Awesome_Themes_New_2024[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Awesome_Themes_New_2024.zip
Size

11.0MB
MD5

8384b49ebae6ecc152566524a84aa729
SHA1

1b815b7ca1358c26e8d2f0a8e8c1f10c1fee00ef
SHA256

0332f75c2fd52c7573b97c4ef533122d7d715c89bade24c1192f50495f32e717
SHA512

dce59e8f1dadeeae5b62f94868a194979374a67d57ba9e3d21485ef19129dfd0c43b7f8d2daae9c783f63942411deeffb4d39722a72c8d854096cc3e258e53e5
SSDEEP

196608:xBPAsn2HAAaYzTPDDhpRekkQhzatIKA+3HJTc7+5bLabCqic9BAhhYee4:HPFqAOpMkJh4gGWbCqwhhYO

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hardcodet.Wpf.TaskbarNotification.dll
unpack001/MahApps.Metro.dll
unpack001/Microsoft.WindowsAPICodePack.Shell.dll
unpack001/Microsoft.WindowsAPICodePack.dll
unpack001/System.Windows.Interactivity.dll
unpack001/YLLibs.dll
unpack001/[Setup] Awesome_Themes_New_2024.exe
unpack001/wdmode.exe

Files

Awesome_Themes_New_2024.zip
.zip
ControlzEx.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:56:b4:9d:db:b3:fd:2c:23:6a:36:b2:ec:c0:d8:19
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

19-10-2022 00:00

Not After

18-10-2023 23:59

Subject

CN=Suining YiLong Software Store,O=Suining YiLong Software Store,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:55:8a:2d:ef:97:c9:f9:c2:82:6d:1d:f3:23:d9:a9:82:70:f4:c9
Signer

Actual PE Digest

f7:55:8a:2d:ef:97:c9:f9:c2:82:6d:1d:f3:23:d9:a9:82:70:f4:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\controlzex\src\ControlzEx\obj\Release\NET4\ControlzEx.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hardcodet.Wpf.TaskbarNotification.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Languages/Chinese(Simplified).png
.png
Languages/Chinese(Simplified).xml
Languages/English.png
.png
Languages/English.xml
Languages/Greek.txt
.ps1
Languages/Luganda.txt
.ps1
Languages/Polish.png
.png
Languages/Polish.xml
Languages/Portuguese (Brazil).png
.png
Languages/Portuguese (Brazil).xml
Languages/Russian.png
.png
Languages/Russian.xml
Languages/Turkish.xml
MahApps.Metro.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MahDefault
.7z
Microsoft.WindowsAPICodePack.Shell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Enlistments\WPFOOB\src\wpfoob\WindowsApiCodePack\Main\Win7\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.WindowsAPICodePack.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Enlistments\WPFOOB\src\wpfoob\WindowsApiCodePack\Main\Win7\WindowsAPICodePack\Core\obj\Release\Microsoft.WindowsAPICodePack.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Windows.Interactivity.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YLLibs.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\business\products\YLLibs\YLLibs\obj\Release\YLLibs.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZoneList
[Setup] Awesome_Themes_New_2024.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\NetDrive\Products\DynamicWallpaper\DynamicWallpaper\obj\Release\DynamicWallpaper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wdmode.exe
.exe windows:4 windows x86 arch:x86

15847eb10d7d06dcd5980e8a9b786fd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
SysAllocStringByteLen
VariantClear
VariantCopy
SysFreeString

user32

CharLowerA
CharUpperA
CharLowerW
CharPrevExA
CharNextA
CharUpperW

kernel32

SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
SetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
SearchPathW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CreateFileA
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
GetCurrentProcess
GetProcAddress
CompareFileTime
FileTimeToSystemTime
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
WaitForMultipleObjects
OpenEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetTickCount
GetProcessTimes
LocalFileTimeToFileTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TlsAlloc
SetUnhandledExceptionFilter
TerminateProcess
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCPInfo
GetACP
GetOEMCP

Sections

.text
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

91:56:b4:9d:db:b3:fd:2c:23:6a:36:b2:ec:c0:d8:19Certificate

Extended Key Usages

Key Usages

f7:55:8a:2d:ef:97:c9:f9:c2:82:6d:1d:f3:23:d9:a9:82:70:f4:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 173KB - Virtual size: 173KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 41KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 527KB - Virtual size: 527KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 101KB - Virtual size: 100KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 1KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

91:56:b4:9d:db:b3:fd:2c:23:6a:36:b2:ec:c0:d8:19
Certificate

f7:55:8a:2d:ef:97:c9:f9:c2:82:6d:1d:f3:23:d9:a9:82:70:f4:c9
Signer

.text
Size: 173KB - Virtual size: 173KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 527KB - Virtual size: 527KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 262KB - Virtual size: 262KB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 483KB - Virtual size: 483KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 27KB - Virtual size: 53KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 808B