ZYZQKH64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ZYZQKH64
Size

583KB
MD5

241f0f1e9b71bc839ea45b13f229ee1d
SHA1

27b17a7f5c2027c0e2014951833fb4d6b6f22eaf
SHA256

a485f6bfb5a69e3366d2d338f60b108718b70119c07c58f451e97f9210a97bdf
SHA512

957d07c3c84b192a5f2ca0dd767d6e0e50ef8f6b622b98c5fd3a268877a961004a555a69105577adf9368ea9700bcfb3a4b8857e9123ed10bca919c3e78f5179
SSDEEP

12288:sCo267mz4ggBhu3zY1FPyiS9J8AaJW81c+7V:sChqgshuEjaiS9J8AaQyc+7V

Score

1^/10

Malware Config

Signatures

Files

ZYZQKH64
.exe windows:4 windows x64 arch:x64

33b1eb5c90c39a088bf82e40597f2768

Code Sign

5a:ae:a0:b4:bb:e4:9c:48:16:38:43:0d:2c:2f:7a:ab
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

17/12/2023, 07:15

Not After

14/12/2026, 18:45

Subject

SERIALNUMBER=2639014,CN=Cockos Incorporated,O=Cockos Incorporated,L=Brooklyn,ST=New York,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:bd:43:82:7c:22:16:6b:27:42:ee:6a:c6:28:c6:51:5e:7b:0d:0e:17:51:93:c7:83:7a:6e:79:5a:73:fb:dd
Signer

Actual PE Digest

db:bd:43:82:7c:22:16:6b:27:42:ee:6a:c6:28:c6:51:5e:7b:0d:0e:17:51:93:c7:83:7a:6e:79:5a:73:fb:dd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\mhc\jmde\Release64\Plugins\reaper_host64.pdb

Imports

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

WaitForMultipleObjects
ReleaseMutex
MapViewOfFile
CreateFileMappingA
WriteFile
GetFileSize
CreateFileA
DeleteFileA
CreateMutexA
GetTempPathA
FreeLibrary
GetProcAddress
GetVersionExA
GetLastError
LoadLibraryA
SetErrorMode
GetModuleFileNameA
UnmapViewOfFile
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileIntW
LoadLibraryW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetVersion
SetEvent
lstrcpynA
FlushFileBuffers
GetLocaleInfoA
RtlVirtualUnwind
LCMapStringW
WriteConsoleW
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapSize
HeapCreate
HeapSetInformation
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
GetCommandLineA
RtlUnwindEx
RtlLookupFunctionEntry
GetStringTypeA
RtlPcToFileHeader
RaiseException
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetThreadLocale
FormatMessageA
GetStringTypeW
LeaveCriticalSection
CloseHandle
SetThreadPriority
CreateEventA
GetCurrentThreadId
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
Sleep
WaitForSingleObject
ExitProcess
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
LCMapStringA

user32

GetWindow
GetCapture
RedrawWindow
LoadIconA
LoadCursorA
GetDesktopWindow
GetSystemMetrics
GetWindowLongPtrA
GetDC
KillTimer
GetMessagePos
PtInRect
SetForegroundWindow
GetWindowDC
ReleaseDC
PostMessageA
IsWindowVisible
BeginPaint
GetClientRect
FillRect
EndPaint
DestroyWindow
CreateWindowExA
SetWindowPos
GetWindowRect
ShowWindow
GetWindowTextW
DefWindowProcA
GetWindowThreadProcessId
SetWindowTextA
SendMessageA
GetClassWord
FindWindowExA
CallWindowProcA
RemovePropA
SetWindowLongPtrA
SetPropA
GetPropA
PeekMessageA
GetWindowLongA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetTimer
RegisterClassA

gdi32

BitBlt
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegEnumKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize

Sections

.text
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33b1eb5c90c39a088bf82e40597f2768

Code Sign

5a:ae:a0:b4:bb:e4:9c:48:16:38:43:0d:2c:2f:7a:abCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

db:bd:43:82:7c:22:16:6b:27:42:ee:6a:c6:28:c6:51:5e:7b:0d:0e:17:51:93:c7:83:7a:6e:79:5a:73:fb:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 466KB - Virtual size: 466KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 14KB - Virtual size: 27KB

.pdata Size: 8KB - Virtual size: 8KB

.data1 Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.trace Size: 5KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 15KB

5a:ae:a0:b4:bb:e4:9c:48:16:38:43:0d:2c:2f:7a:ab
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

db:bd:43:82:7c:22:16:6b:27:42:ee:6a:c6:28:c6:51:5e:7b:0d:0e:17:51:93:c7:83:7a:6e:79:5a:73:fb:dd
Signer

.text
Size: 466KB - Virtual size: 466KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 14KB - Virtual size: 27KB

.pdata
Size: 8KB - Virtual size: 8KB

.data1
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.trace
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 15KB