8252265864[.]zip

Resubmissions

07/11/2022, 10:43

221107-msfk8seeer 3

07/11/2022, 10:18

221107-mcbx4sdghk 8

04/11/2022, 14:40

221104-r1zrasaahq 8

Sharing

Copy URL Twitter E-mail

General

Target

8252265864.zip
Size

5.6MB
MD5

679d717f1d7c7b2cf27aa095bae78e9f
SHA1

075a9a70615dafc17ab8695ab80db0d2a2cc30a3
SHA256

ef4f70d4e76ce1d1eb84c22bd9c8632d69e015cf9c6982518cadfb2fd4644469
SHA512

ade1d949267414ccf72935546ea0897a7f6930103ed343f74468cf772c096bd5a6f6e39db0615a53499343b4fb7d8aec7b4badf8e5bc980da2059689e27b2001
SSDEEP

98304:mYcIkv7b97EkLnKZ5m+EDthzGCpzDysWQz4OY/yrsmyc/dSzOKfDh/GugLJ9:U97EG+m1/6CpzxvvLs5c/drKLh+T

Score

N/A

Malware Config

Signatures

Files

8252265864.zip
.zip

Password: infected
596eaef93bdcd00a3aedaf6ad6d46db4429eeba61219b7e01b1781ebbf6e321b
.zip

Password: infected
KeePass.XmlSerializers.dll
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:14:6f:53:3f:14:09:52:39:76:4e:4a:af:19:8a:5f:03:9a:b4:3f:8a:19:55:02:2e:4a:1b:12:e3:87:9c:5c
Signer

Actual PE Digest

8b:14:6f:53:3f:14:09:52:39:76:4e:4a:af:19:8a:5f:03:9a:b4:3f:8a:19:55:02:2e:4a:1b:12:e3:87:9c:5c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

04:43:0e:37:a3:9d:0c:f9:c0:b0:29:ce:d3:36:a2:61:8b:5a:ed:34
Signer

Actual PE Digest

04:43:0e:37:a3:9d:0c:f9:c0:b0:29:ce:d3:36:a2:61:8b:5a:ed:34

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeePass.chm
.chm
KeePass.exe.config
.xml
KeePassLibC32.dll
.dll windows x86

Password: infected

9b3ae4777a424138943a8e4bf259162e

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:ba:92:d4:30:27:78:5e:6f:43:0f:c8:2c:61:08:e1:f2:42:8b:05:b0:c2:a5:87:ec:69:e3:66:14:df:64:54
Signer

Actual PE Digest

a8:ba:92:d4:30:27:78:5e:6f:43:0f:c8:2c:61:08:e1:f2:42:8b:05:b0:c2:a5:87:ec:69:e3:66:14:df:64:54

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

70:b2:3c:0c:dc:d9:2c:c5:2c:4f:e3:dc:81:0b:a5:c8:d6:42:db:2f
Signer

Actual PE Digest

70:b2:3c:0c:dc:d9:2c:c5:2c:4f:e3:dc:81:0b:a5:c8:d6:42:db:2f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

GetModuleHandleW
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
ExitThread
GetCommandLineA
RtlUnwind
Sleep
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
HeapCreate
HeapDestroy
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalUnlock
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
SetFileTime
FileTimeToSystemTime
GetFileTime
SetFileAttributesA
FormatMessageA
MoveFileExA
CreateDirectoryA
GetTempPathA
GetVolumeInformationA
GetTickCount
MoveFileA
LocalFree
SetLastError
GetFullPathNameA
GetLastError
lstrlenA
MultiByteToWideChar
GetSystemTime
GetStartupInfoA
GetSystemInfo
GetProcessHeap
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
GetLocalTime
QueryPerformanceCounter
GetCurrentProcess
GetFileAttributesA
GetVersionExA
FlushFileBuffers
WriteFile
SetFilePointer
DeleteFileA
CreateFileA
GetModuleFileNameA
LCMapStringA
LoadLibraryA
GetStringTypeExA
GetUserDefaultLCID
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FreeLibrary
GetProcAddress
CloseHandle
WaitForSingleObject
CreateThread
VirtualAlloc
InterlockedCompareExchange

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
SendMessageA
GetOpenClipboardWindow
GetMessageTime
GetMessagePos
GetInputState
GetForegroundWindow
GetFocus
GetClipboardViewer
GetClipboardOwner
GetCapture
GetActiveWindow
GetCaretPos
GetCursorPos
LoadStringA
GetDesktopWindow
MessageBoxA
SetWindowPos

gdi32

GetStockObject
TextOutA
RectVisible
PtVisible
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteObject
GetClipBox
SetMapMode
SetTextColor
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetNamedSecurityInfoA
EncryptFileA
GetNamedSecurityInfoA
DecryptFileA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
SetSecurityInfo
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
GetTokenInformation

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoCreateGuid

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

AddEntry
AddGroup
AttachFileAsBinaryData
BackupEntry
CreateEntry
CreateGroup
DeleteEntry
DeleteGroupById
DeleteManager
Find
FixGroupTree
GetAlgorithm
GetEntry
GetEntryByGroup
GetEntryByGroupN
GetEntryByUuid
GetEntryByUuidN
GetEntryPosInGroup
GetEntryStruct
GetGroup
GetGroupById
GetGroupByIdN
GetGroupId
GetGroupIdByIndex
GetGroupStruct
GetGroupTree
GetKeePassVersion
GetKeePassVersionString
GetKeyEncRounds
GetLastChildGroup
GetLastEditedEntry
GetLibraryBuild
GetNeverExpireTime
GetNumberOfEntries
GetNumberOfGroups
GetNumberOfItemsInGroup
GetNumberOfItemsInGroupN
GetRawMasterKey
InitManager
IsAllowedStoreGroup
IsZeroUUID
LockEntryPassword
MemAllocCopyEntry
MemFreeEntry
MergeIn
MoveEntry
MoveGroup
NewDatabase
OpenDatabase
PE_GetBinaryData
PE_GetBinaryDataLength
PE_GetBinaryDesc
PE_GetCreationTime
PE_GetExpireTime
PE_GetGroupID
PE_GetImageID
PE_GetLastAccessTime
PE_GetLastModTime
PE_GetNotes
PE_GetPasswordPtr
PE_GetTitle
PE_GetURL
PE_GetUUID
PE_GetUserName
PE_SetBinaryData
PE_SetBinaryDesc
PE_SetCreationTime
PE_SetExpireTime
PE_SetGroupID
PE_SetImageID
PE_SetLastAccessTime
PE_SetLastModTime
PE_SetNotes
PE_SetPasswordAndLock
PE_SetTitle
PE_SetURL
PE_SetUUID
PE_SetUserName
PG_GetCreationTime
PG_GetExpireTime
PG_GetID
PG_GetImageID
PG_GetLastAccessTime
PG_GetLastModTime
PG_GetLevel
PG_GetName
PG_SetCreationTime
PG_SetExpireTime
PG_SetID
PG_SetImageID
PG_SetLastAccessTime
PG_SetLastModTime
PG_SetLevel
PG_SetName
ProtectProcessWithDacl
PwTimeToTime
RemoveBinaryData
SaveBinaryData
SaveDatabase
SetAlgorithm
SetEntry
SetGroup
SetKeyEncRounds
SetMasterKey
SetRawMasterKey
SortGroup
SortGroupList
SubstEntryGroupIds
TimeToPwTime
TransformKey256
TransformKeyBenchmark256
UnlockEntryPassword
argon2_ctx
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeePassLibC64.dll
.dll windows x64

Password: infected

5c19870740512156556bc298057e8d07

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:40:a9:a1:4e:82:ac:92:ea:57:1d:c6:9f:71:57:32:ba:db:d9:c7:df:44:24:8b:16:f4:fc:b1:43:f8:05:15
Signer

Actual PE Digest

15:40:a9:a1:4e:82:ac:92:ea:57:1d:c6:9f:71:57:32:ba:db:d9:c7:df:44:24:8b:16:f4:fc:b1:43:f8:05:15

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

47:c1:dc:9a:9d:84:df:e2:90:77:25:2f:ed:6e:2e:a2:b8:4e:4a:92
Signer

Actual PE Digest

47:c1:dc:9a:9d:84:df:e2:90:77:25:2f:ed:6e:2e:a2:b8:4e:4a:92

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

kernel32

GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
ExitThread
FlsSetValue
GetCommandLineA
RtlUnwindEx
Sleep
ExitProcess
RaiseException
RtlPcToFileHeader
GetModuleHandleW
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
HeapSetInformation
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GlobalFree
GlobalUnlock
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
SetFileTime
FileTimeToSystemTime
GetFileTime
SetFileAttributesA
FormatMessageA
MoveFileExA
CreateDirectoryA
GetTempPathA
GetVolumeInformationA
GetTickCount
MoveFileA
LocalFree
SetLastError
GetFullPathNameA
GetLastError
lstrlenA
MultiByteToWideChar
GetSystemTime
GetStartupInfoA
GetSystemInfo
GetProcessHeap
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
GetLocalTime
QueryPerformanceCounter
GetCurrentProcess
GetFileAttributesA
GetVersionExA
FlushFileBuffers
WriteFile
SetFilePointer
DeleteFileA
CreateFileA
GetModuleFileNameA
LCMapStringA
LoadLibraryA
GetStringTypeExA
GetUserDefaultLCID
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FreeLibrary
GetProcAddress
CloseHandle
WaitForSingleObject
CreateThread
HeapReAlloc

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
SendMessageA
GetOpenClipboardWindow
GetMessageTime
GetMessagePos
GetInputState
GetForegroundWindow
GetFocus
GetClipboardViewer
GetClipboardOwner
GetCapture
GetActiveWindow
GetCaretPos
GetCursorPos
LoadStringA
GetDesktopWindow
MessageBoxA
SystemParametersInfoA

gdi32

GetStockObject
RectVisible
DeleteDC
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteObject
GetClipBox
SetMapMode
SetTextColor
TextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetNamedSecurityInfoA
EncryptFileA
GetNamedSecurityInfoA
DecryptFileA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
SetSecurityInfo
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
GetTokenInformation

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoCreateGuid

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

AddEntry
AddGroup
AttachFileAsBinaryData
BackupEntry
CreateEntry
CreateGroup
DeleteEntry
DeleteGroupById
DeleteManager
Find
FixGroupTree
GetAlgorithm
GetEntry
GetEntryByGroup
GetEntryByGroupN
GetEntryByUuid
GetEntryByUuidN
GetEntryPosInGroup
GetEntryStruct
GetGroup
GetGroupById
GetGroupByIdN
GetGroupId
GetGroupIdByIndex
GetGroupStruct
GetGroupTree
GetKeePassVersion
GetKeePassVersionString
GetKeyEncRounds
GetLastChildGroup
GetLastEditedEntry
GetLibraryBuild
GetNeverExpireTime
GetNumberOfEntries
GetNumberOfGroups
GetNumberOfItemsInGroup
GetNumberOfItemsInGroupN
GetRawMasterKey
InitManager
IsAllowedStoreGroup
IsZeroUUID
LockEntryPassword
MemAllocCopyEntry
MemFreeEntry
MergeIn
MoveEntry
MoveGroup
NewDatabase
OpenDatabase
PE_GetBinaryData
PE_GetBinaryDataLength
PE_GetBinaryDesc
PE_GetCreationTime
PE_GetExpireTime
PE_GetGroupID
PE_GetImageID
PE_GetLastAccessTime
PE_GetLastModTime
PE_GetNotes
PE_GetPasswordPtr
PE_GetTitle
PE_GetURL
PE_GetUUID
PE_GetUserName
PE_SetBinaryData
PE_SetBinaryDesc
PE_SetCreationTime
PE_SetExpireTime
PE_SetGroupID
PE_SetImageID
PE_SetLastAccessTime
PE_SetLastModTime
PE_SetNotes
PE_SetPasswordAndLock
PE_SetTitle
PE_SetURL
PE_SetUUID
PE_SetUserName
PG_GetCreationTime
PG_GetExpireTime
PG_GetID
PG_GetImageID
PG_GetLastAccessTime
PG_GetLastModTime
PG_GetLevel
PG_GetName
PG_SetCreationTime
PG_SetExpireTime
PG_SetID
PG_SetImageID
PG_SetLastAccessTime
PG_SetLastModTime
PG_SetLevel
PG_SetName
ProtectProcessWithDacl
PwTimeToTime
RemoveBinaryData
SaveBinaryData
SaveDatabase
SetAlgorithm
SetEntry
SetGroup
SetKeyEncRounds
SetMasterKey
SetRawMasterKey
SortGroup
SortGroupList
SubstEntryGroupIds
TimeToPwTime
TransformKey256
TransformKeyBenchmark256
UnlockEntryPassword
argon2_ctx
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx

Sections

.text
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
ShInstUtil.exe
.exe windows x86

Password: infected

9ad0494984fc3ede58e229096270cf2e

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:16:fe:76:f6:4b:01:d7:90:3f:b7:7f:79:1a:04:0b:9a:bf:3e:f4:bc:29:df:a0:15:f2:82:e0:a6:38:2e:9c
Signer

Actual PE Digest

fa:16:fe:76:f6:4b:01:d7:90:3f:b7:7f:79:1a:04:0b:9a:bf:3e:f4:bc:29:df:a0:15:f2:82:e0:a6:38:2e:9c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

ce:4f:f1:12:7a:9d:c8:e5:79:fd:e5:d2:ad:59:bb:9c:ea:45:59:ad
Signer

Actual PE Digest

ce:4f:f1:12:7a:9d:c8:e5:79:fd:e5:d2:ad:59:bb:9c:ea:45:59:ad

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

Sleep
GetVersionExW
GetModuleFileNameW
WaitForSingleObject
FindNextFileW
CloseHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
FindFirstFileW
GetCommandLineW
FindClose
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
LCMapStringW
HeapAlloc
HeapFree
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
VirtualAlloc
HeapReAlloc

user32

MessageBoxW

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

ShellExecuteExW

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XSL/KDBX_Common.xsl
.xml
XSL/KDBX_DetailsFull_HTML.xsl
.xml
XSL/KDBX_DetailsLight_HTML.xsl
.xml
XSL/KDBX_PasswordsOnly_TXT.xsl
.xml
XSL/KDBX_Tabular_HTML.xsl
.xml
hlpr.dat
.dll windows x64

Password: infected

643c3d5c721741ad5b90c98c48007038

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcessId
FreeResource
GetModuleHandleW
LoadResource
LockResource
SizeofResource
CloseHandle
EnumResourceTypesW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
WriteConsoleW
WriteFile
SetEndOfFile
FindResourceW
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

Exports

Exports

fwdTst

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.dat
.exe windows x86

Password: infected

e569e6f445d32ba23766ad67d1e3787f

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2022, 07:08

Not After

06/02/2023, 07:08

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:e1:f4:69:0f:22:6e:86:a8:d8:3d:47:32:66:c0:fe:03:ae:11:66:86:5d:9e:28:dd:1a:ee:20:52:c1:0c:c3
Signer

Actual PE Digest

d2:e1:f4:69:0f:22:6e:86:a8:d8:3d:47:32:66:c0:fe:03:ae:11:66:86:5d:9e:28:dd:1a:ee:20:52:c1:0c:c3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

83:77:53:53:a1:00:2a:11:c5:51:45:60:25:68:ba:fc:fb:3e:4e:8d
Signer

Actual PE Digest

83:77:53:53:a1:00:2a:11:c5:51:45:60:25:68:ba:fc:fb:3e:4e:8d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

04/11/2022, 15:42
Valid: true

Chain 1

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Chain 2

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.exe
.exe windows x86

Password: infected

c8a247ca80236d13e8666489872047d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetModuleFileNameW
lstrlenA
WaitForSingleObject
CreateFileW
Sleep
GetLastError
OutputDebugStringW
lstrcatW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
CreateProcessW
WriteConsoleW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

user32

wsprintfW
MessageBoxW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

8b:14:6f:53:3f:14:09:52:39:76:4e:4a:af:19:8a:5f:03:9a:b4:3f:8a:19:55:02:2e:4a:1b:12:e3:87:9c:5cSigner

Signature Validations

Verification

04/11/2022, 15:42 Valid: true

Chain 1

Chain 2

04:43:0e:37:a3:9d:0c:f9:c0:b0:29:ce:d3:36:a2:61:8b:5a:ed:34Signer

Signature Validations

Verification

04/11/2022, 15:42 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 400KB - Virtual size: 397KB

.rsrc Size: 4KB - Virtual size: 768B

.reloc Size: 4KB - Virtual size: 12B

Password: infected

9b3ae4777a424138943a8e4bf259162e

Code Sign

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7Certificate

Extended Key Usages

Key Usages

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

8b:14:6f:53:3f:14:09:52:39:76:4e:4a:af:19:8a:5f:03:9a:b4:3f:8a:19:55:02:2e:4a:1b:12:e3:87:9c:5c
Signer

04/11/2022, 15:42
Valid: true

04:43:0e:37:a3:9d:0c:f9:c0:b0:29:ce:d3:36:a2:61:8b:5a:ed:34
Signer

04/11/2022, 15:42
Valid: true

.text
Size: 400KB - Virtual size: 397KB

.rsrc
Size: 4KB - Virtual size: 768B

.reloc
Size: 4KB - Virtual size: 12B

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

a8:ba:92:d4:30:27:78:5e:6f:43:0f:c8:2c:61:08:e1:f2:42:8b:05:b0:c2:a5:87:ec:69:e3:66:14:df:64:54
Signer

04/11/2022, 15:42
Valid: true

70:b2:3c:0c:dc:d9:2c:c5:2c:4f:e3:dc:81:0b:a5:c8:d6:42:db:2f
Signer

04/11/2022, 15:42
Valid: true

.text
Size: 420KB - Virtual size: 419KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 40KB - Virtual size: 39KB

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

18:15:c3:66:b7:7a:0b:3c:35:cd:45:32:47:2a:80:e7
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate