.exe windows:4 windows x86 arch:x86

Password: S1P@ssw0rd

80d009a2872c8ea911107def4e55c922

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b9:5b:63:59:2e:ca:3a:9b:98:8f:a1:68:79:65:a0:53:d1:56:e0:ea
Signer

Actual PE Digest

b9:5b:63:59:2e:ca:3a:9b:98:8f:a1:68:79:65:a0:53:d1:56:e0:ea

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dw20.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceW
ReportEventW
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
GetUserNameA
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegDeleteValueA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumValueW
RegQueryInfoKeyW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
IsValidSid
CopySid
GetTokenInformation
OpenProcessToken
OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW

comctl32

ord17
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon

gdi32

SetTextColor
GetTextMetricsA
DeleteDC
RestoreDC
DeleteObject
GetTextFaceA
SelectObject
CreateFontA
GetDeviceCaps
SetMapMode
SaveDC
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
SetTextAlign
CreateFontIndirectA
GetObjectA
SetBkMode
ExtTextOutW

kernel32

GetUserDefaultLangID
GetACP
GetSystemDefaultLCID
FreeLibrary
MultiByteToWideChar
GetProcAddress
GetVersionExW
GetVersionExA
GetModuleFileNameW
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
GetModuleHandleA
lstrcpynA
SetEvent
CreateProcessW
ExpandEnvironmentStringsW
CreateFileMappingA
GetFileSize
CreateFileA
UnmapViewOfFile
CreateFileW
GetTickCount
WideCharToMultiByte
WriteFile
SetFilePointer
GetTempPathW
GetFileAttributesW
SetEndOfFile
IsDBCSLeadByte
GetSystemDirectoryA
SetThreadPriority
CreateRemoteThread
GetSystemDefaultUILanguage
LoadLibraryExA
SetEnvironmentVariableA
CreateDirectoryW
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
GetLocalTime
FindClose
FindNextFileW
FindFirstFileW
GetComputerNameA
SetPriorityClass
SuspendThread
ExitThread
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
LocalFree
GetSystemWindowsDirectoryW
MoveFileW
lstrcmpiW
GetLongPathNameW
GetSystemDefaultLangID
GlobalFree
GlobalAlloc
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentThread
LocalAlloc
GetLocaleInfoA
GetVersion
GetShortPathNameA
OpenEventA
CreateEventA
OpenSemaphoreA
CreateSemaphoreA
OpenMutexA
CreateMutexA
GetProcessTimes
GetModuleHandleW
SetFileAttributesW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
GetUserDefaultLCID
CompareStringW
IsValidCodePage
GetStringTypeExW
IsValidLocale
DuplicateHandle
GetThreadSelectorEntry
TerminateThread
HeapCreate
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LoadLibraryW
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
GetStartupInfoA
ResumeThread
GetCurrentThreadId
OutputDebugStringA
DebugBreak
LoadLibraryA
GetModuleFileNameA
MulDiv
SetLastError
SetUnhandledExceptionFilter
GetCurrentProcessId
GetLastError
CloseHandle
CreateThread
DeleteFileW
TerminateProcess
GetCurrentProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
MapViewOfFile
GetCommandLineW
GetShortPathNameW
OpenProcess

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromIID
CoTaskMemFree

oleaut32

VariantTimeToDosDateTime
SysAllocString
SysFreeString
SystemTimeToVariantTime
SysStringLen

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
time
memmove
tolower
ceil
strchr
wcschr
_except_handler3

rpcrt4

UuidCreate

shell32

ShellExecuteExA
SHGetSpecialFolderPathW
ExtractIconExA

shlwapi

wnsprintfA
AssocQueryStringW
UrlGetPartA
wvnsprintfA
wnsprintfW

urlmon

CreateURLMoniker

user32

IsWindowVisible
GetDlgCtrlID
IsWindow
CreateDialogIndirectParamA
MapDialogRect
CallWindowProcA
CallWindowProcW
LoadBitmapA
EnumWindows
GetWindowThreadProcessId
IsIconic
GetWindowPlacement
DestroyIcon
GetForegroundWindow
FlashWindowEx
GetFocus
SetScrollInfo
SystemParametersInfoA
GetScrollInfo
SetDlgItemTextA
IsDlgButtonChecked
LoadStringA
SetFocus
CheckDlgButton
DestroyWindow
EndDialog
MoveWindow
GetSysColor
EnableWindow
GetWindow
PostMessageA
CreateDialogParamW
SetWindowTextA
GetDC
MapWindowPoints
GetSysColorBrush
FillRect
ReleaseDC
SetWindowLongA
LoadIconA
GetSystemMetrics
SetForegroundWindow
GetWindowLongA
GetWindowRect
SetWindowPos
DialogBoxParamA
RegisterClassExA
CreateWindowExA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
KillTimer
SetTimer
DefWindowProcA
SendMessageA
SetWindowTextW
DrawFocusRect
SetRectEmpty
DrawTextW
DrawTextA
GetWindowLongW
SendMessageW
IsWindowUnicode
GetClassNameA
GetParent
UpdateWindow
SendDlgItemMessageA
SendMessageTimeoutA
GetClientRect
SetCursor
InvalidateRect
LoadCursorA
ShowWindow
LoadStringW
DrawIconEx
GetDlgItem
EnumDisplayMonitors
DialogBoxParamW

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFileExA
InternetWriteFile
HttpSendRequestExA
HttpOpenRequestA
InternetOpenA
InternetSetStatusCallback
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpEndRequestA
InternetConnectA

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 196KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1P@ssw0rd

Password: S1P@ssw0rd

80d009a2872c8ea911107def4e55c922

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

b9:5b:63:59:2e:ca:3a:9b:98:8f:a1:68:79:65:a0:53:d1:56:e0:eaSigner

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

gdi32

kernel32

oleacc

ole32

oleaut32

msvcrt

rpcrt4

shell32

shlwapi

urlmon

user32

version

wininet

Sections

.text Size: 387KB - Virtual size: 387KB

.data Size: 196KB - Virtual size: 351KB

.rsrc Size: 80KB - Virtual size: 148KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

b9:5b:63:59:2e:ca:3a:9b:98:8f:a1:68:79:65:a0:53:d1:56:e0:ea
Signer

.text
Size: 387KB - Virtual size: 387KB

.data
Size: 196KB - Virtual size: 351KB

.rsrc
Size: 80KB - Virtual size: 148KB