Passw_items_ApplicationSetupFile14[.]1[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Passw_items_ApplicationSetupFile14.1.rar
Size

3.6MB
MD5

b3796c91af696773730eb8cc7e7cc385
SHA1

5f60e152be5c415d9f86e7464245769c0ff7fb33
SHA256

08c519a5d0ce4ec67facbbe95e1e2fb324f4a35c5c66f3b7c2dde342bb2e2609
SHA512

9f6d6edae964f5547a0c1bd71507ff4fb6df9bb2e8c0fd01ef66ca1eb918089edbf1e328d286435f2178f248df781b4bc2b6b943509ef1262039b2b58d271289
SSDEEP

98304:n7zMmmaNkG/5/zcXXdi4SSnkJbo7jw6TgUcXqyRwk:n7zMzGR/AXt/xnCbof/T4Ek

Score

1^/10

Malware Config

Signatures

Files

Passw_items_ApplicationSetupFile14.1.rar
.rar

Password: items
ApplicationSetupFile14.1.exe
.exe windows x86

Password: items

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:a3:91:d6:4c:66
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/10/2014, 03:25

Not After

13/10/2015, 03:25

Subject

CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d1:c0:a6:ca:f4:72:89:65:8b:c2:8f:64:37:4a:d5:88:95:77:c3:49
Signer

Actual PE Digest

d1:c0:a6:ca:f4:72:89:65:8b:c2:8f:64:37:4a:d5:88:95:77:c3:49

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

19/10/2014, 02:25
Valid: true

Chain 1

CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NewAb/DscCore.dll
.dll windows x64

Password: items

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NewAb/Eis script/ASLscript3.Eis
NewAb/Eis script/ASLscriptEXT.Eis
NewAb/Eis script/ASLscriptEXT_example.Eis
NewAb/Eis script/ASLscript_7zip_fix.Eis
NewAb/Eis script/ASLscript_JP2_picture_Ripper.Eis
NewAb/Eis script/ASLscript_TPF0.Eis
NewAb/Eis script/ASLscript_WebP_Avi_Ripper.Eis
NewAb/Eis script/Anti_inno_VerIno_unicode.Eis
NewAb/Eis script/DPI_set_True.Eis
NewAb/ODBC.INI
NewAb/ODBCINST.INI
NewAb/PFRO.log
NewAb/PSDSCFileDownloadManagerEvents.dll
.dll windows x64

Password: items

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NewAb/eulaLic.docx
.html
NewAb/languages/Chinese_Simplified_0.0.4.6_II.lng
NewAb/languages/Chinese_Traditional_0.0.6.1.lng
NewAb/languages/Chinese_Traditional_0.0.6.2.lng
NewAb/languages/Russian_v0.0.4.6_II.lng
NewAb/languages/exeinfope_Neutral_v0054.lng
NewAb/languages/exeinfope_Neutral_v0054.zip
.zip

Password: items
!readme.txt
exeinfope_Neutral_v0054.lng
NewAb/plugins/PEiD-0.95-20081103_ExeinfoPE.zip
.zip

Password: items
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/C++/defs.h
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/C++/null.c
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/Delphi/Sample.dpr
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/MASM/compile.bat
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/MASM/masm_plugin.asm
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/MASM/masm_plugin.def
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/PowerBASIC/PEiD_Plugin.bas
.vbs
PEiD-0.95-20081103_ExeinfoPE/pluginsdk/readme.txt
NewAb/skins/Exeinfo_Installer BackBlu226.jpg
.jpg
NewAb/skins/Exeinfo_slicerX.jpg
.jpg
NewAb/skins/Mechanik_tryb03.jpg
.jpg
NewAb/skins/Red_uk_skin.jpg
.jpg
NewAb/skins/antic001.jpg
.jpg
NewAb/skins/exei_Goldenor.jpg
NewAb/skins/exeinfope_skinDNA.jpg
.jpg
NewAb/skins/exeinfope_skinGoldMetal.jpg
.jpg
NewAb/skins/goldAntic01.jpg
.jpg
NewAb/skins/gold_Bar_1kg.jpg
.jpg
NewAb/skins/mason_skin.jpg
.jpg
NewAb/skins/skin gh54654.jpg
.jpg
NewAb/skins/skin wafe blu.jpg
.jpg
Readmе.txt

Sharing

General

Malware Config

Signatures

Files

Password: items

Password: items

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1b:e7:15Certificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

c1:a3:91:d6:4c:66Certificate

Extended Key Usages

Key Usages

d1:c0:a6:ca:f4:72:89:65:8b:c2:8f:64:37:4a:d5:88:95:77:c3:49Signer

Signature Validations

Verification

19/10/2014, 02:25 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 286KB - Virtual size: 285KB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 512B - Virtual size: 12B

Password: items

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 49KB - Virtual size: 49KB

Password: items

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 5KB - Virtual size: 5KB

Password: items

Password: items

1b:e7:15
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

07
Certificate

c1:a3:91:d6:4c:66
Certificate

d1:c0:a6:ca:f4:72:89:65:8b:c2:8f:64:37:4a:d5:88:95:77:c3:49
Signer

19/10/2014, 02:25
Valid: true

.text
Size: 286KB - Virtual size: 285KB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 5KB - Virtual size: 5KB