App_Lite[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

App_Lite.zip
Size

103.7MB
MD5

da78922d4a5d49d96eb12c22539856cb
SHA1

6cb481f9ee7eedb5733da897f7a2df46b7218cc8
SHA256

e5f28e017baf7ffebe3b58cee33a73d3006acf6f3e15c9bb149aa4a13da6c848
SHA512

0643760b4ed503df5df75c2576e18ae08b178dfb4c4083032e8bf4150b98ff9e4d763fc72599b1e48c3a2430983e8c89a2d5472d41f3bbb59ba815f689ff3414
SSDEEP

3145728:TA6nCvaTW7Dl0irRY684u1H2u/F2javJS7xNmMy6O2+oW:JnCHB0i101H2uN2j+J2xNhNNW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iviewers.dll

Files

App_Lite.zip
.zip

Password: 1231
8eba5431e0170dbba6d837f816f2bcfe.log
Launcher.exe
.exe windows:10 windows x86 arch:x86

Password: 1231

667ab5d8d87d260574e136040f585247

Code Sign

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:7f:4d:97:0c:07:8c:97:e8:fb:f1:31:0a:cd:62:72:66:a6:b2:3b:fb:15:fd:1a:da:0d:ad:09:2c:53:9e:ba
Signer

Actual PE Digest

40:7f:4d:97:0c:07:8c:97:e8:fb:f1:31:0a:cd:62:72:66:a6:b2:3b:fb:15:fd:1a:da:0d:ad:09:2c:53:9e:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

OLEView.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueW
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegSetValueExW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
GetAce
GetSecurityDescriptorDacl
MakeAbsoluteSD
MapGenericMask
SetSecurityDescriptorDacl
LookupAccountSidW
SetEntriesInAclW
GetExplicitEntriesFromAclW
OpenProcessToken
AddAccessAllowedAce
AddAce
CopySid
EqualSid
GetAclInformation
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
LookupAccountNameW
RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
FreeSid

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcmpW
lstrlenW
lstrcmpiW
GetLastError
WinExec
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameW
ResumeThread
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemDefaultLCID
GetUserDefaultLCID
LocalAlloc
LocalFree
CloseHandle
GetCurrentProcess
lstrcatW
FormatMessageW
GetTickCount
SuspendThread
GetVersionExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwind
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
Sleep
FreeLibrary

gdi32

DeleteObject

user32

UpdateWindow
SetActiveWindow
GetMessagePos
OpenClipboard
SetCursor
SetClipboardData
LoadCursorW
GetFocus
LoadMenuW
EnableMenuItem
GetSubMenu
GetWindowRect
EnableWindow
SendMessageW
RedrawWindow
EmptyClipboard
ScreenToClient
LoadIconW
wsprintfW
MessageBoxW
CloseClipboard
DeleteMenu
LoadBitmapW

mfc42u

ord922
ord3993
ord540
ord538
ord858
ord940
ord2810
ord4155
ord800
ord1165
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5977
ord641
ord5285
ord5303
ord4074
ord5296
ord3341
ord2388
ord1172
ord1143
ord3733
ord561
ord6112
ord2613
ord3516
ord6398
ord986
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4604
ord2717
ord5710
ord4692
ord5298
ord815
ord520
ord1197
ord355
ord2507
ord3494
ord1202
ord384
ord2089
ord4269
ord2294
ord3133
ord567
ord5273
ord2116
ord2438
ord5257
ord1720
ord6193
ord5059
ord2634
ord3744
ord4219
ord6330
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2371
ord2377
ord5237
ord4401
ord1768
ord4073
ord4621
ord6051
ord3397
ord324
ord2506
ord4704
ord4992
ord4370
ord5276
ord4419
ord1767
ord6048
ord5261
ord3569
ord2567
ord609
ord4390
ord3635
ord2574
ord693
ord4396
ord3365
ord1808
ord4229
ord861
ord2362
ord2293
ord6195
ord3870
ord3605
ord656
ord3592
ord2637
ord4847
ord3297
ord1662
ord2644
ord6211
ord326
ord2078
ord3716
ord795
ord4103
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4886
ord4364
ord4893
ord4582
ord4583
ord3743
ord4426
ord5256
ord5236
ord6127
ord784
ord1718
ord4883
ord4954
ord4957
ord5031
ord364
ord4714
ord4527
ord2083
ord5277
ord4341
ord4334
ord6050
ord3728
ord810
ord3393
ord3724
ord2579
ord804
ord4400
ord3389
ord6212
ord1833
ord4236
ord489
ord4352
ord4942
ord4848
ord4371
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord768
ord4829
ord5283
ord1899
ord4253
ord860
ord338
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord4414
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord652
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord4617
ord4420
ord1817
ord4233
ord498
ord497
ord2520
ord1008
ord771
ord5284
ord1683
ord4433
ord4709
ord2046
ord4425
ord1900
ord4254
ord2756
ord3087
ord3871
ord3867
ord4118
ord3577
ord2570
ord4213
ord2015
ord2403
ord616
ord4392
ord2910
ord5568
ord2385
ord1258
ord3574
ord3348
ord3792
ord2859
ord3865
ord6191
ord2550
ord366
ord4146
ord2873
ord5848
ord2874
ord3398
ord5468
ord975
ord1658
ord2641
ord6205
ord5006
ord3345
ord4298
ord674
ord4072
ord4421
ord5097
ord5094
ord3054
ord5278
ord2382
ord2715
ord5248
ord4430
ord5233
ord4451
ord4493
ord3517
ord6399
ord5867
ord529
ord2109
ord5996
ord3477
ord6063
ord796
ord554
ord2112
ord4158
ord807
ord527
ord2244
ord2970
ord5906
ord3476
ord794
ord439
ord5491
ord5681
ord4538
ord4519
ord4524
ord736
ord3269
ord1834
ord4237
ord537
ord925
ord3658
ord4078
ord501
ord5617
ord1083
ord5596
ord773
ord2855
ord3649
ord2430
ord2858
ord1637
ord6266
ord2576
ord4215
ord4955
ord4958
ord4884
ord4717
ord4343
ord4335
ord5070
ord813
ord1719
ord303
ord4526
ord1105
ord6325
ord1262
ord3909
ord2857
ord3729
ord5255
ord4501
ord3394
ord543
ord803
ord3579
ord1863
ord1934
ord4267
ord1569

msvcrt

_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
wcsrchr
__p__commode
_XcptFilter
_callnewh
__CxxFrameHandler
free
malloc
memcmp
_vsnwprintf
wcstok
_wcsnicmp
wcstol
_wtoi
memset
_itow
exit
toupper
isspace
isxdigit
isdigit
_wcsicmp
memcpy

comctl32

ImageList_AddMasked

shell32

DragFinish
DragQueryFileW
ExtractIconW
ShellAboutW

shlwapi

wnsprintfW

ole32

MkParseDisplayName
CoTaskMemFree
StringFromCLSID
CoGetClassObject
CreateBindCtx
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoFreeUnusedLibraries
CLSIDFromString

oleaut32

LoadRegTypeLi
LoadTypeLi

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a0afc5420277f89b2f97876eead8e389.cfg
c5e1b3e35405b0644d9915d0bd08f2bd.cfg
cbf10912818bd5895cf2690e19327fd1.bak
ed1b8ef77996bb03cda533759a195805.log
iviewers.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: 1231

4e1b6a1fb67defd1f72d4bfbbbf6b23b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\Project10\Release\Project10.pdb

Imports

kernel32

Sleep
WriteConsoleW
CloseHandle
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
DecodePointer

shell32

ShellExecuteA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1231

Password: 1231

667ab5d8d87d260574e136040f585247

Code Sign

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

40:7f:4d:97:0c:07:8c:97:e8:fb:f1:31:0a:cd:62:72:66:a6:b2:3b:fb:15:fd:1a:da:0d:ad:09:2c:53:9e:baSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comctl32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 133KB - Virtual size: 133KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 11KB - Virtual size: 10KB

Password: 1231

4e1b6a1fb67defd1f72d4bfbbbf6b23b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

40:7f:4d:97:0c:07:8c:97:e8:fb:f1:31:0a:cd:62:72:66:a6:b2:3b:fb:15:fd:1a:da:0d:ad:09:2c:53:9e:ba
Signer

.text
Size: 133KB - Virtual size: 133KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB