ZeusGameover_Feb2014[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ZeusGameover_Feb2014.zip
Size

811KB
MD5

79f9d8468f9d354dfc1a90be4aa0157f
SHA1

a750ff0a5de048d5cb54757d2e56c9fecd687156
SHA256

626422ae68865a9a124792ed667b723bdbe6cd182d184c137355c33ab1360f0f
SHA512

f5d3bc5fca33607dc577fd1cd5c00ca9db5dd40ee776ba8b0947bbc583efe70353cc882092c291702ae1f13a0bab6f29889de75c17a99fbb2538b178fe08847c
SSDEEP

24576:e5uciG/00ui+/KFM2h17w3GaC9/Sw8NOif4Xl:MPttMGk3oYNOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eqig unpacked.ex_
unpack001/output.1301364 unpacked.old

Files

ZeusGameover_Feb2014.zip
.zip

Password: infected
eqig unpacked.ex_
.exe windows:5 windows x86 arch:x86

8d32783cf1879355ee8a047c61ef550d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
SetFileAttributesW
SetEndOfFile
SetFilePointerEx
SetFileTime
ReadFile
GetFileSizeEx
GetFileTime
DeleteFileW
GetFileInformationByHandle
GetNativeSystemInfo
GetDriveTypeW
GetSystemDefaultUILanguage
GetLogicalDrives
GetProcessTimes
GetModuleFileNameW
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
ExitProcess
SetErrorMode
GetComputerNameW
GetVersionExW
lstrcatW
OpenEventW
GetCurrentProcessId
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
GetTempPathW
lstrcpyA
VirtualProtectEx
GetThreadContext
SetThreadContext
GetProcessId
TryEnterCriticalSection
SetThreadPriority
ResetEvent
TlsGetValue
TlsSetValue
TerminateProcess
GlobalLock
GlobalUnlock
CreateMutexW
OpenMutexW
MoveFileExW
FindFirstFileW
FindClose
FindNextFileW
InterlockedIncrement
InterlockedDecrement
TlsAlloc
TlsFree
CreateDirectoryW
VirtualFree
VirtualAlloc
RemoveDirectoryW
WTSGetActiveConsoleSessionId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
OutputDebugStringA
SetFilePointer
GetTempFileNameW
DosDateTimeToFileTime
FileTimeToDosDateTime
Process32NextW
Process32FirstW
CreateRemoteThread
ReleaseMutex
GetCurrentThreadId
lstrlenW
TerminateThread
lstrcpyW
SetLastError
GetHandleInformation
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
IsBadReadPtr
ResumeThread
DuplicateHandle
GetCommandLineW
lstrcmpiA
lstrcmpA
GetLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
LocalFree
ExpandEnvironmentStringsW
GetSystemTime
Sleep
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
VirtualQueryEx
SetEvent
lstrcpynA
CreateThread
CreateToolhelp32Snapshot
lstrcmpiW
LoadLibraryA
GetLastError
Thread32Next
LoadLibraryW
Thread32First
OpenProcess
GetCurrentThread
CreateProcessW
FreeLibrary
GetEnvironmentVariableW
GetProcAddress
GetPrivateProfileIntW
FlushFileBuffers
GetFileAttributesW
GetPrivateProfileStringW
GetModuleHandleW
lstrlenA
VirtualProtect
WriteFile
WaitForSingleObject
GetVolumeNameForVolumeMountPointW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MapViewOfFile
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileMappingW
CreateFileW
UnmapViewOfFile
ReadProcessMemory

user32

GetUpdateRect
IntersectRect
GetDCEx
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
GetUpdateRgn
EndPaint
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
OpenWindowStationW
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
OpenDesktopW
GetProcessWindowStation
BeginPaint
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
GetShellWindow
RegisterClassA
DefFrameProcW
CallWindowProcW
EndMenu
CallWindowProcA
RegisterClassW
HiliteMenuItem
DefMDIChildProcA
MapVirtualKeyW
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DrawEdge
FillRect
GetWindowDC
CreateWindowStationW
DefFrameProcA
OpenInputDesktop
MenuItemFromPoint
GetMenu
CharToOemW
GetCursorPos
GetIconInfo
DrawIcon
IsRectEmpty
GetWindowThreadProcessId
GetMessagePos
MapWindowPoints
SendMessageW
ReleaseCapture
CharLowerA
GetTopWindow
LoadImageW
WindowFromPoint
GetDC
ReleaseDC
SetWindowLongW
GetWindow
CharLowerW
ExitWindowsEx
CharUpperW
GetLastInputInfo
GetSystemMetrics
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
IsWindow
SendMessageTimeoutW
SetWindowPos
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PeekMessageA
PeekMessageW
GetAncestor
GetWindowLongW
SetCursorPos
GetCapture
GetClassLongW
GetWindowInfo
GetParent

advapi32

RegCreateKeyExW
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
CryptDestroyHash
RegCloseKey
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
GetLengthSid
IsWellKnownSid
ConvertSidToStringSidW
InitiateSystemShutdownExW
EqualSid

shlwapi

PathUnquoteSpacesW
PathSkipRootW
PathMatchSpecW
UrlUnescapeA
PathAddExtensionW
PathIsDirectoryW
wvnsprintfA
wvnsprintfW
PathIsURLW
PathFindExtensionW
PathQuoteSpacesW
PathGetDriveNumberW
PathFindFileNameW
StrCmpNIA
StrChrA
StrCmpNW
StrCmpNIW
StrCmpNA
StrChrW
StrCmpIW
StrRChrA
SHDeleteKeyW
SHDeleteValueW
ord14
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW
EncryptMessage
DecryptMessage

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromString

gdi32

GdiFlush
CreateCompatibleDC
SetRectRgn
CreateDIBSection
GetDIBits
SaveDC
RestoreDC
BitBlt
DeleteDC
GetDeviceCaps
CreateDCW
SelectObject
DeleteObject
SetViewportOrgEx
CreateCompatibleBitmap

ws2_32

sendto
setsockopt
shutdown
getsockname
WSAEventSelect
WSAEnumNetworkEvents
recvfrom
WSAStartup
getaddrinfo
select
freeaddrinfo
WSARecv
WSASend
WSACleanup
recv
bind
socket
WSACreateEvent
WSASetLastError
closesocket
send
getsockopt
listen
WSAAddressToStringA
WSAStringToAddressW
accept
WSAGetLastError
WSACloseEvent
getpeername
WSAIoctl
connect

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXExportCertStoreEx

wininet

InternetCrackUrlA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
InternetSetStatusCallbackA
HttpSendRequestExW
HttpSendRequestExA
InternetSetCookieA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

iphlpapi

GetAdaptersAddresses

msvcrt

_errno
memcpy
memset
_purecall
abs
_ultoa
memcmp
strcmp
_wtoi
_ultow
memchr
_vsnwprintf
_vsnprintf
memmove
_except_handler3

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eqig.ex_
.exe windows:4 windows x86 arch:x86

e291a67fb71949b4eaf40ae126c446ce

Code Sign

6a:00:48:28:70:01:9e:6a:b0:eb:07:41:4f:31:65:7c
Certificate

Issuer

CN=fHyv

Not Before

06-06-2012 07:29

Not After

31-12-2039 23:59

Subject

CN=fHyv

Extended Key Usages

ExtKeyUsageCodeSigning

6d:3b:a2:f1:c3:36:95:de:92:4c:19:19:d7:bd:43:d8:95:50:9c:dd
Signer

Actual PE Digest

6d:3b:a2:f1:c3:36:95:de:92:4c:19:19:d7:bd:43:d8:95:50:9c:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
LoadLibraryA
GetProcAddress
GetWindowsDirectoryW
lstrcatW
CreateFileW
VirtualAllocEx
CloseHandle

user32

GetDC
ReleaseDC
InvalidateRect
BeginPaint
ScrollWindow
EndPaint
PostQuitMessage
DefWindowProcA

gdi32

GetStockObject
SelectObject
GetTextMetricsA
SetBkMode
TextOutA

advapi32

RegCloseKey

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
output.1301364 unpacked.old
.exe windows:5 windows x86 arch:x86

6253b6d40c561577513ebf9eba37376f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
GetModuleHandleW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetEnvironmentVariableW
CreateProcessW
GetCurrentThread
OpenProcess
Thread32First
LoadLibraryW
Thread32Next
CreateToolhelp32Snapshot
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DuplicateHandle
ResumeThread
GetModuleFileNameW
GetUserDefaultUILanguage
SetThreadPriority
SetLastError
ResetEvent
GlobalLock
GlobalUnlock
IsBadReadPtr
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
GetThreadContext
SetThreadContext
GetProcessId
DeleteFileW
GetCurrentThreadId
TlsAlloc
TlsFree
ExitProcess
SetErrorMode
GetComputerNameW
GetFileAttributesExW
OpenEventW
GetCurrentProcessId
TerminateThread
CreateRemoteThread
Process32FirstW
Process32NextW
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
TlsGetValue
TlsSetValue
TerminateProcess
OpenMutexW
WTSGetActiveConsoleSessionId
GetVolumeNameForVolumeMountPointW
GetExitCodeThread
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
OutputDebugStringA
GetFileTime
RemoveDirectoryW
VirtualAlloc
GetFileSizeEx
SetFileTime
VirtualFree
CreateDirectoryW
SetFilePointerEx
GetVersionExW
GetNativeSystemInfo
lstrcpyW
GetHandleInformation
ReleaseMutex
FindNextFileW
FindClose
FindFirstFileW
SetEndOfFile
GetFileAttributesW
MoveFileExW
GetFileInformationByHandle
FileTimeToLocalFileTime
GetTempPathW
ReadFile
GetTempFileNameW
FileTimeToDosDateTime
ExpandEnvironmentStringsW
lstrcatW
lstrcmpiW
VirtualProtect
HeapCreate
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
GetTickCount
QueryPerformanceCounter
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrcmpA
lstrcpyA
LoadLibraryA
GetProcAddress
GetLastError
FlushFileBuffers
CreateFileW
WriteFile
FreeLibrary
lstrcpynA
lstrlenA
CloseHandle
DeleteCriticalSection
WaitForMultipleObjects
CreateEventW
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSection
SetEvent
WaitForSingleObject
TryEnterCriticalSection
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
CreateMutexW

user32

GetWindowThreadProcessId
GetShellWindow
GetTopWindow
LoadImageW
WindowFromPoint
GetWindowLongW
SetWindowLongW
SendMessageTimeoutW
GetWindow
GetKeyboardState
ToUnicode
CharLowerW
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
GetUserObjectInformationW
HiliteMenuItem
PostThreadMessageW
GetMenuItemCount
EndMenu
GetClassNameW
SystemParametersInfoW
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
OpenDesktopW
GetSubMenu
SetKeyboardState
GetMenuItemID
GetThreadDesktop
RegisterWindowMessageW
OpenWindowStationW
MsgWaitForMultipleObjects
DispatchMessageW
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
GetWindowRect
GetParent
GetWindowInfo
GetMenuState
SendMessageW
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
PostMessageW
MapVirtualKeyW
CharLowerA
GetCursorPos
GetIconInfo
DrawIcon
ExitWindowsEx
SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
BeginPaint
GetUpdateRect
GetDC
GetCapture
TranslateMessage
RegisterClassExW
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
CharToOemW
MapWindowPoints
IsRectEmpty
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
RegisterClassA
DefFrameProcW
GetMessagePos
DefWindowProcW
CallWindowProcW
CallWindowProcA
RegisterClassW
ReleaseCapture
DefMDIChildProcA
GetSystemMetrics

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
IsWellKnownSid
GetLengthSid
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
EqualSid
InitiateSystemShutdownExW

shlwapi

PathAddExtensionW
PathAddBackslashW
StrCmpNIW
SHDeleteKeyW
SHDeleteValueW
StrStrIW
StrStrIA
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathCanonicalizeW
PathQuoteSpacesW
StrCmpNW
PathMatchSpecW
PathUnquoteSpacesW
PathSkipRootW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathIsURLW
wvnsprintfA
wvnsprintfW
ord14

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CLSIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2

gdi32

GdiFlush
GetDeviceCaps
SetRectRgn
CreateDCW
DeleteObject
SaveDC
RestoreDC
CreateDIBSection
GetDIBits
BitBlt
DeleteDC
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

getaddrinfo
recvfrom
getpeername
accept
listen
getsockopt
WSASetLastError
WSACreateEvent
WSACloseEvent
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAEnumNetworkEvents
WSAEventSelect
shutdown
setsockopt
WSACleanup
bind
select
getsockname
sendto
freeaddrinfo
WSARecv
WSASend
recv
closesocket
send
WSAGetLastError
socket

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData

wininet

HttpAddRequestHeadersW
GetUrlCacheEntryInfoW
InternetSetStatusCallbackW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
InternetSetStatusCallbackA
HttpSendRequestExW
HttpSendRequestExA
InternetCrackUrlA
InternetSetCookieA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

msvcrt

_errno
memcpy
memcmp
memset
_ultow
_purecall
abs
memmove
_ultoa
_wtoi
memchr
strcmp
free
_except_handler3
isleadbyte
_iob
_snprintf
_itoa
wctomb
malloc
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
output.1301364.old
.exe windows:4 windows x86 arch:x86

1aa2253e29d2d08cca2710a5f1ab5cf1

Code Sign

0a:b4:be:22:0d:75:35:ad:4d:5d:41:47:2e:29:e2:94
Certificate

Issuer

CN=yweryvqwe

Not Before

01-03-2012 10:39

Not After

31-12-2039 23:59

Subject

CN=yweryvqwe

Extended Key Usages

ExtKeyUsageCodeSigning

c4:58:67:b3:46:a6:15:36:d8:b3:d0:95:de:0b:fa:b7:ff:65:69:7f
Signer

Actual PE Digest

c4:58:67:b3:46:a6:15:36:d8:b3:d0:95:de:0b:fa:b7:ff:65:69:7f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
VirtualAlloc

advapi32

RegOpenKeyExA

shell32

SHBrowseForFolderA
ExtractAssociatedIconW
SHQueryRecycleBinA
SHLoadInProc
SHGetFolderPathA
SHFileOperationA
ExtractAssociatedIconExA
ShellHookProc
SHCreateDirectoryExW
SHInvokePrinterCommandW
SHFreeNameMappings
Shell_NotifyIconA
SHGetPathFromIDList
DragQueryFileW
SHGetDataFromIDListA
DragQueryFile
SHBindToParent
DragQueryFileA
ExtractAssociatedIconA
SHGetSpecialFolderLocation
SHGetDiskFreeSpaceExA
SHQueryRecycleBinW
SHGetSpecialFolderPathW
SHGetFileInfo
SHGetMalloc
SHGetInstanceExplorer
SHGetDiskFreeSpaceExW
SHFormatDrive
DoEnvironmentSubstW
ExtractIconEx
Shell_NotifyIcon
SHGetSpecialFolderPathA
CommandLineToArgvW
DragQueryFileAorW
ShellExecuteW
ExtractAssociatedIconExW
SHGetFolderLocation
SHGetIconOverlayIndexW
SHGetFileInfoA
SHEmptyRecycleBinW
SHGetFileInfoW
SHFileOperation
DragFinish
ExtractIconW
SHGetFolderPathW
ShellExecuteA
SHGetPathFromIDListW
ExtractIconExA
SHAppBarMessage

shlwapi

StrChrIW
StrChrIA
StrCmpNIA
StrRChrIA
StrStrA
StrCmpNA
StrRChrA
StrRChrIW
StrRStrIW
StrCmpNW
StrCmpNIW
StrRChrW
StrRStrIA
StrChrW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text11
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text12
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8d32783cf1879355ee8a047c61ef550d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

msvcrt

version

Sections

.text Size: 241KB - Virtual size: 240KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 11KB - Virtual size: 10KB

e291a67fb71949b4eaf40ae126c446ce

Code Sign

6a:00:48:28:70:01:9e:6a:b0:eb:07:41:4f:31:65:7cCertificate

Extended Key Usages

6d:3b:a2:f1:c3:36:95:de:92:4c:19:19:d7:bd:43:d8:95:50:9c:ddSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 266KB - Virtual size: 266KB

.data4 Size: 512B - Virtual size: 100B

.data3 Size: 512B - Virtual size: 100B

.data2 Size: 512B - Virtual size: 100B

.reloc Size: 512B - Virtual size: 288B

6253b6d40c561577513ebf9eba37376f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

msvcrt

Sections

.text Size: 230KB - Virtual size: 229KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 9KB

1aa2253e29d2d08cca2710a5f1ab5cf1

Code Sign

0a:b4:be:22:0d:75:35:ad:4d:5d:41:47:2e:29:e2:94Certificate

Extended Key Usages

c4:58:67:b3:46:a6:15:36:d8:b3:d0:95:de:0b:fa:b7:ff:65:69:7fSigner

Headers

File Characteristics

.text
Size: 241KB - Virtual size: 240KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 11KB - Virtual size: 10KB

6a:00:48:28:70:01:9e:6a:b0:eb:07:41:4f:31:65:7c
Certificate

6d:3b:a2:f1:c3:36:95:de:92:4c:19:19:d7:bd:43:d8:95:50:9c:dd
Signer

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 266KB - Virtual size: 266KB

.data4
Size: 512B - Virtual size: 100B

.data3
Size: 512B - Virtual size: 100B

.data2
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 288B

.text
Size: 230KB - Virtual size: 229KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 9KB

0a:b4:be:22:0d:75:35:ad:4d:5d:41:47:2e:29:e2:94
Certificate

c4:58:67:b3:46:a6:15:36:d8:b3:d0:95:de:0b:fa:b7:ff:65:69:7f
Signer

.text
Size: 2KB - Virtual size: 2KB

.text11
Size: 258KB - Virtual size: 258KB

.text12
Size: 1024B - Virtual size: 912B

.text3
Size: 1024B - Virtual size: 1000B

.text1
Size: 1024B - Virtual size: 1000B

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 444B