8aeb956f9af962af7a306b6001bd54d8fbd9ef792d0df46162d3fb0deb54f38a[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8aeb956f9af962af7a306b6001bd54d8fbd9ef792d0df46162d3fb0deb54f38a.zip
Size

2.5MB
MD5

27effb9facb83f0859324cdd13011e47
SHA1

142bdd0168fa44946908bcf394d6fd5dd5db2e12
SHA256

8aeb956f9af962af7a306b6001bd54d8fbd9ef792d0df46162d3fb0deb54f38a
SHA512

65cc322736cd436407918178a85b9eab1334ebff7d7caf8f2e8c1ae091a2cba94582217b26e1fd72b5db2ba1fbd4a34ff6111c1cb17d36e3629282526bbfb118
SSDEEP

12288:+SGKrr9lYp/LT2QcHhIlqA96G5wSVxoJJjRYohglIwGQzLtraen6t:+q2pjwHhIlz6C3oJJxMR7na

Score

1^/10

Malware Config

Signatures

Files

8aeb956f9af962af7a306b6001bd54d8fbd9ef792d0df46162d3fb0deb54f38a.zip
.zip

Password: infected
Setup.exe
.exe windows:6 windows x86 arch:x86

Password: infected

a9d9850d30c242936bb8fcb25793dfd9

Code Sign

6f:92:1b:14:76:40:21:98:4f:45:71:a8:e1:56:53:d5
Certificate

Issuer

CN=assonanced

Not Before

19/12/2024, 15:10

Not After

19/12/2025, 15:30

Subject

CN=assonanced

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:92:1b:14:76:40:21:98:4f:45:71:a8:e1:56:53:d5
Certificate

Issuer

CN=assonanced

Not Before

19/12/2024, 15:10

Not After

19/12/2025, 15:30

Subject

CN=assonanced

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:15:9f:85:4d:32:00:ff:34:cb:f2:ad:94:28:22:37:eb:f6:b3:0d:56:93:cd:90:86:b9:72:45:ca:8e:d6:64
Signer

Actual PE Digest

2c:15:9f:85:4d:32:00:ff:34:cb:f2:ad:94:28:22:37:eb:f6:b3:0d:56:93:cd:90:86:b9:72:45:ca:8e:d6:64

Digest Algorithm

sha256

PE Digest Matches

true

f0:e1:a7:20:cb:8c:47:e4:4c:f8:99:e2:e1:9f:27:d8:20:65:ea:8a
Signer

Actual PE Digest

f0:e1:a7:20:cb:8c:47:e4:4c:f8:99:e2:e1:9f:27:d8:20:65:ea:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\ob\bora-22583795\bora\build\build\vnetlibexe\release\win32\vnetlib.pdb

Imports

kernel32

RtlUnwind
WriteConsoleW
CloseHandle
CreateFileW
ReadConsoleW
ReadFile
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetTempPathW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
SetLastError
GetLastError
GetProcAddress
GetModuleHandleExW
FreeLibrary
ExitProcess
GetModuleFileNameW
WriteFile
EncodePointer
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateFileA
SetEndOfFile
LoadLibraryW
GetVersionExA
GetTempFileNameW
GetFileSizeEx
FileTimeToSystemTime
FileTimeToLocalFileTime
FindResourceA
SizeofResource
GetModuleHandleA
CreateThread
CreateEventA
SetEvent
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
MoveFileExW
Sleep
CopyFileW
FormatMessageW
GetSystemDirectoryW
DeviceIoControl
SetFileAttributesW
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
LocalFree
LocalAlloc
DeleteFileW
ExpandEnvironmentStringsW
GetSystemInfo
VerSetConditionMask
DosDateTimeToFileTime
RaiseException
GetTimeZoneInformation
LCMapStringEx
WaitForSingleObjectEx
CreateEventW
InitializeCriticalSectionEx
ResetEvent
GetStdHandle
LoadLibraryExA
VirtualQuery
VirtualProtect
InitializeCriticalSection
CreateFileMappingA
GetVersionExW
DecodePointer
VerifyVersionInfoW
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
lstrcmpA

ws2_32

inet_addr
inet_ntoa
ntohl
htonl
recvfrom
select
sendto
socket
closesocket
WSAStartup
WSAGetLastError

advapi32

LockServiceDatabase
LookupAccountSidW
OpenServiceA
OpenSCManagerA
EnumDependentServicesA
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
FreeInheritedFromArray
GetInheritanceSourceW
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
LookupPrivilegeDisplayNameA
LookupPrivilegeNameA
IsValidSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorControl
GetAclInformation
GetAce
EqualSid
AddAce
SetEntriesInAclW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueA
SetSecurityDescriptorDacl
IsValidAcl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenProcessToken

setupapi

SetupDiGetDriverInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupGetLineTextW
SetupOpenInfFileW
SetupQueryInfOriginalFileInformationW
SetupGetInfInformationW
SetupGetNonInteractiveMode
SetupGetLineTextA
SetupCloseInfFile
SetupOpenInfFileA
SetupGetInfFileListA
CM_Get_DevNode_Status
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
SetupDiBuildClassInfoList
SetupDiGetClassDevsW
CMP_WaitNoPendingInstallEvents
SetupCopyOEMInfW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupSetNonInteractiveMode
SetupDiBuildDriverInfoList

iphlpapi

GetIpAddrTable

user32

SendMessageA
DestroyWindow
GetDlgItem
IsWindow
EnumChildWindows
GetWindowThreadProcessId
LoadStringA
LoadStringW
CreateWindowExW

ole32

StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoQueryProxyBlanket
CoTaskMemFree

oleaut32

SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SysAllocString
SysStringLen
SysFreeString

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetKnownFolderPath
SHGetFolderPathW

rpcrt4

UuidCreate

crypt32

CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetNameStringW
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

Sections

.text
Size: 607KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 347KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a9d9850d30c242936bb8fcb25793dfd9

Code Sign

6f:92:1b:14:76:40:21:98:4f:45:71:a8:e1:56:53:d5Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

6f:92:1b:14:76:40:21:98:4f:45:71:a8:e1:56:53:d5Certificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

2c:15:9f:85:4d:32:00:ff:34:cb:f2:ad:94:28:22:37:eb:f6:b3:0d:56:93:cd:90:86:b9:72:45:ca:8e:d6:64Signer

f0:e1:a7:20:cb:8c:47:e4:4c:f8:99:e2:e1:9f:27:d8:20:65:ea:8aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

setupapi

iphlpapi

user32

ole32

oleaut32

newdev

shell32

rpcrt4

crypt32

wintrust

Sections

.text Size: 607KB - Virtual size: 606KB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 46KB - Virtual size: 55KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 347KB - Virtual size: 347KB

6f:92:1b:14:76:40:21:98:4f:45:71:a8:e1:56:53:d5
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6f:92:1b:14:76:40:21:98:4f:45:71:a8:e1:56:53:d5
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

2c:15:9f:85:4d:32:00:ff:34:cb:f2:ad:94:28:22:37:eb:f6:b3:0d:56:93:cd:90:86:b9:72:45:ca:8e:d6:64
Signer

f0:e1:a7:20:cb:8c:47:e4:4c:f8:99:e2:e1:9f:27:d8:20:65:ea:8a
Signer

.text
Size: 607KB - Virtual size: 606KB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 46KB - Virtual size: 55KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 347KB - Virtual size: 347KB