Downloads[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Downloads.zip
Size

22.7MB
MD5

818fe49f8169a4b09aa1d7ca1b0590be
SHA1

7d27552d0a2a482bb0327a214839b32bba438938
SHA256

8368f4e0dd1afa3390c1bb72eb17eb1804be9fa4fffb4e7d5a6119e0d7367943
SHA512

e9ab83f40786d0a2bd6b879e80333155a1e54f7eff0434c80cc4621393600642582d6e48b81fdfbc4792650ebf4818bf3d034fd38f0d1412383af9bd08ed8300
SSDEEP

393216:T1VCSoBugkLlArRg4E46JeK8Bqaqu0cAQmcKCey9Jl3AUDU9XDDnh7qe1k2Dofl9:JNomL2rdV6MK8BvrAQLKCeQ+zJ7p1GL

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Downloads/netscan/PCHunter (cr)/datetime.exe	pyinstaller

Files

Downloads.zip
.zip
Downloads/AnyDesk.exe
.exe windows x86

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-12-2021 00:00

Not After

08-01-2025 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-12-2021 00:00

Not After

08-01-2025 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:bf:f3:e3:fe:22:c1:f9:0b:6a:2b:07:0e:d2:92:06:ff:1e:f4:10:ea:3c:d9:93:40:c6:5b:13:cd:c8:42:5f
Signer

Actual PE Digest

6d:bf:f3:e3:fe:22:c1:f9:0b:6a:2b:07:0e:d2:92:06:ff:1e:f4:10:ea:3c:d9:93:40:c6:5b:13:cd:c8:42:5f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

21-04-2022 14:59
Valid: true

Chain 1

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

73:6c:25:76:d0:ea:3a:7d:c2:b4:a7:c6:ef:6d:57:20:03:fe:c8:a4
Signer

Actual PE Digest

73:6c:25:76:d0:ea:3a:7d:c2:b4:a7:c6:ef:6d:57:20:03:fe:c8:a4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

21-04-2022 14:59
Valid: true

Chain 1

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 11.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 762B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloads/NOKONOKO-readme.txt
Downloads/desktop.ini
Downloads/netscan/NOKONOKO-readme.txt
Downloads/netscan/PCHunter (cr)/NOKONOKO-readme.txt
Downloads/netscan/PCHunter (cr)/PC_H_n_cr_64.exe
.exe windows x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 2.4MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 838KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zrryixkd
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vnzevxvf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads/netscan/PCHunter (cr)/date.bat.NOKONOKO
Downloads/netscan/PCHunter (cr)/datetime.exe
.exe windows x64

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
FreeLibrary
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
SetEndOfFile

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloads/netscan/PCHunter (cr)/pchunter.ek.NOKONOKO
Downloads/netscan/netscan.exe
.exe windows x86

1d2181702f425efd66232e53cf5bf8eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

StrCmpLogicalW
PathMatchSpecW
PathIsURLW

ws2_32

WSAIoctl
gethostbyaddr
WSAWaitForMultipleEvents
setsockopt
select
WSACleanup
gethostbyname
WSACreateEvent
bind
closesocket
WSAGetLastError
connect
inet_addr
sendto
send
WSAStartup
__WSAFDIsSet
socket
recv
inet_ntoa
ioctlsocket
WSACloseEvent
recvfrom
WSAEventSelect

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
SetCaretPos
GetCaretPos
DefFrameProcW
ScrollWindowEx
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
SendDlgItemMessageW
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
SetClassLongW
LockWindowUpdate
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
GetMessageTime
NotifyWinEvent
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
EnumClipboardFormats
ScrollDC
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
ValidateRect
IsCharAlphaW
GetCursor
KillTimer
BeginDeferWindowPos
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateWindowExW
ChildWindowFromPoint
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
IsWindowUnicode
DispatchMessageW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
CharLowerA
ScrollWindow
GetLastActivePopup
GetCursorInfo
GetSystemMetrics
CharUpperBuffW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
ToAscii
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
CreateCaret
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
OemToCharA
DestroyMenu
SetWindowsHookExW
GetDoubleClickTime
EmptyClipboard
GetDlgItem
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
ScreenToClient
DrawFrameControl
IsCharAlphaNumericW
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
PostQuitMessage
GetProcessWindowStation
ShowScrollBar
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
CharUpperA
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetUserObjectInformationW
GetKeyboardLayout
DeleteMenu

oleaut32

SafeArrayPutElement
LoadTypeLib
VariantClear
SysReAllocStringLen
DispGetIDsOfNames
CreateErrorInfo
GetActiveObject
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
SafeArrayAccessData
SysFreeString
VariantInit
GetErrorInfo
SetErrorInfo
LoadTypeLibEx
SafeArrayCreate
SafeArrayGetElement
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayPtrOfIndex
RegisterTypeLib
VariantChangeType
VariantCopyInd

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

netapi32

NetWkstaGetInfo
NetUserGetLocalGroups
NetLocalGroupGetMembers
NetMessageBufferSend
NetGroupGetUsers
NetShareEnum
NetLocalGroupEnum
NetStatisticsGet
NetUserGetGroups
NetApiBufferFree
NetServerGetInfo
NetServerDiskEnum
NetRemoteTOD
NetWkstaUserEnum
NetUserEnum
NetGroupEnum

advapi32

CloseServiceHandle
RegSetValueExW
RegConnectRegistryW
GetAce
InitiateSystemShutdownW
CreateServiceW
LookupAccountNameW
GetUserNameW
RegQueryInfoKeyW
StartServiceW
LookupAccountSidW
RegCreateKeyExW
OpenServiceW
RegEnumKeyExW
QueryServiceStatus
AdjustTokenPrivileges
QueryServiceConfigW
RegDeleteKeyW
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
GetEffectiveRightsFromAclW
RegFlushKey
GetNamedSecurityInfoW
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
EnumServicesStatusW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

pdh

PdhCollectQueryData
PdhBrowseCountersW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhCloseLog
PdhBindInputDataSourceW
PdhCloseQuery
PdhExpandCounterPathW
PdhAddCounterW

kernel32

GetFileType
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
SetEnvironmentVariableW
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetNumberOfConsoleInputEvents
GetCPInfoExW
GlobalSize
GetSystemTime
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
SetDllDirectoryW
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
ExpandEnvironmentStringsW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
ReadConsoleInputW
EnterCriticalSection
SetFilePointer
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
AttachConsole
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
GetModuleHandleA
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
GetSystemDirectoryW
DeleteFileW
IsDBCSLeadByteEx
GetSystemDefaultLCID
FreeConsole
GetLocalTime
WaitForSingleObject
WriteFile
FlushConsoleInputBuffer
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

wsock32

accept
htons
getsockopt
setsockopt
select
WSAStartup
__WSAFDIsSet
WSACleanup
getsockname
gethostbyname
listen
bind
closesocket
socket
recv
ioctlsocket
WSAGetLastError
connect
shutdown
inet_addr
send

gdi32

Pie
SetBkMode
GetRandomRgn
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetTextColor
GetTextColor
StretchBlt
RoundRect
SelectClipRgn
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateDCW
CreateICW
PolyBezierTo
GetStockObject
GetCharABCWidthsW
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
GetBitmapBits
SetTextCharacterExtra
GetSystemPaletteEntries
GetEnhMetaFileBits
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
ExtCreatePen
LPtoDP
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
CreateRectRgnIndirect
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
CreatePatternBrush
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
GetGlyphOutlineW
GetTextMetricsA
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
GetCharABCWidthsA
Rectangle
SaveDC
DeleteDC
BitBlt
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
LineTo
GetRgnBox
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
GetBkColor
CreateCompatibleDC
GetObjectA
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetViewportExtEx
SetPixel
PolyPolyline
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

mpr

WNetConnectionDialog1W
WNetDisconnectDialog
WNetAddConnection2W
WNetCancelConnection2W

winmm

sndPlaySoundW
timeGetTime

oleacc

LresultFromObject

wininet

InternetCloseHandle
InternetReadFile
HttpOpenRequestW
InternetCombineUrlW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetSetOptionW
HttpQueryInfoW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
DragQueryFileA
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
SHGetFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
DragFinish
DragQueryPoint
SHGetMalloc
SHGetDesktopFolder
ILFree
ShellExecuteW

urlmon

URLOpenBlockingStreamW

ole32

CreateDataAdviseHolder
CreateBindCtx
MkParseDisplayName
CoCreateInstance
OleGetClipboard
OleSetClipboard
IsEqualGUID
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
DoDragDrop
StringFromCLSID
RevokeDragDrop
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
OleInitialize
ProgIDFromCLSID
OleUninitialize
CoInitializeEx
CoDisconnectObject
CoTaskMemFree

dnsapi

DnsQuery_W
DnsRecordListFree

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
SendARP

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads/netscan/netscan.lic.NOKONOKO
Downloads/netscan/netscan.xml.NOKONOKO
Downloads/netscan/oui.txt.NOKONOKO
Downloads/windows.exe
.exe windows x86

99fa36acadae70c0689a07a11c733b0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
MultiByteToWideChar
HeapReAlloc
HeapAlloc
VerSetConditionMask
GetProcessHeap
FindFirstFileW
FindNextFileW
GetStdHandle
WriteFile
WaitForMultipleObjects
FindClose
CreateFileW
ExitThread
Sleep
CloseHandle
GetDriveTypeW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateSemaphoreA
GetModuleFileNameW
GetSystemInfo
CreateThread
ExitProcess
LoadLibraryA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

6d:bf:f3:e3:fe:22:c1:f9:0b:6a:2b:07:0e:d2:92:06:ff:1e:f4:10:ea:3c:d9:93:40:c6:5b:13:cd:c8:42:5fSigner

Signature Validations

Verification

21-04-2022 14:59 Valid: true

Chain 1

73:6c:25:76:d0:ea:3a:7d:c2:b4:a7:c6:ef:6d:57:20:03:fe:c8:a4Signer

Signature Validations

Verification

21-04-2022 14:59 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 10KB - Virtual size: 10KB

.itext Size: - Virtual size: 11.9MB

.rdata Size: 1024B - Virtual size: 762B

.data Size: 3.6MB - Virtual size: 3.6MB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 768B

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 2.4MB - Virtual size: 7.9MB

.rsrc Size: 838KB - Virtual size: 1.9MB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 5.6MB

zrryixkd Size: 3.4MB - Virtual size: 3.4MB

vnzevxvf Size: 512B - Virtual size: 4KB

.pdata Size: 212KB - Virtual size: 212KB

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 2KB - Virtual size: 1KB

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

6d:bf:f3:e3:fe:22:c1:f9:0b:6a:2b:07:0e:d2:92:06:ff:1e:f4:10:ea:3c:d9:93:40:c6:5b:13:cd:c8:42:5f
Signer

21-04-2022 14:59
Valid: true

73:6c:25:76:d0:ea:3a:7d:c2:b4:a7:c6:ef:6d:57:20:03:fe:c8:a4
Signer

21-04-2022 14:59
Valid: true

.text
Size: 10KB - Virtual size: 10KB

.itext
Size: - Virtual size: 11.9MB

.rdata
Size: 1024B - Virtual size: 762B

.data
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 768B

.rsrc
Size: 838KB - Virtual size: 1.9MB

.idata
Size: 512B - Virtual size: 4KB

zrryixkd
Size: 3.4MB - Virtual size: 3.4MB

vnzevxvf
Size: 512B - Virtual size: 4KB

.pdata
Size: 212KB - Virtual size: 212KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.itext
Size: 17KB - Virtual size: 17KB

.data
Size: 261KB - Virtual size: 260KB

.bss
Size: - Virtual size: 32KB

.idata
Size: 20KB - Virtual size: 20KB

.didata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 153B

.tls
Size: - Virtual size: 96B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: - Virtual size: 264B

.reloc
Size: 1KB - Virtual size: 1KB