General

Malware Config

Signatures

Files

• Extrude v1.rar

  .rar

  Password: 12345

• Extrude v1/2.0 Extrude .rar

  .rar

  Password: 12345

• DefenderControl.zip

  .zip

  Password: 12345

• dControl.exe

  .exe windows x86

  Password: 12345

  
  

  Code Sign

  69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40

  Certificate

  Issuer

  CN=Sordum Software

  Not Before

  11-09-2021 21:00

  Not After

  31-07-2030 21:00

  Subject

  CN=Sordum Software

  Extended Key Usages

  ExtKeyUsageCodeSigning

  1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  31-05-2021 06:43

  Not After

  17-09-2029 06:43

  Subject

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8

  Certificate

  Issuer

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  19-05-2021 05:42

  Not After

  18-05-2032 05:42

  Subject

  CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

  Signer

  Actual PE Digest

  13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Sordum Software

  23-03-2023 16:07

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 492KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 262KB - Virtual size: 264KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 57KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows x86

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 514KB - Virtual size: 513KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 55KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 26KB - Virtual size: 105KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 56KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• dControl.ini
• DirectX.exe

  .exe windows x86

  Password: 12345

  1494de9b53e05fc1f40cb92afbdd6ce4

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  27:76:a5:a9:c5:b9:5a:43:1b:2c:30:b6:5e:2d:45:20:bf:45:97:ec:05:e8:52:14:50:01:2c:09:4d:ce:b4:84

  Signer

  Actual PE Digest

  27:76:a5:a9:c5:b9:5a:43:1b:2c:30:b6:5e:2d:45:20:bf:45:97:ec:05:e8:52:14:50:01:2c:09:4d:ce:b4:84

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  23-03-2023 16:07

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  FreeSid

  AllocateAndInitializeSid

  EqualSid

  GetTokenInformation

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  RegCloseKey

  RegDeleteValueA

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueExA

  RegCreateKeyExA

  RegQueryInfoKeyA

  kernel32

  LocalFree

  LocalAlloc

  GetLastError

  GetCurrentProcess

  GetModuleFileNameA

  lstrlenA

  GetSystemDirectoryA

  RemoveDirectoryA

  FindClose

  FindNextFileA

  DeleteFileA

  SetFileAttributesA

  lstrcmpA

  FindFirstFileA

  lstrcatA

  lstrcpyA

  _lclose

  _llseek

  _lopen

  WritePrivateProfileStringA

  GetWindowsDirectoryA

  CreateDirectoryA

  GetFileAttributesA

  ExpandEnvironmentStringsA

  IsDBCSLeadByte

  GetShortPathNameA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  lstrcmpiA

  GetProcAddress

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  FreeResource

  CloseHandle

  LoadResource

  SizeofResource

  FindResourceA

  ReadFile

  WriteFile

  SetFilePointer

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  SetCurrentDirectoryA

  GetTempFileNameA

  ExitProcess

  CreateFileA

  LoadLibraryExA

  lstrcpynA

  GetVolumeInformationA

  FormatMessageA

  GetCurrentDirectoryA

  GetVersionExA

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessA

  GetTempPathA

  GetSystemInfo

  CreateMutexA

  SetEvent

  CreateEventA

  CreateThread

  ResetEvent

  TerminateThread

  GetDriveTypeA

  GetModuleHandleA

  GetStartupInfoA

  GetCommandLineA

  LockResource

  LoadLibraryA

  GetDiskFreeSpaceA

  MulDiv

  EnumResourceLanguagesA

  FreeLibrary

  GlobalFree

  gdi32

  GetDeviceCaps

  user32

  ExitWindowsEx

  wsprintfA

  CharNextA

  CharUpperA

  CharPrevA

  SetWindowLongA

  GetWindowLongA

  CallWindowProcA

  DispatchMessageA

  MsgWaitForMultipleObjects

  PeekMessageA

  SendMessageA

  SetWindowPos

  ReleaseDC

  GetDC

  GetWindowRect

  SendDlgItemMessageA

  GetDlgItem

  SetForegroundWindow

  SetWindowTextA

  MessageBoxA

  DialogBoxIndirectParamA

  ShowWindow

  EnableWindow

  GetDlgItemTextA

  EndDialog

  GetDesktopWindow

  MessageBeep

  SetDlgItemTextA

  LoadStringA

  GetSystemMetrics

  comctl32

  ord17

  version

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  Sections

  .text

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 243KB - Virtual size: 244KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Extrude instr(rus).txt
• Extrude.exe

  .exe windows x86

  Password: 12345

  fcf1390e9ce472c7270447fc5c61a0c1

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLastError

  SetLastError

  FormatMessageW

  GetCurrentProcess

  DeviceIoControl

  SetFileTime

  CloseHandle

  CreateDirectoryW

  RemoveDirectoryW

  CreateFileW

  DeleteFileW

  CreateHardLinkW

  GetShortPathNameW

  GetLongPathNameW

  MoveFileW

  GetFileType

  GetStdHandle

  WriteFile

  ReadFile

  FlushFileBuffers

  SetEndOfFile

  SetFilePointer

  SetFileAttributesW

  GetFileAttributesW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetVersionExW

  GetCurrentDirectoryW

  GetFullPathNameW

  FoldStringW

  GetModuleFileNameW

  GetModuleHandleW

  FindResourceW

  FreeLibrary

  GetProcAddress

  GetCurrentProcessId

  ExitProcess

  SetThreadExecutionState

  Sleep

  LoadLibraryW

  GetSystemDirectoryW

  CompareStringW

  AllocConsole

  FreeConsole

  AttachConsole

  WriteConsoleW

  GetProcessAffinityMask

  CreateThread

  SetThreadPriority

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  SetEvent

  ResetEvent

  ReleaseSemaphore

  WaitForSingleObject

  CreateEventW

  CreateSemaphoreW

  GetSystemTime

  SystemTimeToTzSpecificLocalTime

  TzSpecificLocalTimeToSystemTime

  SystemTimeToFileTime

  FileTimeToLocalFileTime

  LocalFileTimeToFileTime

  FileTimeToSystemTime

  GetCPInfo

  IsDBCSLeadByte

  MultiByteToWideChar

  WideCharToMultiByte

  GlobalAlloc

  LockResource

  GlobalLock

  GlobalUnlock

  GlobalFree

  LoadResource

  SizeofResource

  SetCurrentDirectoryW

  GetExitCodeProcess

  GetLocalTime

  GetTickCount

  MapViewOfFile

  UnmapViewOfFile

  CreateFileMappingW

  OpenFileMappingW

  GetCommandLineW

  SetEnvironmentVariableW

  ExpandEnvironmentStringsW

  GetTempPathW

  MoveFileExW

  GetLocaleInfoW

  GetTimeFormatW

  GetDateFormatW

  GetNumberFormatW

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  HeapSize

  SetStdHandle

  GetProcessHeap

  RaiseException

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  LoadLibraryExA

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  TerminateProcess

  RtlUnwind

  EncodePointer

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  LoadLibraryExW

  QueryPerformanceFrequency

  GetModuleHandleExW

  GetModuleFileNameA

  GetACP

  HeapFree

  HeapAlloc

  HeapReAlloc

  GetStringTypeW

  LCMapStringW

  FindFirstFileExA

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  DecodePointer

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipCreateHBITMAPFromBitmap

  GdipCreateBitmapFromStreamICM

  GdipCreateBitmapFromStream

  GdipDisposeImage

  GdipCloneImage

  GdipFree

  GdipAlloc

  Sections

  .text

  Size: 196KB - Virtual size: 196KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 42KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 141KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .didat

  Size: 512B - Virtual size: 392B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 84KB - Virtual size: 84KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• с++.txt