ExportSession_2024_08_08 08_29_04[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ExportSession_2024_08_08 08_29_04.zip
Size

35.8MB
MD5

21e190b9f6d92b2058902baf229a0152
SHA1

afef863e6a8818be36dc904ff79430772c965588
SHA256

7ed1cb6d9d979c7686544e126cb560fe92250e09eeea61e63d9ecedddc88dfaa
SHA512

a8536aaf107047c979e46444e054b14050462871a79dfe73e5cf5eb80168646c2fbc8856f6ef23efd0511be9de5f45ca3af8c04f187a0c967a4bb7c9c7672440
SSDEEP

786432:IGzlHcpOJWZZV7sQk3APhXlbqdACMCnGCvUW7Aa0B6lt2EPbvHPqd+nNq:I88uWZZxs93ml4537A7ctzqoNq

Score

1^/10

Malware Config

Signatures

Files

ExportSession_2024_08_08 08_29_04.zip
.zip
Clip 2.avi
VideoPlayer64.exe
.exe windows:6 windows x64 arch:x64

23265a10b6fec4b6a31e94d25d8a378c

Code Sign

0d:58:c2:8e:a9:0b:f2:b3:f1:e7:6f:4b:a9:38:ef:ab
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-02-2020 00:00

Not After

17-02-2023 12:00

Subject

SERIALNUMBER=135477400,CN=Salient Systems Corporation,O=Salient Systems Corporation,L=Austin,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13055465786173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:bc:88:5f:18:08:8a:d0:11:11:03:5d:97:2d:f9:96:29:c3:a1:fb:8e:1b:ba:2a:cc:94:35:f4:e1:97:f5:2d
Signer

Actual PE Digest

a7:bc:88:5f:18:08:8a:d0:11:11:03:5d:97:2d:f9:96:29:c3:a1:fb:8e:1b:ba:2a:cc:94:35:f4:e1:97:f5:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\tfsAgent\_work\144\s\CPP\Exes\ReleaseExes\x64\VideoPlayer64.pdb

Imports

d3d9

Direct3DCreate9Ex

kernel32

SetEndOfFile
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapQueryInformation
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetDriveTypeW
WriteFile
ExitProcess
SetConsoleCtrlHandler
GetTimeZoneInformation
VirtualQuery
ExitThread
ReadFile
RtlPcToFileHeader
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
TlsSetValue
CreateEventA
AcquireSRWLockShared
ReleaseSRWLockShared
GetStringTypeW
MoveFileExW
PeekNamedPipe
GetFileInformationByHandle
RtlUnwind
SetThreadPriority
GetVersionExW
GetCurrentThread
GetThreadPriority
GetTickCount
TryEnterCriticalSection
GetLocalTime
GlobalMemoryStatus
SleepConditionVariableCS
GetNumaNodeProcessorMaskEx
SetThreadGroupAffinity
SetEvent
WaitForSingleObject
ResetEvent
GetPrivateProfileStringW
CreateDirectoryW
InitializeCriticalSection
DeleteFileW
GetSystemDirectoryW
GlobalUnlock
GetDateFormatW
GetTimeFormatW
GlobalLock
CloseHandle
GlobalFree
GlobalAlloc
MulDiv
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
WriteConsoleW
OutputDebugStringW
IsDebuggerPresent
FlushInstructionCache
InterlockedPushEntrySList
VerSetConditionMask
GetProcAddress
SetCurrentDirectoryW
CreateThread
LoadLibraryW
TzSpecificLocalTimeToSystemTime
GetDynamicTimeZoneInformation
lstrlenW
GetProcessHeap
DeleteCriticalSection
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetThreadLocale
LCIDToLocaleName
GetModuleFileNameA
GetCurrentProcessId
HeapDestroy
DecodePointer
HeapAlloc
SetThreadAffinityMask
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
CreateEventW
lstrcpynW
lstrcmpW
GetSystemTimeAsFileTime
TlsFree
InitializeCriticalSectionAndSpinCount
TlsAlloc
FormatMessageA
VirtualAllocExNuma
GetNumaProcessorNode
TerminateProcess
CreateFileW
GetFileSizeEx
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetLastError
MultiByteToWideChar
HeapSize
GetCurrentThreadId
InitializeCriticalSectionEx
LeaveCriticalSection
GetCommandLineW
GetFullPathNameW
Sleep
GetModuleHandleExW
GetFileAttributesW
LoadLibraryA
CreateMutexA
EnterCriticalSection
SetLastError
HeapFree
ReleaseMutex
GetProcessAffinityMask
FindNextFileW
GetCurrentProcess
FileTimeToSystemTime
GetSystemTime
LocalFree
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SizeofResource
FlushConsoleInputBuffer
TlsGetValue
FormatMessageW
ReadConsoleInputW
SetConsoleMode
FindClose
QueryPerformanceCounter
SystemTimeToFileTime
SwitchToThread
GetStdHandle
LoadLibraryExW
LoadLibraryExA
GetModuleFileNameW
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
WaitForSingleObjectEx
QueryPerformanceFrequency

user32

EndDialog
IsRectEmpty
GetProcessWindowStation
SetWindowLongPtrW
GetWindowTextLengthW
UnregisterClassW
BeginPaint
GetCursorPos
ReleaseDC
SetCursorPos
SetFocus
GetDlgItem
GetUserObjectInformationW
SetWindowTextW
MessageBeep
GetActiveWindow
SetDlgItemTextW
DialogBoxParamW
EnableWindow
InvalidateRect
EndPaint
GetWindowTextW
SendMessageW
RedrawWindow
LoadImageW
ReleaseCapture
DrawFrameControl
UpdateWindow
IntersectRect
EnumDisplayMonitors
GetKeyState
LoadMenuW
MonitorFromPoint
GetFocus
TrackPopupMenu
GetSubMenu
GetMonitorInfoW
DestroyMenu
GetDC
GetSysColorBrush
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
GetMessagePos
CallWindowProcW
GetWindowRect
GetMenu
DestroyWindow
InflateRect
IsWindowVisible
SetWindowPos
MessageBoxW
FillRect
CreateWindowExW
ScreenToClient
GetSystemMetrics
GetWindowLongPtrW
RegisterClassExW
GetWindowPlacement
GetClassLongPtrW
ShowWindow
IsWindow
OffsetRect
GetCapture
SetTimer
DestroyIcon
CopyRect
GetDlgCtrlID
ClientToScreen
MapWindowPoints
DrawStateW
TrackMouseEvent
DrawFocusRect
GetSysColor
GetForegroundWindow
IsWindowEnabled
MoveWindow
IsDlgButtonChecked
LoadIconW
LoadCursorW
DrawMenuBar
SetCapture
GetWindowDC
SetCursor
SetRectEmpty
SetWindowLongW
CheckMenuItem
GetClientRect
DrawTextW
SetRect
KillTimer
GetDesktopWindow
EnableMenuItem
DrawEdge
SystemParametersInfoW
GetClassInfoExW
GetParent
PtInRect
PeekMessageW
GetQueueStatus
PostThreadMessageW
RegisterWindowMessageW
MsgWaitForMultipleObjects
MessageBoxA
MonitorFromWindow
GetWindow

gdi32

SaveDC
StartPage
CreateDIBSection
StretchDIBits
StretchBlt
AbortDoc
EndDoc
ResetDCW
CreateDCW
FillRgn
SelectClipRgn
SetBkColor
SetStretchBltMode
RestoreDC
ExtTextOutW
StartDocW
DPtoLP
EndPage
SelectObject
PatBlt
GetStockObject
CreateRectRgnIndirect
CreatePatternBrush
DeleteDC
SetTextColor
SetBkMode
LineTo
CreatePen
GetObjectW
ExcludeClipRect
MoveToEx
DeleteObject
CreateSolidBrush
CreateBitmap
CreateFontIndirectW
CombineRgn
RoundRect
GetRgnBox
GetDeviceCaps
CreateCompatibleDC
SetMapMode

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter

comdlg32

PrintDlgW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
DeregisterEventSource
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ReportEventW
RegisterEventSourceW

shell32

ShellExecuteW
SHGetDesktopFolder
CommandLineToArgvW

ole32

CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleRun

oleaut32

GetErrorInfo
VariantTimeToSystemTime
VariantClear
SafeArrayLock
SafeArrayRedim
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

shlwapi

PathFileExistsW
PathIsRelativeW
PathFindExtensionW
PathRemoveFileSpecW

ws2_32

sendto
inet_ntoa
closesocket
WSAGetLastError
inet_addr
htons
socket
WSAStartup
WSACleanup
recv
send
shutdown
gethostname
WSASetLastError
gethostbyname

comctl32

InitCommonControlsEx
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Draw
ImageList_Create
ImageList_DrawIndirect
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount

uxtheme

DrawThemeBackground
CloseThemeData
GetThemeInt
OpenThemeData

msimg32

GradientFill

ddraw

DirectDrawEnumerateExA
DirectDrawCreateEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

winmm

timeBeginPeriod
timeKillEvent
timeSetEvent
timeEndPeriod
timeGetTime

Exports

Exports

??0ConfigurationFactory@dewarping@security@bosch@@AEAA@XZ
??0DewarperFactory@dewarping@security@bosch@@AEAA@XZ
??0IConfiguration@dewarping@security@bosch@@QEAA@AEBV0123@@Z
??0IConfiguration@dewarping@security@bosch@@QEAA@XZ
??0IDewarper@dewarping@security@bosch@@QEAA@AEBV0123@@Z
??0IDewarper@dewarping@security@bosch@@QEAA@XZ
??0IDewarperWithPtz@dewarping@security@bosch@@QEAA@AEBV0123@@Z
??0IDewarperWithPtz@dewarping@security@bosch@@QEAA@XZ
??0PanTiltZoom@dewarping@security@bosch@@QEAA@MMM@Z
??0PanTiltZoom@dewarping@security@bosch@@QEAA@XZ
??0Point@dewarping@security@bosch@@QEAA@_K000@Z
??0Point@dewarping@security@bosch@@QEAA@_K0AEBU0123@@Z
??0Rectangle@dewarping@security@bosch@@QEAA@HH_K000@Z
??1IConfiguration@dewarping@security@bosch@@UEAA@XZ
??1IDewarper@dewarping@security@bosch@@UEAA@XZ
??1IDewarperWithPtz@dewarping@security@bosch@@UEAA@XZ
??4ConfigurationFactory@dewarping@security@bosch@@QEAAAEAV0123@$$QEAV0123@@Z
??4ConfigurationFactory@dewarping@security@bosch@@QEAAAEAV0123@AEBV0123@@Z
??4DewarperFactory@dewarping@security@bosch@@QEAAAEAV0123@$$QEAV0123@@Z
??4DewarperFactory@dewarping@security@bosch@@QEAAAEAV0123@AEBV0123@@Z
??4IConfiguration@dewarping@security@bosch@@QEAAAEAV0123@AEBV0123@@Z
??4IDewarper@dewarping@security@bosch@@QEAAAEAV0123@AEBV0123@@Z
??4IDewarperWithPtz@dewarping@security@bosch@@QEAAAEAV0123@AEBV0123@@Z
??4Image@dewarping@security@bosch@@QEAAAEAU0123@$$QEAU0123@@Z
??4Image@dewarping@security@bosch@@QEAAAEAU0123@AEBU0123@@Z
??4PanTiltZoom@dewarping@security@bosch@@QEAAAEAU0123@$$QEAU0123@@Z
??4PanTiltZoom@dewarping@security@bosch@@QEAAAEAU0123@AEBU0123@@Z
??4Point@dewarping@security@bosch@@QEAAAEAU0123@$$QEAU0123@@Z
??4Point@dewarping@security@bosch@@QEAAAEAU0123@AEBU0123@@Z
??4PtzConverter@dewarping@security@bosch@@QEAAAEAV0123@$$QEAV0123@@Z
??4PtzConverter@dewarping@security@bosch@@QEAAAEAV0123@AEBV0123@@Z
??4Rectangle@dewarping@security@bosch@@QEAAAEAU0123@$$QEAU0123@@Z
??4Rectangle@dewarping@security@bosch@@QEAAAEAU0123@AEBU0123@@Z
??_7IConfiguration@dewarping@security@bosch@@6B@
??_7IDewarper@dewarping@security@bosch@@6B@
??_7IDewarperWithPtz@dewarping@security@bosch@@6B@
FishEye_CloseInterface
FishEye_GetCircle
FishEye_GetCoordinate
FishEye_Initial
FishEye_OpenInterface
FishEye_Release
FishEye_Transform
FishEye_UserSetCircle

Sections

.text
Size: 20.2MB - Virtual size: 20.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 658KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.4MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23265a10b6fec4b6a31e94d25d8a378c

Code Sign

0d:58:c2:8e:a9:0b:f2:b3:f1:e7:6f:4b:a9:38:ef:abCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a7:bc:88:5f:18:08:8a:d0:11:11:03:5d:97:2d:f9:96:29:c3:a1:fb:8e:1b:ba:2a:cc:94:35:f4:e1:97:f5:2dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

msvfw32

shlwapi

ws2_32

comctl32

uxtheme

msimg32

ddraw

version

bcrypt

winmm

Exports

Exports

Sections

.text Size: 20.2MB - Virtual size: 20.2MB

RT_CODE Size: 2KB - Virtual size: 2KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 658KB - Virtual size: 2.7MB

.pdata Size: 435KB - Virtual size: 435KB

_RDATA Size: 137KB - Virtual size: 136KB

.rsrc Size: 10.4MB - Virtual size: 10.4MB

.reloc Size: 70KB - Virtual size: 69KB

0d:58:c2:8e:a9:0b:f2:b3:f1:e7:6f:4b:a9:38:ef:ab
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a7:bc:88:5f:18:08:8a:d0:11:11:03:5d:97:2d:f9:96:29:c3:a1:fb:8e:1b:ba:2a:cc:94:35:f4:e1:97:f5:2d
Signer

.text
Size: 20.2MB - Virtual size: 20.2MB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 658KB - Virtual size: 2.7MB

.pdata
Size: 435KB - Virtual size: 435KB

_RDATA
Size: 137KB - Virtual size: 136KB

.rsrc
Size: 10.4MB - Virtual size: 10.4MB

.reloc
Size: 70KB - Virtual size: 69KB