Windows Analysis Report
malo.zip

Overview

General Information

Sample name: malo.zip
Analysis ID: 1559386
MD5: 64fc74457495cd5c7e59758845edb6f5
SHA1: 2dbb710f729dae3c4f3380c95cbd5c6f1c9eddb4
SHA256: 2fbd7b6a51a92c49809212abe6d6821d72ad45c62eb0d1c0b8634a36581125cb

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Program does not show much activity (idle)

Classification

Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdbh source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb< source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdb source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: classification engine Classification label: clean0.winZIP@1/0@0/0
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: malo.zip Static file information: File size 2731255 > 1048576
Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdbh source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb< source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdb source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
No contacted IP infos