General

Malware Config

Signatures

Files

• zip.exe

  .exe windows:4 windows x86 arch:x86

  81184a9f7e2b304efdf1fcfabdac9864

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  74:c5:88:08:c1:39:ae:cc:23:26:0e:b2:ba:16:f2:fd

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  30-05-2016 00:00

  Not After

  29-07-2019 23:59

  Subject

  CN=IBM Polska Sp. z o.o.,O=IBM Polska Sp. z o.o.,L=Warsaw,ST=mazowieckie,C=PL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  74:c5:88:08:c1:39:ae:cc:23:26:0e:b2:ba:16:f2:fd

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  30-05-2016 00:00

  Not After

  29-07-2019 23:59

  Subject

  CN=IBM Polska Sp. z o.o.,O=IBM Polska Sp. z o.o.,L=Warsaw,ST=mazowieckie,C=PL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-04-2027 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  96:9a:60:2a:28:63:2f:c0:52:47:74:23:b7:b4:f1:38:eb:4d:6a:aa:bb:f6:d9:d2:56:33:f8:e6:c5:dd:f1:f9

  Signer

  Actual PE Digest

  96:9a:60:2a:28:63:2f:c0:52:47:74:23:b7:b4:f1:38:eb:4d:6a:aa:bb:f6:d9:d2:56:33:f8:e6:c5:dd:f1:f9

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  67:1b:1d:73:a4:a5:fa:ea:64:59:57:30:06:8a:e5:39:6f:82:0b:52

  Signer

  Actual PE Digest

  67:1b:1d:73:a4:a5:fa:ea:64:59:57:30:06:8a:e5:39:6f:82:0b:52

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  EnterCriticalSection

  InitializeCriticalSection

  ReleaseMutex

  WaitForSingleObject

  CloseHandle

  InterlockedExchange

  CreateMutexA

  HeapFree

  HeapAlloc

  GetProcessHeap

  GetLastError

  CreateFileA

  GetCurrentProcess

  GetVolumeInformationW

  GetFileAttributesA

  GetFileAttributesW

  SetFileAttributesW

  LeaveCriticalSection

  lstrlenA

  FindFirstFileA

  GetVersion

  GetFileType

  GetFileTime

  GetFullPathNameA

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  CreateFileW

  GetFullPathNameW

  ReadFile

  SetConsoleMode

  GetConsoleMode

  WideCharToMultiByte

  MultiByteToWideChar

  FindFirstFileW

  FindNextFileW

  FindNextFileA

  GetDriveTypeA

  lstrcmpiA

  GetVolumeInformationA

  SetFileAttributesA

  FindClose

  SetStdHandle

  GetCurrentDirectoryA

  SetEnvironmentVariableW

  GetTimeZoneInformation

  GetSystemTime

  GetLocalTime

  GetDriveTypeW

  ExitProcess

  TerminateProcess

  MoveFileA

  lstrcpynA

  HeapReAlloc

  SetFilePointer

  GetFileInformationByHandle

  PeekNamedPipe

  SetConsoleCtrlHandler

  DuplicateHandle

  GetCommandLineA

  GetModuleHandleA

  GetModuleFileNameA

  GetEnvironmentVariableA

  GetVersionExA

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  FlushFileBuffers

  WriteFile

  SetHandleCount

  GetStdHandle

  GetStartupInfoA

  LCMapStringA

  LCMapStringW

  RemoveDirectoryA

  GetEnvironmentStrings

  GetStringTypeA

  GetStringTypeW

  UnhandledExceptionFilter

  GetCPInfo

  IsValidLocale

  IsValidCodePage

  GetLocaleInfoA

  EnumSystemLocalesA

  GetUserDefaultLCID

  CreatePipe

  GetExitCodeProcess

  GetProcAddress

  SetEndOfFile

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  SetEnvironmentVariableA

  GetEnvironmentStringsW

  RtlUnwind

  GetCurrentDirectoryW

  GetACP

  GetOEMCP

  CompareStringA

  CompareStringW

  GetCurrentProcessId

  CreateProcessA

  LoadLibraryA

  GetLocaleInfoW

  DeleteFileA

  SetFileTime

  LocalFileTimeToFileTime

  SystemTimeToFileTime

  user32

  OemToCharA

  CharToOemA

  advapi32

  GetSecurityDescriptorLength

  GetKernelObjectSecurity

  AdjustTokenPrivileges

  OpenProcessToken

  LookupPrivilegeValueA

  Sections

  .text

  Size: 200KB - Virtual size: 197KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 64KB - Virtual size: 383KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 800B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ