General

Malware Config

Signatures

Files

• M301.iso

  .iso .vbs
• XS.vbs

  .vbs
• data.txt
• gray/hindmost.temp

  .dll regsvr32 windows x86

  1726357b6fc2d768227af59ffbcbdfa8

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  26-10-2022 00:00

  Not After

  26-10-2023 23:59

  Subject

  CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  96:e0:15:a3:ef:d4:9c:92:aa:d3:04:ae:5e:de:c3:12:99:1e:d7:b3:77:46:5a:f6:17:48:c5:c2:ee:7a:9c:f8

  Signer

  Actual PE Digest

  96:e0:15:a3:ef:d4:9c:92:aa:d3:04:ae:5e:de:c3:12:99:1e:d7:b3:77:46:5a:f6:17:48:c5:c2:ee:7a:9c:f8

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

  17-11-2022 13:14

  Valid: true

  Chain 1

  CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ExpandEnvironmentStringsW

  SetCurrentDirectoryW

  CreateDirectoryA

  CreateDirectoryW

  CreateFileA

  CreateFileW

  FindFirstFileA

  FindFirstFileW

  GetDriveTypeW

  GetFileAttributesA

  GetFileAttributesW

  GetFileInformationByHandle

  GetFullPathNameW

  GetFullPathNameA

  GetLogicalDriveStringsW

  SetFileAttributesA

  SetFileAttributesW

  SetUnhandledExceptionFilter

  SetErrorMode

  QueryPerformanceCounter

  QueryPerformanceFrequency

  DeviceIoControl

  LeaveCriticalSection

  ReleaseSemaphore

  ReleaseMutex

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  TlsAlloc

  TlsGetValue

  TlsFree

  FlushInstructionCache

  GetSystemInfo

  GetLocalTime

  GetVersion

  GetTickCount

  GetSystemDirectoryA

  GetSystemDirectoryW

  GetWindowsDirectoryA

  GetWindowsDirectoryW

  VirtualProtect

  CreateFileMappingW

  VirtualLock

  VirtualUnlock

  FindResourceExW

  GetModuleFileNameA

  GetModuleHandleA

  GetModuleHandleW

  LoadResource

  FindResourceW

  LoadLibraryA

  LoadLibraryW

  GlobalAlloc

  LocalAlloc

  SetHandleCount

  FileTimeToDosDateTime

  lstrcmpA

  lstrcmpiA

  lstrlenA

  lstrlenW

  CreateFileMappingA

  FindResourceA

  ExpandEnvironmentStringsA

  GlobalAddAtomW

  GetPrivateProfileIntA

  GetPrivateProfileIntW

  WritePrivateProfileStringW

  GetPrivateProfileSectionW

  MoveFileA

  MoveFileW

  IsBadWritePtr

  IsBadCodePtr

  GetComputerNameW

  SystemTimeToFileTime

  GetConsoleCP

  GetConsoleOutputCP

  WriteConsoleA

  WriteConsoleW

  SetConsoleCtrlHandler

  GetConsoleScreenBufferInfo

  SetConsoleTextAttribute

  SetFilePointerEx

  GetConsoleMode

  WriteFile

  FlushFileBuffers

  HeapReAlloc

  HeapSize

  GetStringTypeW

  GetFileType

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  WideCharToMultiByte

  GetCommandLineW

  CloseHandle

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  DecodePointer

  MoveFileExW

  LCMapStringW

  MultiByteToWideChar

  HeapAlloc

  HeapFree

  GetModuleFileNameW

  GetModuleHandleExW

  LoadLibraryExW

  GetProcAddress

  FreeLibrary

  TlsSetValue

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  SetEnvironmentVariableW

  GetCommandLineA

  SetStdHandle

  VirtualAllocEx

  GetStdHandle

  VirtualAlloc

  GetTickCount64

  CreateThread

  ExitThread

  WaitForSingleObjectEx

  FindResourceExA

  ExitProcess

  EnterCriticalSection

  EncodePointer

  SetLastError

  GetLastError

  InterlockedFlushSList

  RtlUnwind

  RaiseException

  TerminateProcess

  InitializeSListHead

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  GetStartupInfoW

  GetSystemTimeAsFileTime

  user32

  IsWindowVisible

  DialogBoxParamA

  EndDialog

  SystemParametersInfoW

  CreateIconIndirect

  LoadIconW

  LoadBitmapW

  SetWindowsHookExW

  GetWindow

  GetWindowThreadProcessId

  GetDesktopWindow

  GetSysColor

  MapWindowPoints

  ScreenToClient

  GetCursorPos

  MessageBeep

  MessageBoxW

  MessageBoxA

  AdjustWindowRectEx

  GetWindowTextLengthW

  GetPropW

  SetPropW

  RedrawWindow

  GetDC

  SetForegroundWindow

  SetActiveWindow

  TrackPopupMenu

  GetMenuItemID

  CheckMenuItem

  CreatePopupMenu

  SetCapture

  MapVirtualKeyW

  GetKeyState

  GetFocus

  GetActiveWindow

  CharUpperW

  GetDlgCtrlID

  CheckDlgButton

  GetDlgItemTextW

  UnregisterClassA

  RegisterWindowMessageW

  FindWindowA

  SetTimer

  GetSystemMetrics

  gdi32

  CreateSolidBrush

  CreateFontIndirectW

  CreateBitmap

  GetStockObject

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  ChooseFontW

  advapi32

  RegCloseKey

  RegNotifyChangeKeyValue

  ole32

  CoCreateGuid

  CoInitializeEx

  shlwapi

  PathFindSuffixArrayA

  PathFindOnPathA

  PathFileExistsA

  ord155

  StrToIntA

  PathGetDriveNumberA

  Exports

  Exports

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 501KB - Virtual size: 501KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 358KB - Virtual size: 358KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 120KB - Virtual size: 119KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• gray/polyhedral.txt