ChatGPT (Bot)[.]zip

Resubmissions

30-04-2023 20:16

230430-y169psah37 7

30-04-2023 20:09

230430-yxckxsah25 10

30-04-2023 20:03

230430-ys13qaag96 7

30-04-2023 19:55

230430-ym5hyscf3w 7

Sharing

Copy URL

Twitter E-mail

General

Target

ChatGPT (Bot).zip
Size

7.1MB
MD5

d2f022536243004be4a21092f99b8d0f
SHA1

856b042c9fdf1604679be190acb1c2068cb52730
SHA256

c1fe20b075cd91dbe6454422825af7b98d5e4914c00f81612c18a5be7f8cd509
SHA512

076e79b7521467a3e204d5cf820f6a312bf9eb8d581b0d0c6a6d96235c9f8284fed92d8b3a546fa6b0603743d5b90f64f6b596e13b2b44efc63930e09e3e5852
SSDEEP

98304:3unHAbqD9nF3jbQD3l6rMgXneBMYFzxVyOax5Zg2ILh7shAUA:3unHAuD9ljzG3xAZ/TkshAUA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/ChatGPT (Bot).exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ActiveReign/bdist.linux-x86_64/build/ALMountDrv.sys
unpack001/ActiveReign/bdist.linux-x86_64/build/ALMountDrv64.sys
unpack001/ActiveReign/bdist.linux-x86_64/build/Cabinet.dll

Files

ChatGPT (Bot).zip
.zip
ActiveReign/.gitignore
ActiveReign/.gitmodules
ActiveReign/LICENSE
ActiveReign/Pipfile
ActiveReign/Pipfile.lock
ActiveReign/README.md
ActiveReign/bdist.linux-x86_64/build/ALMountConn.dll
.dll windows x86

b035cfed2ef80a7bb2326d03c3f68a9d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-01-2018 00:00

Not After

11-04-2020 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:b1:c9:24:e4:ca:10:96:4a:4b:12:df:98:31:11:d1:98:bb:60:5b
Signer

Actual PE Digest

32:b1:c9:24:e4:ca:10:96:4a:4b:12:df:98:31:11:d1:98:bb:60:5b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

11-01-2018 12:25
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord1599
ord266
ord265
ord813
ord1603
ord2695
ord811
ord280
ord4518
ord4405
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2447
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord799
ord286
ord2537
ord5851
ord2694
ord600
ord296
ord4211
ord794
ord605
ord1274
ord321
ord1241
ord1239
ord1264
ord1180
ord1233
ord2084
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord322
ord802
ord1088
ord589
ord4043
ord801

msvcr90

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
??8type_info@@QBE_NABV0@@Z
memcpy
vsprintf_s
_atoi64
atol
atoi
isspace
isdigit
memmove_s
free
swprintf_s
malloc
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
wcsrchr
toupper
sprintf_s
memset
_CxxThrowException
wcscpy_s

kernel32

Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetCurrentProcess
GetModuleFileNameW
Sleep
OutputDebugStringW
DeviceIoControl
CloseHandle
GetFileSizeEx
GetLastError
CreateFileW
QueryDosDeviceW
SetLastError
Process32NextW
OpenProcess
lstrlenW
GetCurrentProcessId
TerminateProcess
WideCharToMultiByte
WaitNamedPipeW
SetNamedPipeHandleState
WriteFile
ReadFile
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

SendMessageTimeoutW

advapi32

CloseServiceHandle
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
OpenSCManagerW
LookupAccountSidW
RegCloseKey
RegEnumKeyExW
LookupAccountNameW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
QueryServiceStatus
OpenServiceW

shell32

SHChangeNotify

shlwapi

PathIsNetworkPathW
PathFindFileNameW

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

ConnectMountVolume
DisconnectMountVolume
ExecuteFile
InstallALMountDriver
IsCorrectVolume
IsServiceInstalled
IsServiceRunning
LoadMountDriver
UnInstallALMountDriver
UnloadMountDriver

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveReign/bdist.linux-x86_64/build/ALMountDrv.sys
.exe windows x86

04f95ef2546a06f3eb5fcb0360b2cfe5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitAnsiString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
RtlFreeUnicodeString
ZwCreateFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAnsiStringToUnicodeString
ZwClose
ZwReadFile
MmMapLockedPagesSpecifyCache
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeWaitForSingleObject
KeSetPriorityThread
KeGetCurrentThread
KeSetEvent
ExfInterlockedInsertTailList
KeInitializeMutex
RtlAppendStringToString
PsCreateSystemThread
KeInitializeEvent
IoCreateSymbolicLink
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoCreateDevice
RtlIntegerToUnicodeString
memcpy
_alldiv
ZwOpenKey
ZwCreateKey
memset
ZwSetValueKey
KeTickCount
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveReign/bdist.linux-x86_64/build/ALMountDrv64.sys
.exe windows x64

9b47ab88d9d4741660b38ac6942f38c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitAnsiString
IofCompleteRequest
ExInterlockedInsertTailList
KeSetEvent
RtlAnsiStringToUnicodeString
RtlAppendUnicodeToString
IoDeleteSymbolicLink
ExFreePoolWithTag
IoDeleteDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeUnicodeString
IoCreateSymbolicLink
KeInitializeEvent
RtlAppendStringToString
PsCreateSystemThread
ZwClose
KeInitializeMutex
ZwCreateFile
KeSetPriorityThread
KeWaitForSingleObject
PsTerminateSystemThread
ExInterlockedRemoveHeadList
MmMapLockedPagesSpecifyCache
ZwReadFile
ZwCreateKey
ZwSetValueKey
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveReign/bdist.linux-x86_64/build/ALSTS.dll
.dll windows x86

248366095390f81b0cefcd88c37fb2f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-01-2018 00:00

Not After

11-04-2020 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:76:cb:b4:11:5f:47:37:1e:2c:5f:48:cb:d2:45:bb:7a:71:76:8c
Signer

Actual PE Digest

87:76:cb:b4:11:5f:47:37:1e:2c:5f:48:cb:d2:45:bb:7a:71:76:8c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

11-01-2018 11:57
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
CreateMutexA
GetLastError
OpenMutexA
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
FreeLibrary
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetProcAddress
LoadLibraryA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
WriteConsoleA
SetStdHandle
GetConsoleMode
CreateFileA
SizeofResource
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetSystemTimeAsFileTime
GetFileAttributesA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
FlushFileBuffers

user32

TranslateMessage
PeekMessageA
KillTimer
SetTimer
DispatchMessageA

advapi32

RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteExA

Exports

Exports

ALSTS_ExecuteAction
ALSTS_Finalize
ALSTS_Initialize
ALSTS_InitializeEx

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveReign/bdist.linux-x86_64/build/Cabinet.dll
.dll windows x86

9265de4279ec2b9cc932b695004ba8dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
CreateFileA
ReadFile
WriteFile
CloseHandle
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiA
lstrlenA
CreateDirectoryA
SetFileAttributesA
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteFileA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

DeleteExtractedFiles
DllGetVersion
Extract
FCIAddFile
FCICreate
FCIDestroy
FCIFlushCabinet
FCIFlushFolder
FDICopy
FDICreate
FDIDestroy
FDIIsCabinet
FDITruncateCabinet
GetDllVersion

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveReign/bdist.linux-x86_64/build/Styles/Office2013.dll
.dll windows x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-01-2018 00:00

Not After

11-04-2020 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:79:f1:c9:37:eb:0b:07:7c:5b:c2:ad:b4:ae:b0:5d:e6:ba:2f:ad
Signer

Actual PE Digest

3f:79:f1:c9:37:eb:0b:07:7c:5b:c2:ad:b4:ae:b0:5d:e6:ba:2f:ad

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

17-06-2019 08:25
Valid: true

Chain 1

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/1.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/110Banner.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/1121Banner.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/2.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/3.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/4.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/en-us/5.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/ko-kr/1121Banner.gif
.gif
ActiveReign/bdist.linux-x86_64/build/Tutorial/ko-kr/4.gif
.gif
ActiveReign/bdist.linux-x86_64/build/lib/ar3/__init__.py
.py .sh linux
ActiveReign/bdist.linux-x86_64/build/lib/ar3/__main__.py
.py .sh linux
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/atexec.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/connector.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/ldap/__init__.py
.py .js
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/ldap/query.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/rpc.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/smb.py
.py .js
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/smbexec.py
.py .js
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/winrm.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/wmi.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/core/wmiexec.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/first_run.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/helpers/misc.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/helpers/powershell.py
.py .ps1
ActiveReign/bdist.linux-x86_64/build/lib/ar3/helpers/remotefile.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/loaders/config_loader.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/logger.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/example_module.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/get_lockedaccounts.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/get_netdomaincontroller.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/gpp_password.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/invert_hunter.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/invoke_kerberoast.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/invoke_vnc.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/ironkatz.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/kill_defender.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/mimikatz.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/procdump.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/process_hunter.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/test_execution.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/user_hunter.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/wdigest.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/modules/wifi_passwords.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/db/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/db/arg_parser.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/db/db_core.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/db/db_query.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/db/db_shell.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/arg_parser.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/code_execution.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/file_parser/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/file_parser/parse_docx.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/file_parser/parse_regex.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/file_parser/parse_xlsx.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/host_enum.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/lockout_tracker.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/ntds_extract.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/polenum.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/share_finder.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/spider/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/enum/spider/file_search.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/query/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/query/arg_parser.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/shell/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/shell/arg_parser.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/spray/__init__.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/ops/spray/arg_parser.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/pysmb/file_ops.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/pysmb/smb.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/servers/http.py
ActiveReign/bdist.linux-x86_64/build/lib/ar3/servers/smb.py
ActiveReign/impacket/.git/HEAD
ActiveReign/impacket/.git/config
ActiveReign/impacket/.git/description
ActiveReign/impacket/.git/hooks/applypatch-msg.sample
.sh linux
ActiveReign/impacket/.git/hooks/commit-msg.sample
.sh linux
ActiveReign/impacket/.git/hooks/fsmonitor-watchman.sample
.sh linux
ActiveReign/impacket/.git/hooks/post-update.sample
.sh linux
ActiveReign/impacket/.git/hooks/pre-applypatch.sample
.sh linux
ActiveReign/impacket/.git/hooks/pre-commit.sample
.sh linux
ActiveReign/impacket/.git/hooks/pre-merge-commit.sample
.sh linux
ActiveReign/impacket/.git/hooks/pre-push.sample
.sh linux
ActiveReign/impacket/.git/hooks/pre-rebase.sample
.sh linux
ActiveReign/impacket/.git/hooks/pre-receive.sample
.sh linux
ActiveReign/impacket/.git/hooks/prepare-commit-msg.sample
.sh linux
ActiveReign/impacket/.git/hooks/push-to-checkout.sample
.sh linux
ActiveReign/impacket/.git/hooks/update.sample
.sh linux
ActiveReign/impacket/.git/index
ActiveReign/impacket/.git/info/exclude
ActiveReign/impacket/.git/logs/HEAD
ActiveReign/impacket/.git/logs/refs/heads/master
ActiveReign/impacket/.git/logs/refs/remotes/origin/HEAD
ActiveReign/impacket/.git/objects/pack/pack-8a3049cc7cae21ec5baae5b10847802eaf5417aa.idx
ActiveReign/impacket/.git/packed-refs
ActiveReign/impacket/.git/refs/heads/master
ActiveReign/impacket/.git/refs/remotes/origin/HEAD
ActiveReign/impacket/.github/ISSUE_TEMPLATE/bug_report.md
ActiveReign/impacket/.github/workflows/build_and_test.yml
ActiveReign/impacket/.gitignore
ActiveReign/impacket/.travis.yml
ActiveReign/impacket/ChangeLog
ActiveReign/impacket/Dockerfile
ActiveReign/impacket/LICENSE
ActiveReign/impacket/MANIFEST.in
ActiveReign/impacket/README.md
ActiveReign/impacket/SECURITY.md
ActiveReign/impacket/requirements.txt
ActiveReign/impacket/setup.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/__init__.py
ActiveReign/impacket/tests/ImpactPacket/runalltestcases.bat
ActiveReign/impacket/tests/ImpactPacket/runalltestcases.sh
.sh linux
ActiveReign/impacket/tests/ImpactPacket/test_ICMP6.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/test_IP6.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/test_IP6_Address.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/test_IP6_Extension_Headers.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/test_TCP.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/test_TCP_bug_issue7.py
.py .sh linux
ActiveReign/impacket/tests/ImpactPacket/test_ethernet.py
.py .sh linux
ActiveReign/impacket/tests/SMB_RPC/__init__.py
ActiveReign/impacket/tests/SMB_RPC/dcetests.cfg
ActiveReign/impacket/tests/SMB_RPC/rundce.sh
.sh linux
ActiveReign/impacket/tests/SMB_RPC/test_bkrp.py
ActiveReign/impacket/tests/SMB_RPC/test_dcomrt.py
ActiveReign/impacket/tests/SMB_RPC/test_dhcpm.py
ActiveReign/impacket/tests/SMB_RPC/test_drsuapi.py
ActiveReign/impacket/tests/SMB_RPC/test_epm.py
ActiveReign/impacket/tests/SMB_RPC/test_even.py
ActiveReign/impacket/tests/SMB_RPC/test_even6.py
ActiveReign/impacket/tests/SMB_RPC/test_fasp.py
ActiveReign/impacket/tests/SMB_RPC/test_ldap.py
ActiveReign/impacket/tests/SMB_RPC/test_lsad.py
ActiveReign/impacket/tests/SMB_RPC/test_lsat.py
ActiveReign/impacket/tests/SMB_RPC/test_mgmt.py
ActiveReign/impacket/tests/SMB_RPC/test_mimilib.py
ActiveReign/impacket/tests/SMB_RPC/test_ndr.py
ActiveReign/impacket/tests/SMB_RPC/test_nmb.py
ActiveReign/impacket/tests/SMB_RPC/test_nrpc.py
ActiveReign/impacket/tests/SMB_RPC/test_ntlm.py
ActiveReign/impacket/tests/SMB_RPC/test_rpch.py
ActiveReign/impacket/tests/SMB_RPC/test_rpcrt.py
ActiveReign/impacket/tests/SMB_RPC/test_rprn.py
ActiveReign/impacket/tests/SMB_RPC/test_rrp.py
ActiveReign/impacket/tests/SMB_RPC/test_samr.py
ActiveReign/impacket/tests/SMB_RPC/test_scmr.py
ActiveReign/impacket/tests/SMB_RPC/test_secretsdump.py
ActiveReign/impacket/tests/SMB_RPC/test_smb.py
ActiveReign/impacket/tests/SMB_RPC/test_smbserver.py
.py .sh linux
ActiveReign/impacket/tests/SMB_RPC/test_spnego.py
ActiveReign/impacket/tests/SMB_RPC/test_srvs.py
ActiveReign/impacket/tests/SMB_RPC/test_tsch.py
ActiveReign/impacket/tests/SMB_RPC/test_wkst.py
ActiveReign/impacket/tests/SMB_RPC/test_wmi.py
ActiveReign/impacket/tests/coveragerc
ActiveReign/impacket/tests/dot11/runalltestcases.bat
ActiveReign/impacket/tests/dot11/runalltestcases.sh
.sh linux
ActiveReign/impacket/tests/dot11/test_Dot11Base.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_Dot11Decoder.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_Dot11HierarchicalUpdate.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameControlACK.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameControlCFEnd.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameControlCFEndCFACK.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameControlCTS.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameControlPSPoll.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameControlRTS.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameData.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagement.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementAssociationRequest.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementAssociationResponse.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementAuthentication.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementDeauthentication.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementDisassociation.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementProbeRequest.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementProbeResponse.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementReassociationRequest.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_FrameManagementReassociationResponse.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_RadioTap.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_RadioTapDecoder.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_WEPDecoder.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_WEPEncoder.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_WPA.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_WPA2.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_helper.py
.py .sh linux
ActiveReign/impacket/tests/dot11/test_wps.py
.py .sh linux
ActiveReign/impacket/tests/misc/runalltestcases.bat
ActiveReign/impacket/tests/misc/runalltestcases.sh
.sh linux
ActiveReign/impacket/tests/misc/test_crypto.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_dcerpc_v5_ndr.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_dns.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_dpapi.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_ip6_address.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_krb5_crypto.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_structure.py
.py .sh linux
ActiveReign/impacket/tests/misc/test_utils.py
.py .sh linux
ActiveReign/impacket/tests/runall.sh
.sh linux
ActiveReign/impacket/tests/walkmodules.py
.py .sh linux
ActiveReign/impacket/tox.ini
ActiveReign/requirements.txt
ActiveReign/setup.py
ChatGPT (Bot).exe
.exe windows x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:07:21:62:4d:e3:0e:9b:e7:43:25:1c:32:9e:02:d4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-07-2015 00:00

Not After

23-07-2016 23:59

Subject

CN=Schneider Electric Software\, LLC,OU=Wonderware,O=Schneider Electric Software\, LLC,L=Lake Forest,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:4c:4c:7b:9e:0c:06:6f:b1:a1:d4:9b:4c:3f:c0:5d:57:fd:5b:85
Signer

Actual PE Digest

10:4c:4c:7b:9e:0c:06:6f:b1:a1:d4:9b:4c:3f:c0:5d:57:fd:5b:85

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Schneider Electric Software\, LLC,OU=Wonderware,O=Schneider Electric Software\, LLC,L=Lake Forest,ST=California,C=US

04-02-2016 22:08
Valid: true

Chain 1

CN=Schneider Electric Software\, LLC,OU=Wonderware,O=Schneider Electric Software\, LLC,L=Lake Forest,ST=California,C=US

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b035cfed2ef80a7bb2326d03c3f68a9d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:b1:c9:24:e4:ca:10:96:4a:4b:12:df:98:31:11:d1:98:bb:60:5bSigner

Signature Validations

Verification

11-01-2018 12:25 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

shlwapi

msvcp90

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

04f95ef2546a06f3eb5fcb0360b2cfe5

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 512B - Virtual size: 420B

.data Size: 512B - Virtual size: 336B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 2KB - Virtual size: 1KB

9b47ab88d9d4741660b38ac6942f38c9

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 676B

.data Size: 512B - Virtual size: 572B

.pdata Size: 512B - Virtual size: 204B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 984B

248366095390f81b0cefcd88c37fb2f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8fCertificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:b1:c9:24:e4:ca:10:96:4a:4b:12:df:98:31:11:d1:98:bb:60:5b
Signer

11-01-2018 12:25
Valid: true

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 512B - Virtual size: 336B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 676B

.data
Size: 512B - Virtual size: 572B

.pdata
Size: 512B - Virtual size: 204B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 984B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

87:76:cb:b4:11:5f:47:37:1e:2c:5f:48:cb:d2:45:bb:7a:71:76:8c
Signer

11-01-2018 11:57
Valid: true

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3f:79:f1:c9:37:eb:0b:07:7c:5b:c2:ad:b4:ae:b0:5d:e6:ba:2f:ad
Signer

17-06-2019 08:25
Valid: true

.rsrc
Size: 34KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:07:21:62:4d:e3:0e:9b:e7:43:25:1c:32:9e:02:d4
Certificate