Trojan[.]JS[.]Youareanidiot-1[.]0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Trojan.JS.Youareanidiot-1.0.zip
Size

2.8MB
MD5

2e70f76c7e14bf7141519abf331b9b3f
SHA1

c75943d5c025720e307f64b9304e51480f45ac8e
SHA256

8b9727edf645f9eb98923fdd0cec5b9c325c8008370c825b333c76401058f054
SHA512

34706b49be891865471495012feb77976bcae1592f55e998046daf23c34fc2b844f3092487b7d931a16d853419d3b5efc2fb936f7217fbbf0fda7cecc230eecd
SSDEEP

49152:iBM+biIr5NshoWPsdOWFJECiXX/gw7qlp1AMqP1AgsMru8BM+biIr5NshoWPsdOO:iBM+bp5mJUnF7iXPV8qGNKjBM+bp5mJS

Score

1^/10

Malware Config

Signatures

Files

Trojan.JS.Youareanidiot-1.0.zip
.zip
Trojan.JS.Youareanidiot-1.0/LICENSE
Trojan.JS.Youareanidiot-1.0/Mostly Local/Idiot!.html
.html
Trojan.JS.Youareanidiot-1.0/Mostly Local/Idiot!_files/flashplayer32pp_xa_install.exe
.exe windows x86

37087116f5f95054e16e236117b57f4c

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3
Signer

Actual PE Digest

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

21/09/2020, 11:54
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shell32

SHCreateDirectoryExW

shlwapi

UrlIsW

gdi32

GetTextFaceW

advapi32

RegDeleteKeyW

comctl32

InitCommonControlsEx

ole32

OleInitialize

oleaut32

LoadTypeLi

gdiplus

GdipSetInterpolationMode

Sections

.text
Size: 1.1MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Trojan.JS.Youareanidiot-1.0/Mostly Local/Idiot!_files/idiot.png
.png
Trojan.JS.Youareanidiot-1.0/Mostly Local/Idiot!_files/swflash.cab
.cab
Trojan.JS.Youareanidiot-1.0/Mostly Local/Idiot!_files/you.js
.js
Trojan.JS.Youareanidiot-1.0/Mostly Local/Idiot!_files/youare.swf
Trojan.JS.Youareanidiot-1.0/Mostly Local/lol.html
.html
Trojan.JS.Youareanidiot-1.0/Mostly Local/lol_files/flashplayer32pp_xa_install.exe
.exe windows x86

37087116f5f95054e16e236117b57f4c

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3
Signer

Actual PE Digest

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

21/09/2020, 11:54
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shell32

SHCreateDirectoryExW

shlwapi

UrlIsW

gdi32

GetTextFaceW

advapi32

RegDeleteKeyW

comctl32

InitCommonControlsEx

ole32

OleInitialize

oleaut32

LoadTypeLi

gdiplus

GdipSetInterpolationMode

Sections

.text
Size: 1.1MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Trojan.JS.Youareanidiot-1.0/Mostly Local/lol_files/swflash.cab
.cab
Trojan.JS.Youareanidiot-1.0/Mostly Local/lol_files/you.js
.js
Trojan.JS.Youareanidiot-1.0/Mostly Local/lol_files/youare.swf
Trojan.JS.Youareanidiot-1.0/Mostly online/Idiot!.html
.html
Trojan.JS.Youareanidiot-1.0/Mostly online/Idiot!_files/you.js
.js
Trojan.JS.Youareanidiot-1.0/Mostly online/Idiot!_files/youare.swf
Trojan.JS.Youareanidiot-1.0/Mostly online/lol.html
.html
Trojan.JS.Youareanidiot-1.0/Mostly online/lol_files/you.js
.js
Trojan.JS.Youareanidiot-1.0/Mostly online/lol_files/youare.swf
Trojan.JS.Youareanidiot-1.0/README.md

Sharing

General

Malware Config

Signatures

Files

37087116f5f95054e16e236117b57f4c

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3Signer

Signature Validations

Verification

21/09/2020, 11:54 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

shlwapi

gdi32

advapi32

comctl32

ole32

oleaut32

gdiplus

Sections

.text Size: 1.1MB - Virtual size: 4.3MB

.rsrc Size: 46KB - Virtual size: 48KB

.reloc Size: 512B - Virtual size: 512B

37087116f5f95054e16e236117b57f4c

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3Signer

Signature Validations

Verification

21/09/2020, 11:54 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

shlwapi

gdi32

advapi32

comctl32

ole32

oleaut32

gdiplus

Sections

.text Size: 1.1MB - Virtual size: 4.3MB

.rsrc Size: 46KB - Virtual size: 48KB

.reloc Size: 512B - Virtual size: 512B

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3
Signer

21/09/2020, 11:54
Valid: true

.text
Size: 1.1MB - Virtual size: 4.3MB

.rsrc
Size: 46KB - Virtual size: 48KB

.reloc
Size: 512B - Virtual size: 512B

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

49:b7:43:37:04:8a:9e:66:58:cf:2a:bc:0f:9d:21:9f:08:ee:c8:07:99:47:0d:4e:a1:da:cd:ae:98:2f:7e:d3
Signer

21/09/2020, 11:54
Valid: true

.text
Size: 1.1MB - Virtual size: 4.3MB

.rsrc
Size: 46KB - Virtual size: 48KB

.reloc
Size: 512B - Virtual size: 512B