sample-707715-f65e059937265e36d27d93ecb979eab7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

sample-707715-f65e059937265e36d27d93ecb979eab7.zip
Size

6.1MB
MD5

d2cbc44ab632a55865a029cbda7670bb
SHA1

813374bd68712ce8dd6f5886432da5eb5da1881b
SHA256

61adbef889ab5df0511cd6e909611d36182bd9e6536eaa5fb9e02099af3cd6da
SHA512

554039f7f7b516c447a536f29dfaddcab3677a42619fd2024b3d20dac651fad19d39c0ee7b2abebe74587b4f599ceea6d93582cde3b3bffbce1f116d20ba3c4a
SSDEEP

196608:zs63BRjwI9jql6M5p3KA9PIL0cKlMK1HHxN2S:z3ByIVfMT3KA1Io3RpRN2S

Score

1^/10

Malware Config

Signatures

Files

sample-707715-f65e059937265e36d27d93ecb979eab7.zip
.zip

Password: infected
agent.exe
.exe windows:5 windows x86 arch:x86

Password: infected

13bee8d3e7951462fe8f24cab350d8db

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:6e:ec:69:d8:62:7d:3e:a9:e4:8d:84:05:2b:2d:6e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

18/01/2023, 23:59

Subject

SERIALNUMBER=835 053 414,CN=ExaTrack SAS,O=ExaTrack SAS,L=Paris,C=FR,1.3.6.1.4.1.311.60.2.1.1=#13055061726973,1.3.6.1.4.1.311.60.2.1.2=#0c0ec38e6c652d64652d4672616e6365,1.3.6.1.4.1.311.60.2.1.3=#13024652,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:0b:9a:c8:97:9b:e4:16:b1:33:be:30:f8:00:01:7c:ec:06:95:f4:b2:56:37:db:ce:75:fc:15:4d:c2:38:b6
Signer

Actual PE Digest

ac:0b:9a:c8:97:9b:e4:16:b1:33:be:30:f8:00:01:7c:ec:06:95:f4:b2:56:37:db:ce:75:fc:15:4d:c2:38:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptVerifyMessageSignatureWithKey

advapi32

CryptReleaseContext
CryptAcquireContextA

kernel32

GetVersionExA
GetProcAddress
GetModuleHandleA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
GetLastError
VirtualProtect
LoadLibraryA
VirtualAlloc
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
ExitProcess
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

13bee8d3e7951462fe8f24cab350d8db

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:6e:ec:69:d8:62:7d:3e:a9:e4:8d:84:05:2b:2d:6eCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

ac:0b:9a:c8:97:9b:e4:16:b1:33:be:30:f8:00:01:7c:ec:06:95:f4:b2:56:37:db:ce:75:fc:15:4d:c2:38:b6Signer

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

advapi32

kernel32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 12KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:6e:ec:69:d8:62:7d:3e:a9:e4:8d:84:05:2b:2d:6e
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

ac:0b:9a:c8:97:9b:e4:16:b1:33:be:30:f8:00:01:7c:ec:06:95:f4:b2:56:37:db:ce:75:fc:15:4d:c2:38:b6
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 12KB