cache[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cache.zip
Size

378KB
MD5

d7f38c415250972b3d961dbe59bf8705
SHA1

befd263e4e30bcc9eaf7fa398b86fb155a74bd31
SHA256

8d0d98e67f75c70e38fe71fdd0f64118504045748305d1c8ea9e7df07efc7c43
SHA512

bc3e06fe4f8c92f452c42951ea165c6d1e8fde9b0d10b3635741c989def709f908f4cdecd132849b794a76db19ca6ad7392d33b3674f1df21321e067938ff9ca
SSDEEP

6144:dEiizHmKw6u/4fpPeA5NZeHas97UBOYPfEKD1NTozcLCtLCDpQBo6:dIzGKJ9hPeA5KPZU1fbD1NTZLCtLMpAv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Acrobat.dll

Files

cache.zip
.zip
3.exe
.exe windows:5 windows x86 arch:x86

32c5d50dee5868d545d5d27eb4fab886

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

28/09/2009, 00:00

Not After

04/11/2012, 23:59

Subject

CN=Adobe Systems\, Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Acrobat Engineering,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

69:f3:e9:d1:32:9e:4d:f1:dc:0e:7b:9a:9a:67:e9:7c:6e:47:7e:62
Signer

Actual PE Digest

69:f3:e9:d1:32:9e:4d:f1:dc:0e:7b:9a:9a:67:e9:7c:6e:47:7e:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AcrobatExe.pdb

Imports

kernel32

GetVersion
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
CloseHandle
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
FreeLibrary
HeapSetInformation
GetFileAttributesW
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThreadId
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
RaiseException
InterlockedExchange
GetCurrentProcessId

user32

FindWindowA
RegisterWindowMessageA
FindWindowW
SendMessageW
MessageBoxW

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcr90

_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
malloc
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
wcsrchr
wcsncpy_s
_wcmdln
free
wcsncat_s
_stricmp
__CxxFrameHandler3
wcslen
_CxxThrowException
memcpy_s
??3@YAXPAX@Z
memset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Acrobat.dll
.dll windows:6 windows x86 arch:x86

cafeef59c221426f2f01a3f729e80ec9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\工具\X2_Acrobat(2022-07-22)\生成器\rtl\vc\src\IFbPs.pdb

Imports

kernel32

lstrcmpiW
lstrcpyW
lstrcatW
CreateFileW
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
WriteConsoleW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
OutputDebugStringW
CloseHandle
DecodePointer

Exports

Exports

AcroWinMain

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcrobatDC.dat
link.dat

Sharing

General

Malware Config

Signatures

Files

32c5d50dee5868d545d5d27eb4fab886

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07Certificate

Extended Key Usages

Key Usages

69:f3:e9:d1:32:9e:4d:f1:dc:0e:7b:9a:9a:67:e9:7c:6e:47:7e:62Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcr90

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 300KB - Virtual size: 299KB

.reloc Size: 2KB - Virtual size: 2KB

cafeef59c221426f2f01a3f729e80ec9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 9KB

.idata Size: 3KB - Virtual size: 2KB

.00cfg Size: 512B - Virtual size: 265B

.reloc Size: 11KB - Virtual size: 10KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07
Certificate

69:f3:e9:d1:32:9e:4d:f1:dc:0e:7b:9a:9a:67:e9:7c:6e:47:7e:62
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 300KB - Virtual size: 299KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 9KB

.idata
Size: 3KB - Virtual size: 2KB

.00cfg
Size: 512B - Virtual size: 265B

.reloc
Size: 11KB - Virtual size: 10KB