Emulator[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Emulator.zip
Size

3.9MB
MD5

58bfff68366e2d17fd31f6cedc6059c2
SHA1

0770f05f34c7011b9d4eea3e8c892b995561c215
SHA256

0348806d187129df19b440ff356020396bbe39bafcac8ca5f993ff6dd67df484
SHA512

2ac215288a35f560c4ae6bba44885275c33fd72b83f8855b0ef1a776c15c2663fb5ee22101460fee86e5376fb42379c509e7b77dde6ab9a49e3c64b49e703e33
SSDEEP

98304:Iup+cYK1gzlWIrHrbpDP8lUHrni9JIXaY9AqIwBlWDOdcUNyGtahpR//:z+cYKWVpDP1Hr8JIXaYWqJbHmespR//

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/Emulator/Setup DVREMU2 Manager v1.0.0.exe	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Emulator/Setup DVREMU2 Manager v1.0.0.exe

Files

Emulator.zip
.zip

Password: rererere
Emulator/R2R.nfo
Emulator/R2R.txt
Emulator/Setup DVREMU2 Manager v1.0.0.exe
.exe windows:5 windows x86 arch:x86

Password: rererere

20dd26497880c05caed9305b3c8b9109

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup/Install Resolve 19.0.2.exe
.exe windows:6 windows x64 arch:x64

Password: rererere

f4a4792d62f654b54486ae404c2121ea

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:b5:05:36:69:ff:09:54:44:0e:63:c5:e0:3e:61:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/01/2022, 00:00

Not After

08/01/2025, 23:59

Subject

SERIALNUMBER=098 098 287,CN=Blackmagic Design Pty Ltd,O=Blackmagic Design Pty Ltd,L=Port Melbourne,ST=Victoria,C=AU,1.3.6.1.4.1.311.60.2.1.3=#13024155,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:72:ae:7b:9c:d3:25:51:e8:b2:b5:74:0e:e3:f0:c4:aa:89:49:48:d1:87:f3:2c:7e:2e:76:65:44:53:d0:8e
Signer

Actual PE Digest

51:72:ae:7b:9c:d3:25:51:e8:b2:b5:74:0e:e3:f0:c4:aa:89:49:48:d1:87:f3:2c:7e:2e:76:65:44:53:d0:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysAllocStringLen
VariantClear
SysStringLen

user32

SetForegroundWindow
AllowSetForegroundWindow
MessageBoxW
EnumWindows
GetWindowThreadProcessId
GetProcessWindowStation
DestroyWindow
ShowWindow
EndDialog
SetWindowTextW
CharUpperW
LoadStringW
DialogBoxParamW
GetDlgItem
SetActiveWindow
PostMessageW
LoadIconW
KillTimer
SetTimer
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
GetUserObjectInformationW

shell32

ShellExecuteExW

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

ws2_32

WSACleanup
WSAGetLastError
recv
WSASetLastError
closesocket
send

bcrypt

BCryptGenRandom

kernel32

LCMapStringW
CompareStringW
FlsFree
FlsGetValue
FlsAlloc
HeapAlloc
HeapReAlloc
HeapFree
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
SetStdHandle
GetFullPathNameW
FlsSetValue
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
CloseHandle
GetLastError
WaitForSingleObject
CreateProcessW
GetProcessId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadLibraryW
GetStringTypeW
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleHandleA
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
GetStdHandle
GetFileInformationByHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
GetVersionExW
lstrcatW
lstrlenW
InitializeCriticalSection
SetEvent
ResetEvent
CreateEventW
GetEnvironmentVariableW
GetFileType
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
RtlVirtualUnwind
DeleteFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
LocalFree
GetCurrentProcess

advapi32

ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegisterEventSourceW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: rererere

Password: rererere

20dd26497880c05caed9305b3c8b9109

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 61KB - Virtual size: 60KB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 44KB - Virtual size: 44KB

Password: rererere

f4a4792d62f654b54486ae404c2121ea

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:b5:05:36:69:ff:09:54:44:0e:63:c5:e0:3e:61:a6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

51:72:ae:7b:9c:d3:25:51:e8:b2:b5:74:0e:e3:f0:c4:aa:89:49:48:d1:87:f3:2c:7e:2e:76:65:44:53:d0:8eSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

shell32

crypt32

ws2_32

bcrypt

kernel32

advapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 521KB - Virtual size: 520KB

.data Size: 11KB - Virtual size: 37KB

.pdata Size: 61KB - Virtual size: 61KB

.rsrc Size: 71KB - Virtual size: 71KB

.text
Size: 61KB - Virtual size: 60KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 44KB - Virtual size: 44KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:b5:05:36:69:ff:09:54:44:0e:63:c5:e0:3e:61:a6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

51:72:ae:7b:9c:d3:25:51:e8:b2:b5:74:0e:e3:f0:c4:aa:89:49:48:d1:87:f3:2c:7e:2e:76:65:44:53:d0:8e
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 521KB - Virtual size: 520KB

.data
Size: 11KB - Virtual size: 37KB

.pdata
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 71KB - Virtual size: 71KB