keyi1[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

keyi1.zip
Size

93.6MB
MD5

6ae3059b73a1e222739683abd6715800
SHA1

86df186b69e5a9ce9cd194dbb430442148c78c2e
SHA256

b1cc45e42cbf1f530f02d3334beaa591dca557e4fa64a43024b0223f800d55d9
SHA512

139b86d6739fb01631f9aaf437bde80383dfa67010f5d7fd23111f4d8048d4fa2fb32c0709fcae1c4d4e36fe90040ae6d273d755d15276b4bb3b41cffeeb0c9f
SSDEEP

1572864:v0whg2VaDZcejhSEQrqOaxM1BZ829PCfCpVFZgEDyzB2WybRvkR1O4n3Se:v22YDZcetSEQrqBxMLZF9KQZjDyzB2WB

Score

1^/10

Malware Config

Signatures

Files

keyi1.zip
.zip

Password: infected
111/360Safe+338511+n6bf58e0f9e.exe
.exe windows:5 windows x86 arch:x86

Password: infected

f2ce6d89bc0f1a893d8dd3693cc70230

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26-04-2023 03:04

Not After

26-04-2026 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02-11-2023 10:30

Not After

04-12-2034 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:3f:c6:f0:d8:c6:7b:67:f6:db:53:0a:61:1d:60:0a:01:2c:53:ee:5e:b5:db:a9:84:13:e9:ba:ba:e7:3a:0c
Signer

Actual PE Digest

a4:3f:c6:f0:d8:c6:7b:67:f6:db:53:0a:61:1d:60:0a:01:2c:53:ee:5e:b5:db:a9:84:13:e9:ba:ba:e7:3a:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\729168\out\Release_i18n\Setup.pdb

Imports

kernel32

QueryPerformanceFrequency
lstrlenA
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
InterlockedExchange
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameA
GetDriveTypeA
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
GlobalAddAtomW
FindAtomW
CreateEventW
GetEnvironmentVariableW
GetLogicalDriveStringsW
GetWindowsDirectoryW
GetDriveTypeW
GetCurrentThreadId
MulDiv
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalFree
GetTickCount
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
FormatMessageA
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
FreeResource
GetSystemWindowsDirectoryW
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
LeaveCriticalSection
GetConsoleOutputCP
WriteConsoleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetModuleHandleA
HeapCreate
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetConsoleMode
SetEvent
GetSystemTime
TerminateProcess
GetCurrentThread
CreateProcessW
GlobalDeleteAtom
CreateMutexW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateThread
TerminateThread
OutputDebugStringW
GetFileSizeEx
CompareFileTime
EnterCriticalSection
QueryPerformanceCounter
SetLastError
lstrlenW
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
GetVersionExW
CopyFileW
MoveFileW
MoveFileExW
GetPrivateProfileStringW
GlobalFindAtomW
Sleep
GetFileAttributesW
WriteFile
CreateDirectoryW
GetTempPathW
GetTempFileNameW
WritePrivateProfileStringW
SetFileAttributesW
InterlockedDecrement
RemoveDirectoryW
DeleteFileW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetSystemDirectoryW
ReadFile
SetFilePointer
GetCurrentProcessId
CreateFileW
DeviceIoControl
LoadLibraryW
InterlockedIncrement
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetSystemInfo
GlobalMemoryStatusEx
FreeLibrary
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
GetConsoleCP
GetStartupInfoW
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
ExitThread
TlsFree
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
SetFilePointerEx
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
TlsAlloc
LockFile
GetStdHandle
SetConsoleTextAttribute
GetFileInformationByHandle
LocalFileTimeToFileTime
GetFileAttributesA
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
ResetEvent
ReadProcessMemory
OpenMutexW
GetExitCodeProcess
GetLongPathNameW
MapViewOfFile
LockFileEx
GetFileAttributesExW
UnlockFile
FindNextFileA
FindFirstFileA
GetVersion
InterlockedCompareExchange
GetFullPathNameW
OpenProcess
GetVolumeInformationW
FormatMessageW
SetFileTime
SetEndOfFile
WideCharToMultiByte
UnmapViewOfFile
GetFileSize
CreateFileMappingW
GetLocalTime
WriteConsoleW
SizeofResource

user32

InflateRect
wvsprintfW
PostMessageW
GetActiveWindow
SendMessageW
SendMessageTimeoutW
FindWindowW
CharNextW
IsWindow
EnableWindow
GetDlgItem
IsWindowEnabled
ShowWindow
SetDlgItemTextW
IsWindowVisible
SetForegroundWindow
EndDialog
GetWindowLongW
SetWindowTextW
MoveWindow
SetWindowPos
GetClientRect
ScreenToClient
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
GetDC
ReleaseDC
SetWindowLongW
UnregisterClassA
ExitWindowsEx
wsprintfW
GetWindowTextW
FindWindowExW
InvalidateRect
RedrawWindow
GetDlgCtrlID
SetFocus
MessageBeep
GetWindowTextLengthW
CreateDialogParamW
SetWindowRgn
SetTimer
KillTimer
CopyRect
DefWindowProcW
CallWindowProcW
BeginPaint
EndPaint
DialogBoxParamW
EnableMenuItem
DestroyWindow
GetSystemMenu
GetClassInfoExW
LoadCursorW
PostQuitMessage
IsIconic
SystemParametersInfoW
LoadIconW
RegisterClassExW
CreateWindowExW
LoadImageW
GetSystemMetrics
PtInRect
GetCursorPos
BringWindowToTop
DispatchMessageW
TrackMouseEvent
GetShellWindow
PostThreadMessageW
UpdateLayeredWindow
GetWindowThreadProcessId
PeekMessageW
GetMessageW
TranslateMessage
MessageBoxW

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
SetBkColor
CombineRgn
CreateRectRgn
SetViewportOrgEx
CreateDIBSection
EnumFontFamiliesW
DeleteObject
CreateSolidBrush

advapi32

RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
DuplicateTokenEx
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
ImpersonateSelf
AllocateAndInitializeSid
FreeSid
SetSecurityInfo
GetSecurityInfo
GetSecurityDescriptorSacl
IsValidSid
CopySid
RegQueryValueExW
RegQueryInfoKeyW
GetExplicitEntriesFromAclW
GetTrusteeNameW
DeleteAce
LookupAccountSidW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
CryptCreateHash
RegDeleteKeyW
GetUserNameW
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
CryptHashData
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
ChangeServiceConfigW
ControlService
GetTokenInformation
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ord680
CommandLineToArgvW
SHFileOperationW
SHChangeNotify
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHCreateDirectoryExW
ord165
SHBrowseForFolderW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoInitialize
OleRun

oleaut32

VariantChangeType
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString
VarUI4FromStr

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathAddBackslashW
StrStrIA
StrCmpNIW
PathRemoveArgsW
PathMatchSpecW
StrRetToStrW
PathIsSameRootW
StrCatW
StrCpyW
PathIsPrefixW
PathIsDirectoryEmptyW
PathCombineA
PathUnquoteSpacesW
SHSetValueW
PathFileExistsW
SHGetValueW
SHDeleteValueW
PathFileExistsA
SHGetValueA
PathCombineW
PathAppendW
PathIsRelativeW
SHDeleteKeyW
StrStrIW
PathRemoveFileSpecW
StrCmpIW
PathFindExtensionW
SHSetValueA
wnsprintfW
StrCmpW
PathAppendA
StrTrimA
PathCommonPrefixW
PathIsDirectoryW

comctl32

InitCommonControlsEx

crypt32

CertDeleteCertificateFromStore
CertCompareCertificate
CertDuplicateCertificateContext
CertCloseStore
CertGetNameStringW
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetNameStringA
CryptQueryObject
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCreateCertificateChainEngine
CertFreeCertificateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
NdrServerCall2
RpcStringBindingComposeW
NdrAsyncServerCall
NdrClientCall2
NdrAsyncClientCall

gdiplus

GdipClosePathFigure
GdipCreateSolidFill
GdipAddPathBezierI
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipTranslateWorldTransform
GdipScaleWorldTransform
GdipRotateWorldTransform
GdipGraphicsClear
GdipSetStringFormatLineAlign
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipFillPath
GdipSetStringFormatAlign
GdipSaveGraphics
GdipRestoreGraphics
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdipCloneImage
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipAddPathArcI
GdipFree

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetQueryOptionW
InternetSetOptionW

netapi32

NetApiBufferFree
NetWkstaGetInfo

setupapi

SetupIterateCabinetW

ws2_32

__WSAFDIsSet
WSAGetLastError
select
recv
WSASetLastError
send
closesocket

Sections

.text
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f2ce6d89bc0f1a893d8dd3693cc70230

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

a4:3f:c6:f0:d8:c6:7b:67:f6:db:53:0a:61:1d:60:0a:01:2c:53:ee:5e:b5:db:a9:84:13:e9:ba:ba:e7:3a:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

crypt32

version

psapi

rpcrt4

gdiplus

urlmon

iphlpapi

wininet

netapi32

setupapi

ws2_32

Sections

.text Size: 725KB - Virtual size: 725KB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 55KB - Virtual size: 76KB

.rsrc Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 81KB - Virtual size: 80KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

a4:3f:c6:f0:d8:c6:7b:67:f6:db:53:0a:61:1d:60:0a:01:2c:53:ee:5e:b5:db:a9:84:13:e9:ba:ba:e7:3a:0c
Signer

.text
Size: 725KB - Virtual size: 725KB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 55KB - Virtual size: 76KB

.rsrc
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 81KB - Virtual size: 80KB