cypher[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cypher.zip
Size

128.3MB
MD5

937a47ef93699d635f1a9c1895995578
SHA1

c8dad6f51d4b7cce189c26c0a1863f9635eb9eda
SHA256

2c48521b315dcb439eaa3793e792db7654cb36d7f63459481debc9c598be0d30
SHA512

6aad87bba623a642bbb41d790e606f20676701a05f4538aab33627516667fbdb24cde9c016cfd16d42ba6d493b2d23e275f2ecf3a3b63a5da91bf68f7ac91af9
SSDEEP

3145728:chim79i22n0JfgeWxwSk1EdBp8LMYwhXiIM7vTj:B328AJTcbpgYY7vTj

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cypher/CypherRat.exe
unpack001/cypher/MetroSet UI.dll
unpack001/cypher/NAudio.dll
unpack001/cypher/WinMM.Net.dll

Files

cypher.zip
.zip
cypher/CypherRat.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cypher/CypherRat.exe.config
.xml
cypher/CypherRat.pdb
cypher/CypherRat.xml
.xml .js
cypher/MetroSet UI.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cypher/NAudio.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cypher/System.IO.Compression.ZipFile.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:cb:d9:52:06:53:bf:3e:2a:59:00:00:00:00:00:cb
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:e3:a3:2d:f8:71:76:9b:66:a7:70:02:ef:69:91:70:2e:1d:d6:c5:f3:f4:b4:cf:e9:62:5e:c5:de:66:cf:77
Signer

Actual PE Digest

2b:e3:a3:2d:f8:71:76:9b:66:a7:70:02:ef:69:91:70:2e:1d:d6:c5:f3:f4:b4:cf:e9:62:5e:c5:de:66:cf:77

Digest Algorithm

sha256

PE Digest Matches

true

14:b0:8e:4d:e3:ae:df:ee:dd:e1:6b:b6:23:93:9d:2a:c5:d1:47:94
Signer

Actual PE Digest

14:b0:8e:4d:e3:ae:df:ee:dd:e1:6b:b6:23:93:9d:2a:c5:d1:47:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cypher/WinMM.Net.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cypher/res/Audio/1.wav
cypher/res/Audio/2.wav
cypher/res/Audio/3.wav
cypher/res/Audio/4.wav
cypher/res/Audio/5.wav
cypher/res/Audio/notification.wav
cypher/res/Config/Pass.inf
cypher/res/Config/maps.inf
cypher/res/Config/supported_images.inf
cypher/res/Config/supported_text.inf
cypher/res/Config/supported_video.inf
cypher/res/Fonts/Hack-Bold.ttf
cypher/res/Fonts/Hack-BoldOblique.ttf
cypher/res/Fonts/Hack-Regular.ttf
cypher/res/Fonts/Hack-RegularOblique.ttf
cypher/res/GeoIP/Flags/-1.ico
cypher/res/GeoIP/Flags/AD.ico
cypher/res/GeoIP/Flags/AE.ico
cypher/res/GeoIP/Flags/AF.ico
cypher/res/GeoIP/Flags/AG.ico
cypher/res/GeoIP/Flags/AI.ico
cypher/res/GeoIP/Flags/AL.ico
cypher/res/GeoIP/Flags/AM.ico
cypher/res/GeoIP/Flags/AN.ico
cypher/res/GeoIP/Flags/AO.ico
cypher/res/GeoIP/Flags/AQ.ico
cypher/res/GeoIP/Flags/AR.ico
cypher/res/GeoIP/Flags/AS.ico
cypher/res/GeoIP/Flags/AT.ico
cypher/res/GeoIP/Flags/AU.ico
cypher/res/GeoIP/Flags/AW.ico
cypher/res/GeoIP/Flags/AX.ico
cypher/res/GeoIP/Flags/AZ.ico
cypher/res/GeoIP/Flags/BA.ico
cypher/res/GeoIP/Flags/BB.ico
cypher/res/GeoIP/Flags/BD.ico
cypher/res/GeoIP/Flags/BE.ico
cypher/res/GeoIP/Flags/BF.ico
cypher/res/GeoIP/Flags/BG.ico
cypher/res/GeoIP/Flags/BH.ico
cypher/res/GeoIP/Flags/BI.ico
cypher/res/GeoIP/Flags/BJ.ico
cypher/res/GeoIP/Flags/BL.ico
cypher/res/GeoIP/Flags/BM.ico
cypher/res/GeoIP/Flags/BN.ico
cypher/res/GeoIP/Flags/BO.ico
cypher/res/GeoIP/Flags/BR.ico
cypher/res/GeoIP/Flags/BS.ico
cypher/res/GeoIP/Flags/BT.ico
cypher/res/GeoIP/Flags/BW.ico
cypher/res/GeoIP/Flags/BY.ico
cypher/res/GeoIP/Flags/BZ.ico
cypher/res/GeoIP/Flags/CA.ico
cypher/res/GeoIP/Flags/CC.ico
cypher/res/GeoIP/Flags/CD.ico
cypher/res/GeoIP/Flags/CF.ico
cypher/res/GeoIP/Flags/CG.ico
cypher/res/GeoIP/Flags/CH.ico
cypher/res/GeoIP/Flags/CI.ico
cypher/res/GeoIP/Flags/CK.ico
cypher/res/GeoIP/Flags/CL.ico
cypher/res/GeoIP/Flags/CM.ico
cypher/res/GeoIP/Flags/CN.ico
cypher/res/GeoIP/Flags/CO.ico
cypher/res/GeoIP/Flags/CR.ico
cypher/res/GeoIP/Flags/CU.ico
cypher/res/GeoIP/Flags/CV.ico
cypher/res/GeoIP/Flags/CW.ico
cypher/res/GeoIP/Flags/CX.ico
cypher/res/GeoIP/Flags/CY.ico
cypher/res/GeoIP/Flags/CZ.ico
cypher/res/GeoIP/Flags/DE.ico
cypher/res/GeoIP/Flags/DJ.ico
cypher/res/GeoIP/Flags/DK.ico
cypher/res/GeoIP/Flags/DM.ico
cypher/res/GeoIP/Flags/DO.ico
cypher/res/GeoIP/Flags/DZ.ico
cypher/res/GeoIP/Flags/EC.ico
cypher/res/GeoIP/Flags/EE.ico
cypher/res/GeoIP/Flags/EG.ico
cypher/res/GeoIP/Flags/EH.ico
cypher/res/GeoIP/Flags/ER.ico
cypher/res/GeoIP/Flags/ES.ico
cypher/res/GeoIP/Flags/ET.ico
cypher/res/GeoIP/Flags/EU.ico
cypher/res/GeoIP/Flags/FI.ico
cypher/res/GeoIP/Flags/FJ.ico
cypher/res/GeoIP/Flags/FK.ico
cypher/res/GeoIP/Flags/FM.ico
cypher/res/GeoIP/Flags/FO.ico
cypher/res/GeoIP/Flags/FR.ico
cypher/res/GeoIP/Flags/GA.ico
cypher/res/GeoIP/Flags/GB.ico
cypher/res/GeoIP/Flags/GD.ico
cypher/res/GeoIP/Flags/GE.ico
cypher/res/GeoIP/Flags/GG.ico
cypher/res/GeoIP/Flags/GH.ico
cypher/res/GeoIP/Flags/GI.ico
cypher/res/GeoIP/Flags/GL.ico
cypher/res/GeoIP/Flags/GM.ico
cypher/res/GeoIP/Flags/GN.ico
cypher/res/GeoIP/Flags/GQ.ico
cypher/res/GeoIP/Flags/GR.ico
cypher/res/GeoIP/Flags/GS.ico
cypher/res/GeoIP/Flags/GT.ico
cypher/res/GeoIP/Flags/GU.ico
cypher/res/GeoIP/Flags/GW.ico
cypher/res/GeoIP/Flags/GY.ico
cypher/res/GeoIP/Flags/HK.ico
cypher/res/GeoIP/Flags/HN.ico
cypher/res/GeoIP/Flags/HR.ico
cypher/res/GeoIP/Flags/HT.ico
cypher/res/GeoIP/Flags/HU.ico
cypher/res/GeoIP/Flags/IC.ico
cypher/res/GeoIP/Flags/ID.ico
cypher/res/GeoIP/Flags/IE.ico
cypher/res/GeoIP/Flags/IL.ico
cypher/res/GeoIP/Flags/IM.ico
cypher/res/GeoIP/Flags/IN.ico
cypher/res/GeoIP/Flags/IQ.ico
cypher/res/GeoIP/Flags/IR.ico
cypher/res/GeoIP/Flags/IS.ico
cypher/res/GeoIP/Flags/IT.ico
cypher/res/GeoIP/Flags/JE.ico
cypher/res/GeoIP/Flags/JM.ico
cypher/res/GeoIP/Flags/JO.ico
cypher/res/GeoIP/Flags/JP.ico
cypher/res/GeoIP/Flags/KE.ico
cypher/res/GeoIP/Flags/KG.ico
cypher/res/GeoIP/Flags/KH.ico
cypher/res/GeoIP/Flags/KI.ico
cypher/res/GeoIP/Flags/KM.ico
cypher/res/GeoIP/Flags/KN.ico
cypher/res/GeoIP/Flags/KP.ico
cypher/res/GeoIP/Flags/KR.ico
cypher/res/GeoIP/Flags/KW.ico
cypher/res/GeoIP/Flags/KY.ico
cypher/res/GeoIP/Flags/KZ.ico
cypher/res/GeoIP/Flags/LA.ico
cypher/res/GeoIP/Flags/LB.ico
cypher/res/GeoIP/Flags/LC.ico
cypher/res/GeoIP/Flags/LI.ico
cypher/res/GeoIP/Flags/LK.ico
cypher/res/GeoIP/Flags/LR.ico
cypher/res/GeoIP/Flags/LS.ico
cypher/res/GeoIP/Flags/LT.ico
cypher/res/GeoIP/Flags/LU.ico
cypher/res/GeoIP/Flags/LV.ico
cypher/res/GeoIP/Flags/LY.ico
cypher/res/GeoIP/Flags/MA.ico
cypher/res/GeoIP/Flags/MC.ico
cypher/res/GeoIP/Flags/MD.ico
cypher/res/GeoIP/Flags/ME.ico
cypher/res/GeoIP/Flags/MF.ico
cypher/res/GeoIP/Flags/MG.ico
cypher/res/GeoIP/Flags/MH.ico
cypher/res/GeoIP/Flags/MK.ico
cypher/res/GeoIP/Flags/ML.ico
cypher/res/GeoIP/Flags/MM.ico
cypher/res/GeoIP/Flags/MN.ico
cypher/res/GeoIP/Flags/MO.ico
cypher/res/GeoIP/Flags/MP.ico
cypher/res/GeoIP/Flags/MQ.ico
cypher/res/GeoIP/Flags/MR.ico
cypher/res/GeoIP/Flags/MS.ico
cypher/res/GeoIP/Flags/MT.ico
cypher/res/GeoIP/Flags/MU.ico
cypher/res/GeoIP/Flags/MV.ico
cypher/res/GeoIP/Flags/MW.ico
cypher/res/GeoIP/Flags/MX.ico
cypher/res/GeoIP/Flags/MY.ico
cypher/res/GeoIP/Flags/MZ.ico
cypher/res/GeoIP/Flags/NA.ico
cypher/res/GeoIP/Flags/NC.ico
cypher/res/GeoIP/Flags/NE.ico
cypher/res/GeoIP/Flags/NF.ico
cypher/res/GeoIP/Flags/NG.ico
cypher/res/GeoIP/Flags/NI.ico
cypher/res/GeoIP/Flags/NL.ico
cypher/res/GeoIP/Flags/NO.ico
cypher/res/GeoIP/Flags/NP.ico
cypher/res/GeoIP/Flags/NR.ico
cypher/res/GeoIP/Flags/NU.ico
cypher/res/GeoIP/Flags/NZ.ico
cypher/res/GeoIP/Flags/OM.ico
cypher/res/GeoIP/Flags/PA.ico
cypher/res/GeoIP/Flags/PE.ico
cypher/res/GeoIP/Flags/PF.ico
cypher/res/GeoIP/Flags/PG.ico
cypher/res/GeoIP/Flags/PH.ico
cypher/res/GeoIP/Flags/PK.ico
cypher/res/GeoIP/Flags/PL.ico
cypher/res/GeoIP/Flags/PN.ico
cypher/res/GeoIP/Flags/PR.ico
cypher/res/GeoIP/Flags/PS.ico
cypher/res/GeoIP/Flags/PT.ico
cypher/res/GeoIP/Flags/PW.ico
cypher/res/GeoIP/Flags/PY.ico
cypher/res/GeoIP/Flags/QA.ico
cypher/res/GeoIP/Flags/RO.ico
cypher/res/GeoIP/Flags/RS.ico
cypher/res/GeoIP/Flags/RU.ico
cypher/res/GeoIP/Flags/RW.ico
cypher/res/GeoIP/Flags/SA.ico
cypher/res/GeoIP/Flags/SB.ico
cypher/res/GeoIP/Flags/SC.ico
cypher/res/GeoIP/Flags/SD.ico
cypher/res/GeoIP/Flags/SE.ico
cypher/res/GeoIP/Flags/SG.ico
cypher/res/GeoIP/Flags/SH.ico
cypher/res/GeoIP/Flags/SI.ico
cypher/res/GeoIP/Flags/SK.ico
cypher/res/GeoIP/Flags/SL.ico
cypher/res/GeoIP/Flags/SM.ico
cypher/res/GeoIP/Flags/SN.ico
cypher/res/GeoIP/Flags/SO.ico
cypher/res/GeoIP/Flags/SR.ico
cypher/res/GeoIP/Flags/SS.ico
cypher/res/GeoIP/Flags/ST.ico
cypher/res/GeoIP/Flags/SV.ico
cypher/res/GeoIP/Flags/SY.ico
cypher/res/GeoIP/Flags/SZ.ico
cypher/res/GeoIP/Flags/TC.ico
cypher/res/GeoIP/Flags/TD.ico
cypher/res/GeoIP/Flags/TF.ico
cypher/res/GeoIP/Flags/TG.ico
cypher/res/GeoIP/Flags/TH.ico
cypher/res/GeoIP/Flags/TJ.ico
cypher/res/GeoIP/Flags/TK.ico
cypher/res/GeoIP/Flags/TL.ico
cypher/res/GeoIP/Flags/TM.ico
cypher/res/GeoIP/Flags/TN.ico
cypher/res/GeoIP/Flags/TO.ico
cypher/res/GeoIP/Flags/TR.ico
cypher/res/GeoIP/Flags/TT.ico
cypher/res/GeoIP/Flags/TV.ico
cypher/res/GeoIP/Flags/TW.ico
cypher/res/GeoIP/Flags/TZ.ico
cypher/res/GeoIP/Flags/UA.ico
cypher/res/GeoIP/Flags/UG.ico
cypher/res/GeoIP/Flags/US.ico
cypher/res/GeoIP/Flags/UY.ico
cypher/res/GeoIP/Flags/UZ.ico
cypher/res/GeoIP/Flags/VA.ico
cypher/res/GeoIP/Flags/VC.ico
cypher/res/GeoIP/Flags/VE.ico
cypher/res/GeoIP/Flags/VG.ico
cypher/res/GeoIP/Flags/VI.ico
cypher/res/GeoIP/Flags/VN.ico
cypher/res/GeoIP/Flags/VU.ico
cypher/res/GeoIP/Flags/WF.ico
cypher/res/GeoIP/Flags/WS.ico
cypher/res/GeoIP/Flags/YE.ico
cypher/res/GeoIP/Flags/YT.ico
cypher/res/GeoIP/Flags/ZA.ico
cypher/res/GeoIP/Flags/ZM.ico
cypher/res/GeoIP/Flags/ZW.ico
cypher/res/GeoIP/Flags/_abkhazia.ico
cypher/res/GeoIP/Flags/_basque-country.ico
cypher/res/GeoIP/Flags/_british-antarctic-territory.ico
cypher/res/GeoIP/Flags/_commonwealth.ico
cypher/res/GeoIP/Flags/_england.ico
cypher/res/GeoIP/Flags/_gosquared.ico
cypher/res/GeoIP/Flags/_kosovo.ico
cypher/res/GeoIP/Flags/_mars.ico
cypher/res/GeoIP/Flags/_nagorno-karabakh.ico
cypher/res/GeoIP/Flags/_nato.ico
cypher/res/GeoIP/Flags/_northern-cyprus.ico
cypher/res/GeoIP/Flags/_olympics.ico
cypher/res/GeoIP/Flags/_red-cross.ico
cypher/res/GeoIP/Flags/_scotland.ico
cypher/res/GeoIP/Flags/_somaliland.ico
cypher/res/GeoIP/Flags/_south-ossetia.ico
cypher/res/GeoIP/Flags/_united-nations.ico
cypher/res/GeoIP/Flags/_wales.ico
cypher/res/GeoIP/GeoIP.dat
cypher/res/Icons/Apps/air_translate.png
.png
cypher/res/Icons/Apps/alarm.png
.png
cypher/res/Icons/Apps/always_on_display.png
.png
cypher/res/Icons/Apps/artcanvas.png
.png
cypher/res/Icons/Apps/backup_and_restore.png
.png
cypher/res/Icons/Apps/billing.png
.png
cypher/res/Icons/Apps/bixby.png
.png
cypher/res/Icons/Apps/bixby_vision.png
.png
cypher/res/Icons/Apps/bookmark.png
.png
cypher/res/Icons/Apps/calculator.png
.png
cypher/res/Icons/Apps/calendar.png
.png
cypher/res/Icons/Apps/camera.png
.png
cypher/res/Icons/Apps/capture.png
.png
cypher/res/Icons/Apps/car_mode.png
.png
cypher/res/Icons/Apps/clock.png
.png
cypher/res/Icons/Apps/clock_bg.png
.png
cypher/res/Icons/Apps/connect.png
.png
cypher/res/Icons/Apps/contacts.png
.png
cypher/res/Icons/Apps/device_maintenance.png
.png
cypher/res/Icons/Apps/document.png
.png
cypher/res/Icons/Apps/edge_screen.png
.png
cypher/res/Icons/Apps/email.png
.png
cypher/res/Icons/Apps/enhanced_features.png
.png
cypher/res/Icons/Apps/flow.png
.png
cypher/res/Icons/Apps/galaxy_apps.png
.png
cypher/res/Icons/Apps/gallery.png
.png
cypher/res/Icons/Apps/game_launcher.png
.png
cypher/res/Icons/Apps/gear_360.png
.png
cypher/res/Icons/Apps/gear_manager.png
.png
cypher/res/Icons/Apps/health.png
.png
cypher/res/Icons/Apps/home.png
.png
cypher/res/Icons/Apps/ic_bg_container.png
.png
cypher/res/Icons/Apps/ic_bg_container_mask.png
.png
cypher/res/Icons/Apps/ic_launcher.png
.png
cypher/res/Icons/Apps/image.png
.png
cypher/res/Icons/Apps/internet.png
.png
cypher/res/Icons/Apps/keyboard.png
.png
cypher/res/Icons/Apps/knox.png
.png
cypher/res/Icons/Apps/knox_2.png
.png
cypher/res/Icons/Apps/launcher.png
.png
cypher/res/Icons/Apps/led_icon_editor.png
.png
cypher/res/Icons/Apps/link_sharing.png
.png
cypher/res/Icons/Apps/live_drawing.png
.png
cypher/res/Icons/Apps/lockscreen.png
.png
cypher/res/Icons/Apps/members.png
.png
cypher/res/Icons/Apps/memo.png
.png
cypher/res/Icons/Apps/messaging.png
.png
cypher/res/Icons/Apps/milk.png
.png
cypher/res/Icons/Apps/music.png
.png
cypher/res/Icons/Apps/my_files.png
.png
cypher/res/Icons/Apps/myfiles_list_amr.png
.png
cypher/res/Icons/Apps/myfiles_list_apk.png
.png
cypher/res/Icons/Apps/myfiles_list_contact.png
.png
cypher/res/Icons/Apps/myfiles_list_eml.png
.png
cypher/res/Icons/Apps/myfiles_list_etc.png
.png
cypher/res/Icons/Apps/myfiles_list_gallery.png
.png
cypher/res/Icons/Apps/myfiles_list_html.png
.png
cypher/res/Icons/Apps/myfiles_list_hwp.png
.png
cypher/res/Icons/Apps/myfiles_list_memo.png
.png
cypher/res/Icons/Apps/myfiles_list_music.png
.png
cypher/res/Icons/Apps/myfiles_list_pdf.png
.png
cypher/res/Icons/Apps/myfiles_list_ppt.png
.png
cypher/res/Icons/Apps/myfiles_list_raw.png
.png
cypher/res/Icons/Apps/myfiles_list_s_planner.png
.png
cypher/res/Icons/Apps/myfiles_list_scrapbook.png
.png
cypher/res/Icons/Apps/myfiles_list_sdoc.png
.png
cypher/res/Icons/Apps/myfiles_list_snb.png
.png
cypher/res/Icons/Apps/myfiles_list_spd.png
.png
cypher/res/Icons/Apps/myfiles_list_storyalbum.png
.png
cypher/res/Icons/Apps/myfiles_list_task.png
.png
cypher/res/Icons/Apps/myfiles_list_txt.png
.png
cypher/res/Icons/Apps/myfiles_list_video.png
.png
cypher/res/Icons/Apps/myfiles_list_vtext.png
.png
cypher/res/Icons/Apps/myfiles_list_word.png
.png
cypher/res/Icons/Apps/myfiles_list_xls.png
.png
cypher/res/Icons/Apps/myfiles_list_zip.png
.png
cypher/res/Icons/Apps/myfiles_thumb_folder_home.png
.png
cypher/res/Icons/Apps/notes.png
.png
cypher/res/Icons/Apps/optical_reader.png
.png
cypher/res/Icons/Apps/pass.png
.png
cypher/res/Icons/Apps/pay.png
.png
cypher/res/Icons/Apps/penup.png
.png
cypher/res/Icons/Apps/phone.png
.png
cypher/res/Icons/Apps/phone_log.png
.png
cypher/res/Icons/Apps/photo360_editor.png
.png
cypher/res/Icons/Apps/photo_editor.png
.png
cypher/res/Icons/Apps/protect.png
.png
cypher/res/Icons/Apps/recorder_audio.png
.png
cypher/res/Icons/Apps/reminder.png
.png
cypher/res/Icons/Apps/s_health.png
.png
cypher/res/Icons/Apps/s_protect.png
.png
cypher/res/Icons/Apps/s_translator.png
.png
cypher/res/Icons/Apps/samsung_pay.png
.png
cypher/res/Icons/Apps/secure_folder.png
.png
cypher/res/Icons/Apps/settings.png
.png
cypher/res/Icons/Apps/smart_switch.png
.png
cypher/res/Icons/Apps/smart_view.png
.png
cypher/res/Icons/Apps/soundcamp.png
.png
cypher/res/Icons/Apps/story_album.png
.png
cypher/res/Icons/Apps/svoice.png
.png
cypher/res/Icons/Apps/theme_store.png
.png
cypher/res/Icons/Apps/translator.png
.png
cypher/res/Icons/Apps/video_editor.png
.png
cypher/res/Icons/Apps/video_library.png
.png
cypher/res/Icons/FillEllipse/Account.png
.png
cypher/res/Icons/FillEllipse/CLICKED.png
.png
cypher/res/Icons/FillEllipse/FOCUSED.png
.png
cypher/res/Icons/FillEllipse/Incoming.png
.png
cypher/res/Icons/FillEllipse/LONG CLICKED.png
.png
cypher/res/Icons/FillEllipse/Missed.png
.png
cypher/res/Icons/FillEllipse/NA.png
.png
cypher/res/Icons/FillEllipse/NOTIFICATION.png
.png
cypher/res/Icons/FillEllipse/Outgoing.png
.png
cypher/res/Icons/FillEllipse/System.png
.png
cypher/res/Icons/FillEllipse/TEXT.png
.png
cypher/res/Icons/FillEllipse/User.png
.png
cypher/res/Icons/FillEllipse/WINDOW CHANGED.png
.png
cypher/res/Icons/FillEllipse/null.png
.png
cypher/res/Icons/Menu_Items/17/account.png
.png
cypher/res/Icons/Menu_Items/17/add.png
.png
cypher/res/Icons/Menu_Items/17/applications.png
.png
cypher/res/Icons/Menu_Items/17/callphone.png
.png
cypher/res/Icons/Menu_Items/17/calls.png
.png
cypher/res/Icons/Menu_Items/17/camera.png
.png
cypher/res/Icons/Menu_Items/17/clipboard.png
.png
cypher/res/Icons/Menu_Items/17/contacts.png
.png
cypher/res/Icons/Menu_Items/17/copy.png
.png
cypher/res/Icons/Menu_Items/17/cut.png
.png
cypher/res/Icons/Menu_Items/17/decode.png
.png
cypher/res/Icons/Menu_Items/17/delete.png
.png
cypher/res/Icons/Menu_Items/17/download.png
.png
cypher/res/Icons/Menu_Items/17/downloads.png
.png
cypher/res/Icons/Menu_Items/17/edit.png
.png
cypher/res/Icons/Menu_Items/17/encrypt.png
.png
cypher/res/Icons/Menu_Items/17/folder.png
.png
cypher/res/Icons/Menu_Items/17/hidden.png
.png
cypher/res/Icons/Menu_Items/17/info.png
.png
cypher/res/Icons/Menu_Items/17/keylogger.png
.png
cypher/res/Icons/Menu_Items/17/location.png
.png
cypher/res/Icons/Menu_Items/17/microphone.png
.png
cypher/res/Icons/Menu_Items/17/open.png
.png
cypher/res/Icons/Menu_Items/17/paste.png
.png
cypher/res/Icons/Menu_Items/17/paths.png
.png
cypher/res/Icons/Menu_Items/17/playsound.png
.png
cypher/res/Icons/Menu_Items/17/refresh.png
.png
cypher/res/Icons/Menu_Items/17/rename.png
.png
cypher/res/Icons/Menu_Items/17/server.png
.png
cypher/res/Icons/Menu_Items/17/show.png
.png
cypher/res/Icons/Menu_Items/17/sms.png
.png
cypher/res/Icons/Menu_Items/17/terminal.png
.png
cypher/res/Icons/Menu_Items/17/unzip.png
.png
cypher/res/Icons/Menu_Items/17/upload.png
.png
cypher/res/Icons/Menu_Items/17/viewfile.png
.png
cypher/res/Icons/Menu_Items/17/wallpaper.png
.png
cypher/res/Icons/Menu_Items/17/zip.png
.png
cypher/res/Icons/apk.ico
cypher/res/Icons/win/1.ico
cypher/res/Icons/win/10.ico
cypher/res/Icons/win/11.ico
cypher/res/Icons/win/12.ico
cypher/res/Icons/win/13.ico
cypher/res/Icons/win/14.ico
cypher/res/Icons/win/15.ico
cypher/res/Icons/win/16.ico
cypher/res/Icons/win/17.ico
cypher/res/Icons/win/18.ico
cypher/res/Icons/win/19.ico
cypher/res/Icons/win/2.ico
cypher/res/Icons/win/20.ico
cypher/res/Icons/win/3.ico
cypher/res/Icons/win/4.ico
cypher/res/Icons/win/5.ico
cypher/res/Icons/win/6.ico
cypher/res/Icons/win/7.ico
cypher/res/Icons/win/8.ico
cypher/res/Icons/win/9.ico
cypher/res/Lib/platformBinary.zip
.zip
cypher/res/Plugins/Android/gen-1.pl
.dex
cypher/res/Plugins/Android/gen-2.pl
cypher/res/Plugins/Android/gen-3.pl
cypher/res/Plugins/Android/gen-4.pl
.dex
cypher/res/Plugins/Android/gen-5.pl
.dex
cypher/res/Plugins/Android/gen-6.pl
cypher/res/Plugins/Android/gen-7.pl
cypher/res/Plugins/Android/gen-8.pl

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 433KB - Virtual size: 433KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 496KB - Virtual size: 495KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:cb:d9:52:06:53:bf:3e:2a:59:00:00:00:00:00:cbCertificate

Extended Key Usages

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

2b:e3:a3:2d:f8:71:76:9b:66:a7:70:02:ef:69:91:70:2e:1d:d6:c5:f3:f4:b4:cf:e9:62:5e:c5:de:66:cf:77Signer

14:b0:8e:4d:e3:ae:df:ee:dd:e1:6b:b6:23:93:9d:2a:c5:d1:47:94Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 41KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 9.6MB - Virtual size: 9.6MB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 433KB - Virtual size: 433KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 496KB - Virtual size: 495KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:cb:d9:52:06:53:bf:3e:2a:59:00:00:00:00:00:cb
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

2b:e3:a3:2d:f8:71:76:9b:66:a7:70:02:ef:69:91:70:2e:1d:d6:c5:f3:f4:b4:cf:e9:62:5e:c5:de:66:cf:77
Signer

14:b0:8e:4d:e3:ae:df:ee:dd:e1:6b:b6:23:93:9d:2a:c5:d1:47:94
Signer

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B