Malware-2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Malware-2.zip
Size

1.3MB
MD5

ed59c022e52337a216482bc1fb3cdab2
SHA1

71e858f52a2a88194dd037dde23edc33f81faa6a
SHA256

80b457f9b9655e58bccab3057d60d80b1f18172b8e8fe79aa339404d405ca1bf
SHA512

1de1309cf60b6c172318ced033711312e38cd345aada92420101c6bae9c82b46d1437d7ac43830e8c67c3cebf596cd57d08a4cbf3ba7d63776ad22508c77753a
SSDEEP

24576:umDbmsug9/x58+bN/Fj5hF5qh4KDgMapIJYFTiOSdOmXuOQ:juoy+h/Fj0gTIiEOSdOmXuOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hid.dll

Files

Malware-2.zip
.zip
LDevice.dat
LDeviceDetectionHelper.exe
.exe windows:6 windows x86 arch:x86

ecfeb146d7d3d12f85953babfecdf605

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2013, 00:00

Not After

18/05/2015, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:f5:a7:e7:31:7f:5f:52:ca:17:c8:14:c2:23:30:35:dd:82:a1:a0
Signer

Actual PE Digest

24:f5:a7:e7:31:7f:5f:52:ca:17:c8:14:c2:23:30:35:dd:82:a1:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildAgent\work\7589b5263c32e1c1\Source\Release\LDeviceDetectionHelper.pdb

Imports

kernel32

UnregisterWait
WriteConsoleW
SetStdHandle
ReadConsoleW
GetThreadPriority
SetFilePointer
HeapReAlloc
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
SignalObjectAndWait
SetEndOfFile
OutputDebugStringA
GetCurrentThreadId
GetLastError
CloseHandle
CreateMutexA
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
WriteFile
GetOverlappedResult
CancelIoEx
ReadFile
WaitForMultipleObjects
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetProcAddress
CreateFileW
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
DuplicateHandle
Sleep
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
GetStringTypeW
GetCommandLineW
GetModuleHandleExW
AreFileApisANSI
HeapFree
CreateTimerQueueTimer
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsGetValue
HeapAlloc
GetCPInfo
CreateTimerQueue
CreateThread
ExitThread
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SwitchToThread
GetTickCount
UnregisterWaitEx
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
SetThreadPriority
ExitProcess

user32

EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
DialogBoxParamW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
RegisterClassW
ShowWindow
RegisterDeviceNotificationW
SetWindowLongW
GetWindowLongW
UnregisterDeviceNotification
LoadAcceleratorsW
LoadStringW

advapi32

RegEnumKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

Sections

.text
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hid.dll
.dll windows:4 windows x86 arch:x86

afad75e773da49fdb7bc740f888abe1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

api-ms-win-crt-convert-l1-1-0

_ultoa
mbrtowc
wcrtomb

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-private-l1-1-0

_setjmp3
longjmp
memchr
memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthreadex
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_endthreadex
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
_fileno
_setmode
fflush
fgetwc
fputc
fwrite
getc

api-ms-win-crt-string-l1-1-0

_strdup
memset
strlen
strncmp
wcslen

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Exports

Exports

HidD_GetHidGuid
NimMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 512B - Virtual size: 253B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecfeb146d7d3d12f85953babfecdf605

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

24:f5:a7:e7:31:7f:5f:52:ca:17:c8:14:c2:23:30:35:dd:82:a1:a0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 733KB - Virtual size: 732KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 112KB - Virtual size: 129KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 575KB - Virtual size: 575KB

.reloc Size: 112KB - Virtual size: 111KB

afad75e773da49fdb7bc740f888abe1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.data Size: 1024B - Virtual size: 656B

.rdata Size: 8KB - Virtual size: 7KB

/4 Size: 23KB - Virtual size: 22KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 92B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 548B

.reloc Size: 3KB - Virtual size: 3KB

/14 Size: 512B - Virtual size: 224B

/29 Size: 15KB - Virtual size: 14KB

/41 Size: 2KB - Virtual size: 2KB

/55 Size: 3KB - Virtual size: 2KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 132B

/91 Size: 2KB - Virtual size: 1KB

/107 Size: 4KB - Virtual size: 4KB

/123 Size: 512B - Virtual size: 253B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

24:f5:a7:e7:31:7f:5f:52:ca:17:c8:14:c2:23:30:35:dd:82:a1:a0
Signer

.text
Size: 733KB - Virtual size: 732KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 112KB - Virtual size: 129KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 575KB - Virtual size: 575KB

.reloc
Size: 112KB - Virtual size: 111KB

.text
Size: 100KB - Virtual size: 100KB

.data
Size: 1024B - Virtual size: 656B

.rdata
Size: 8KB - Virtual size: 7KB

/4
Size: 23KB - Virtual size: 22KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 92B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 548B

.reloc
Size: 3KB - Virtual size: 3KB

/14
Size: 512B - Virtual size: 224B

/29
Size: 15KB - Virtual size: 14KB

/41
Size: 2KB - Virtual size: 2KB

/55
Size: 3KB - Virtual size: 2KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 132B

/91
Size: 2KB - Virtual size: 1KB

/107
Size: 4KB - Virtual size: 4KB

/123
Size: 512B - Virtual size: 253B