572e965c8da11bec14fd27afc70c8ce36593cc78839ccc14fbf215f6a51732e0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

572e965c8da11bec14fd27afc70c8ce36593cc78839ccc14fbf215f6a51732e0.zip
Size

1.2MB
MD5

9ff1776c3c077179cb0a4ddbb3833ae0
SHA1

30faae106695a10e3a429cb16982f063e96e7488
SHA256

3ecadb4a2b52218df69913810e704f4263cea85ae3b613322381a0ad710f8a46
SHA512

08a0a26a30d34671b0d151b159cde106fe7c77cedcfc18965a811d8618a054a0feaa9973ed4f774a97aa30685e3cdd64f26bd93aa558e301f5c08d3c4804c6b2
SSDEEP

24576:4ghBltCgIoSReGWbfmFzJwywTW1NfCe6E7PxOOboyzkQFEPQ:NYTEFw1xLTgOb/YQFD

Score

1^/10

Malware Config

Signatures

Files

572e965c8da11bec14fd27afc70c8ce36593cc78839ccc14fbf215f6a51732e0.zip
.zip

Password: infected
572e965c8da11bec14fd27afc70c8ce36593cc78839ccc14fbf215f6a51732e0.bin
.exe windows:5 windows x86 arch:x86

Password: infected

ffaeb63df0bc66721574c300059754d6

Code Sign

31:e3:c5:1b:7e:20:01:70:bd:15:28:13:00:51:16:26
Certificate

Issuer

CN=Hitachi-Omron Terminal Solutions Corp.,O=Hitachi-Omron Terminal Solutions Corp. C=jp

Not Before

26/11/2008, 07:08

Not After

30/12/9999, 15:00

Subject

CN=Hitachi-Omron Terminal Solutions Corp.,O=Hitachi-Omron Terminal Solutions Corp. C=jp

c8:f9:be:2d:02:e9:34:68:73:ef:fd:74:66:51:95:d3:2f:8c:46:78
Signer

Actual PE Digest

c8:f9:be:2d:02:e9:34:68:73:ef:fd:74:66:51:95:d3:2f:8c:46:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

transsub

ord8
ord2
ord4
ord1

kernel32

UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
Sleep
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
GetLocalTime
GetLogicalDrives
WideCharToMultiByte
SetHandleCount
SetCommTimeouts
SetCommState
GetCommState
CloseHandle
SetupComm
CreateFileW
WriteFile
PurgeComm
ClearCommError
ReadFile
FreeLibrary
GetOverlappedResult
GetLastError
CreateEventW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
DeviceIoControl
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateMutexW
SetEvent
WaitForSingleObject
TerminateProcess
GetCurrentDirectoryW
GlobalFree
GlobalAlloc
lstrcmpW
lstrlenW
FreeResource
GlobalUnlock
GlobalLock
SetLastError
DeactivateActCtx
ActivateActCtx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
HeapReAlloc
ExitProcess
RaiseException
HeapAlloc
CreateThread
ExitThread
HeapFree
FindFirstFileExW
GetDriveTypeW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
HeapCreate
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetNumberFormatW
GetWindowsDirectoryW
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiW
GetThreadLocale
DeleteFileW
lstrcpyW
GetSystemDirectoryW
GlobalGetAtomNameW
lstrlenA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
CopyFileW
GlobalSize
FormatMessageW
LocalFree
GetCurrentProcessId
ResumeThread
SetThreadPriority
lstrcmpA
GetCurrentThread
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
MulDiv
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
CompareStringW

user32

GetWindowRgn
DestroyCursor
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
SetClassLongW
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
LoadImageW
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
CreatePopupMenu
GetMenuDefaultItem
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
CharUpperW
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
KillTimer
SetTimer
InvalidateRect
DeleteMenu
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorW
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
GetMenuStringW
InsertMenuW
RemoveMenu
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostMessageW
GetSystemMetrics
GetClientRect
IsIconic
GetSystemMenu
AppendMenuW
DestroyWindow
IsWindow
SendMessageW
EnableWindow
DrawIcon
LoadIconW
DestroyMenu

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
GetDeviceCaps
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CopyMetaFileW
CreateDCW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
OffsetWindowOrgEx
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
ScaleViewportExtEx
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
GetPaletteEntries
SetWindowOrgEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreateRectRgn
SelectClipRgn
DeleteObject
SetBkColor
GetObjectW
CreateBitmap
SaveDC
CreateRoundRectRgn
RestoreDC
SetROP2
SetPolyFillMode
SetBkMode
SetTextColor

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegEnumValueW

shell32

SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHAppBarMessage

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
CreateILockBytesOnHGlobal
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoRevokeClassObject

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantClear
VariantTimeToSystemTime
SysAllocStringLen

oledlg

OleUIBusyW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 603KB - Virtual size: 1019KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ffaeb63df0bc66721574c300059754d6

Code Sign

31:e3:c5:1b:7e:20:01:70:bd:15:28:13:00:51:16:26Certificate

c8:f9:be:2d:02:e9:34:68:73:ef:fd:74:66:51:95:d3:2f:8c:46:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

transsub

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 296KB - Virtual size: 296KB

.data Size: 603KB - Virtual size: 1019KB

.rsrc Size: 18KB - Virtual size: 17KB

31:e3:c5:1b:7e:20:01:70:bd:15:28:13:00:51:16:26
Certificate

c8:f9:be:2d:02:e9:34:68:73:ef:fd:74:66:51:95:d3:2f:8c:46:78
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 296KB - Virtual size: 296KB

.data
Size: 603KB - Virtual size: 1019KB

.rsrc
Size: 18KB - Virtual size: 17KB