1[.]iso | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

1.iso
Size

2.7MB
MD5

89a4f399366346357dac8dea06b9974b
SHA1

72c16a295d0e3c97bc8c534dc58cd967a8eb393f
SHA256

d8dfebe48a8c8a0636441bad0211c08af151138535ca289fffab51f0b030977d
SHA512

1833a3244c97b9a07d9130f83b5161aca576d0960a9ece1c5ff6f8cfbaa054520f77cafe9ec8ca38f93e73bc2fb5aa88fb0fd8ce517e52e919769c416be74948
SSDEEP

12288:owbSOp0d1FhMFHszkxTSby1GePc4cq/tDILa0xeI/d9cM3E790rEbrEz:9bSa2FAsOSbyMM/t0LvUIbc2E7+oboz

Score

1^/10

Malware Config

Signatures

Files

1.iso
.iso
20220410_Microsoft Security Update.pdf
.pdf
20220410_Microsoft Security Update.pdf.exe
.exe windows x86

476969f0db7933adc8a837a099dcb8ae

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/07/2012, 20:50

Not After

26/10/2013, 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:65:8a:97:14:c0:64:cb:13:32:88:33:a1:b3:1d:6c:35:5f:96:ef
Signer

Actual PE Digest

0b:65:8a:97:14:c0:64:cb:13:32:88:33:a1:b3:1d:6c:35:5f:96:ef

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/10/2012, 10:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
WerRegisterMemoryBlock
VirtualProtect
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
HeapSetInformation
GetProcessHeap
QueryPerformanceCounter

msvcr100

_invoke_watson
_controlfp_s
_except_handler4_common
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcsncat_s
_onexit

Exports

Exports

DllGetLCID
wdCommandDispatch
wdGetApplicationObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSVCR100.dll
.dll windows x86

9662607dfb16be6cfdcd51e7eb1e9cbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CloseHandle
GetCurrentThread
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

_encoded_null
_decode_pointer
_initterm
_malloc_crt
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encode_pointer
fclose
fseek
ftell
fread
fopen
strtok
strncpy
rewind
malloc
calloc
free
_initterm_e
_stricmp
_XcptFilter
__getmainargs
__set_app_type
__setusermatherr
_cexit
_configthreadlocale
_controlfp_s
_exit
_invoke_watson
_ismbblead
exit
wcsncat_s
memcpy

Exports

Exports

?terminate@@YAXXZ
_XcptFilter
__dllonexit
__getmainargs
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_configthreadlocale
_controlfp_s
_crt_debugger_hook
_except_handler4_common
_exit
_fmode
_initterm
_initterm_e
_invoke_watson
_ismbblead
_lock
_onexit
_unlock
exit
wcsncat_s

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476969f0db7933adc8a837a099dcb8ae

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88Certificate

Extended Key Usages

Key Usages

61:02:8e:42:00:00:00:00:00:1fCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

0b:65:8a:97:14:c0:64:cb:13:32:88:33:a1:b3:1d:6c:35:5f:96:efSigner

Signature Validations

Verification

01/10/2012, 10:19 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr100

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 396B

9662607dfb16be6cfdcd51e7eb1e9cbb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 538B

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

61:02:8e:42:00:00:00:00:00:1f
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

0b:65:8a:97:14:c0:64:cb:13:32:88:33:a1:b3:1d:6c:35:5f:96:ef
Signer

01/10/2012, 10:19
Valid: false

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 396B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 538B