20396165116[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

20396165116.zip
Size

394KB
MD5

b081377e58bfddf7741a002e0282ebdc
SHA1

adcc45489959a320d0aba37635ae338caec40ea8
SHA256

678ea394d9523956e439a2a44728906160e0bf65f050dedde04b7cd3beca13a2
SHA512

3f86e54896045ce8cc64af06dd42157aab9be45f9b5852a9d0467c55cb2a88c34eefe2e49bc4eb2417d902a9ba90ed5cfae2ca99afdb097b1d11a9481aca22b2
SSDEEP

12288:kB130BAECMaaulWHZ9PxTi224TBDL8ljF+3:kuwH4HZ9PxTNDL8l5o

Score

1^/10

Malware Config

Signatures

Files

20396165116.zip
.zip

Password: infected
d2100ffe58eb50c05d97a3da738ccd1f0be9672c057c26a10140af80595b78c3
.exe windows:6 windows x86 arch:x86

4dbee8fefcf6e06bc57a502d8d28d576

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:3c:c1:c7:0b:da:ab:44:83:a1:c4:07:6c:82:98:87:d5:ce:50:b7:13:1f:c4:58:ac:dc:7d:de:45:3e:6f:d2
Signer

Actual PE Digest

9b:3c:c1:c7:0b:da:ab:44:83:a1:c4:07:6c:82:98:87:d5:ce:50:b7:13:1f:c4:58:ac:dc:7d:de:45:3e:6f:d2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\scvhost\Release\scvhost.pdb

Imports

kernel32

InitializeCriticalSectionEx
FindClose
WaitForSingleObject
GetModuleHandleA
OpenProcess
HeapSize
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetTempPathA
FormatMessageW
CopyFileA
GetLastError
Process32NextW
SetEvent
TerminateThread
TlsAlloc
Process32FirstW
HeapReAlloc
LeaveCriticalSection
RaiseException
ResetEvent
HeapAlloc
QueueUserAPC
DecodePointer
GetProcAddress
LocalFree
DeleteCriticalSection
GetProcessHeap
CreateProcessW
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
FormatMessageA
IsDebuggerPresent
WriteConsoleW
CreateFileW
SetStdHandle
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
TlsSetValue
CloseHandle
FindFirstFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetCurrentThreadId
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
OutputDebugStringW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
RtlUnwind
InterlockedPushEntrySList
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DeleteFileW
MoveFileExW
ReadFile
ReadConsoleW
SetFilePointerEx
SetEndOfFile

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegGetValueA
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyW
RegQueryValueExW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

WSAStartup
WSACleanup

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4dbee8fefcf6e06bc57a502d8d28d576

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

9b:3c:c1:c7:0b:da:ab:44:83:a1:c4:07:6c:82:98:87:d5:ce:50:b7:13:1f:c4:58:ac:dc:7d:de:45:3e:6f:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

ws2_32

bcrypt

Sections

.text Size: 550KB - Virtual size: 549KB

.rdata Size: 170KB - Virtual size: 170KB

.data Size: 23KB - Virtual size: 31KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 34KB - Virtual size: 33KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

9b:3c:c1:c7:0b:da:ab:44:83:a1:c4:07:6c:82:98:87:d5:ce:50:b7:13:1f:c4:58:ac:dc:7d:de:45:3e:6f:d2
Signer

.text
Size: 550KB - Virtual size: 549KB

.rdata
Size: 170KB - Virtual size: 170KB

.data
Size: 23KB - Virtual size: 31KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 34KB - Virtual size: 33KB