usb_tatoo[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

usb_tatoo.rar
Size

25.2MB
MD5

c51f6ebae78be8a3894ab3ff90e94ad5
SHA1

5159072dd605f44e901f8ad411d9b2ffc9a9765a
SHA256

bd32b9fe16cdd4670d13240b1b568800223e7579584298de1b6d7996fc55db69
SHA512

15b5d39d435db121a90b8adf3f9a79fdab5082a916369e1053d10fd501c01836a4b0143be6284ee99c5ee7ca296fbda4d9a1c0ce542121a30229b942377129df
SSDEEP

786432:vYUbLGC5KQa//QDic4mg8Gs7Z1Fnb2RBb8B:Q2GDQ8yf7Z1Fnb2bI

Score

7^/10

pdf link upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/setup.exe	upx

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/s.jpg.exe
unpack001/setup.exe

Files

usb_tatoo.rar
.rar
9788483432914_L33_24.pdf
.pdf
- http://www.cedro.org
- http://www.conlicencia.com
- http://www.editorialbambu.comwww.bambulector.com
BMT.ps1
.ps1
autorun.inf
backup.zip
.zip
nishang-master/.gitattributes
nishang-master/.gitignore
nishang-master/ActiveDirectory/Add-ConstrainedDelegationBackdoor.ps1
.ps1
nishang-master/ActiveDirectory/Set-DCShadowPermissions.ps1
.ps1
nishang-master/Antak-WebShell/Readme.md
nishang-master/Antak-WebShell/antak.aspx
.asp .ps1
nishang-master/Backdoors/Add-ConstrainedDelegationBackdoor.ps1
.ps1
nishang-master/Backdoors/Add-RegBackdoor.ps1
.ps1
nishang-master/Backdoors/Add-ScrnSaveBackdoor.ps1
.ps1
nishang-master/Backdoors/DNS_TXT_Pwnage.ps1
.ps1
nishang-master/Backdoors/Execute-OnTime.ps1
.ps1
nishang-master/Backdoors/Gupt-Backdoor.ps1
.ps1
nishang-master/Backdoors/HTTP-Backdoor.ps1
.ps1
nishang-master/Backdoors/Invoke-ADSBackdoor.ps1
.ps1
nishang-master/Backdoors/Set-RemotePSRemoting.ps1
.ps1
nishang-master/Backdoors/Set-RemoteWMI.ps1
.ps1
nishang-master/Bypass/Invoke-AmsiBypass.ps1
.ps1
nishang-master/CHANGELOG.txt
nishang-master/Client/Out-CHM.ps1
.ps1
nishang-master/Client/Out-Excel.ps1
.ps1
nishang-master/Client/Out-HTA.ps1
.ps1
nishang-master/Client/Out-JS.ps1
.ps1
nishang-master/Client/Out-Java.ps1
.ps1
nishang-master/Client/Out-SCF.ps1
.ps1
nishang-master/Client/Out-SCT.ps1
.ps1
nishang-master/Client/Out-Shortcut.ps1
.ps1
nishang-master/Client/Out-WebQuery.ps1
.ps1
nishang-master/Client/Out-Word.ps1
.ps1
nishang-master/DISCLAIMER.txt
nishang-master/Escalation/Enable-DuplicateToken.ps1
.ps1
nishang-master/Escalation/Invoke-PsUACme.ps1
.ps1
nishang-master/Escalation/Remove-Update.ps1
.ps1
nishang-master/Execution/Download-Execute-PS.ps1
.ps1
nishang-master/Execution/Download_Execute.ps1
.ps1
nishang-master/Execution/Execute-Command-MSSQL.ps1
.ps1
nishang-master/Execution/Execute-DNSTXT-Code.ps1
.ps1
nishang-master/Execution/Out-RundllCommand.ps1
.ps1
nishang-master/Gather/Check-VM.ps1
.ps1
nishang-master/Gather/Copy-VSS.ps1
.ps1
nishang-master/Gather/FireBuster.ps1
.ps1
nishang-master/Gather/FireListener.ps1
.ps1
nishang-master/Gather/Get-Information.ps1
.ps1
nishang-master/Gather/Get-LSASecret.ps1
.ps1
nishang-master/Gather/Get-PassHashes.ps1
.ps1
nishang-master/Gather/Get-PassHints.ps1
.ps1
nishang-master/Gather/Get-WLAN-Keys.ps1
.ps1
nishang-master/Gather/Get-WebCredentials.ps1
.ps1
nishang-master/Gather/Invoke-CredentialsPhish.ps1
.ps1
nishang-master/Gather/Invoke-Mimikatz.ps1
.ps1
nishang-master/Gather/Invoke-MimikatzWDigestDowngrade.ps1
.ps1
nishang-master/Gather/Invoke-Mimikittenz.ps1
.ps1
nishang-master/Gather/Invoke-SSIDExfil.ps1
.ps1
nishang-master/Gather/Invoke-SessionGopher.ps1
.ps1
nishang-master/Gather/Keylogger.ps1
.ps1
nishang-master/Gather/Show-TargetScreen.ps1
.ps1
nishang-master/LICENSE
nishang-master/MITM/Invoke-Interceptor.ps1
.ps1
nishang-master/Misc/Nishang_Logo.png
.png
nishang-master/Misc/Nishang_logo_small.png
.png
nishang-master/Misc/Speak.ps1
.ps1
nishang-master/Pivot/Create-MultipleSessions.ps1
.ps1
nishang-master/Pivot/Invoke-NetworkRelay.ps1
.ps1
nishang-master/Pivot/Run-EXEonRemote.ps1
.ps1
nishang-master/Prasadhak/Invoke-Prasadhak.ps1
.ps1
nishang-master/README.md
nishang-master/Scan/Invoke-BruteForce.ps1
.ps1
nishang-master/Scan/Invoke-PortScan.ps1
.ps1
nishang-master/Shells/Invoke-ConPtyShell.ps1
.ps1
nishang-master/Shells/Invoke-JSRatRegsvr.ps1
.ps1
nishang-master/Shells/Invoke-JSRatRundll.ps1
.ps1 .js
nishang-master/Shells/Invoke-PoshRatHttp.ps1
.ps1
nishang-master/Shells/Invoke-PoshRatHttps.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellIcmp.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellTcp.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellTcpOneLine.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellTcpOneLineBind.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellUdp.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellUdpOneLine.ps1
.ps1
nishang-master/Shells/Invoke-PowerShellWmi.ps1
.ps1
nishang-master/Shells/Invoke-PsGcat.ps1
.ps1
nishang-master/Shells/Invoke-PsGcatAgent.ps1
.ps1
nishang-master/Shells/Remove-PoshRat.ps1
.ps1
nishang-master/Utility/Add-Exfiltration.ps1
.ps1
nishang-master/Utility/Add-Persistence.ps1
.ps1
nishang-master/Utility/Base64ToString.ps1
.ps1
nishang-master/Utility/ConvertTo-ROT13.ps1
.ps1
nishang-master/Utility/Do-Exfiltration.ps1
.ps1
nishang-master/Utility/Download.ps1
.ps1
nishang-master/Utility/ExetoText.ps1
.ps1
nishang-master/Utility/Invoke-Decode.ps1
.ps1
nishang-master/Utility/Invoke-Encode.ps1
.ps1
nishang-master/Utility/Out-DnsTxt.ps1
.ps1
nishang-master/Utility/Parse_Keys.ps1
.ps1
nishang-master/Utility/Remove-Persistence.ps1
.ps1
nishang-master/Utility/Start-CaptureServer.ps1
.ps1
nishang-master/Utility/StringToBase64.ps1
.ps1
nishang-master/Utility/TexttoExe.ps1
.ps1
nishang-master/nishang.psm1
.ps1
nishang-master/powerpreter/Powerpreter.psm1
.ps1
nishang-master/powerpreter/README.md
desktop.lnk
.lnk
mail.docx
.docx office2007
rz.exe
.exe windows x86

48aa5c8931746a9655524f67b25a47ef

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:45:63:ad:ea:d3:fe:da:c7:bd:44:ec:5c:59:05:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/09/2013, 00:00

Not After

02/08/2016, 23:59

Subject

CN=Razer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Razer Inc.,L=George Town,ST=Cayman Islands,C=KY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:8b:14:27:d5:99:df:d0:ae:29:55:67:c4:98:d0:3f:5e:38:67:17
Signer

Actual PE Digest

ce:8b:14:27:d5:99:df:d0:ae:29:55:67:c4:98:d0:3f:5e:38:67:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
s.jpg.exe
.exe windows x86

067bfba6a76ac305f9182c8f24b5d45c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

cygcrypto-1.0.0

BIO_free
BIO_new_file
BN_bin2bn
DH_free
DH_new
ERR_error_string
ERR_error_string_n
ERR_func_error_string
ERR_get_error
ERR_lib_error_string
ERR_peek_error
ERR_reason_error_string
OPENSSL_add_all_algorithms_noconf
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
PEM_read_bio_DHparams
RAND_egd
RAND_seed
RAND_status
X509_NAME_oneline
X509_free
X509_get_issuer_name
X509_get_subject_name

cygwin1

__assert_func
__ctype_ptr__
__errno
__getreent
__main
__res_init
__res_state
_chown32
_dll_crt0@0
_fchown32
_fcntl64
_fdopen64
_fopen64
_fstat64
_ftruncate64
_getegid32
_geteuid32
_getgid32
_getgrent32
_getgrnam32
_getgroups32
_getpwuid32
_getuid32
_impure_ptr
_initgroups32
_lseek64
_lstat64
_mknod32
_open64
_setgid32
_setgroups32
_setuid32
_stat64
abort
accept
alarm
asctime
atexit
atoi
bind
calloc
chdir
chmod
chroot
close
connect
creat
cygwin_detach_dll
cygwin_internal
div
dll_dllcrt0
dup
dup2
endgrent
execvp
exit
fchmod
fclose
fflush
fileno
flock
fork
fprintf
fputc
fputs
free
freeaddrinfo
fwrite
gai_strerror
getaddrinfo
getenv
gethostbyname
gethostname
getpeername
getpgid
getpgrp
getpid
getppid
getpwnam
getservbyname
getsid
getsockname
getsockopt
gettimeofday
grantpt
h_errno
hstrerror
if_indextoname
inet_ntop
ioctl
isatty
kill
link
listen
localtime
localtime_r
malloc
memcpy
memmove
memset
mkfifo
mkstemp
nanosleep
openlog
openpty
pause
pipe
poll
ptsname
putc
random
read
readlink
realloc
recv
recvfrom
recvmsg
regcomp
regerror
regexec
select
send
sendto
setenv
setgrent
setpgid
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srandom
strcasecmp
strchr
strcmp
strcpy
strdup
strerror
strftime
strncmp
strncpy
strrchr
strstr
strtod
strtol
strtoll
strtoul
symlink
syslog
system
tcgetattr
tcgetpgrp
tcsetattr
tcsetpgrp
toupper
ttyname
umask
uname
unlink
unlockpt
unsetenv
usleep
vsnprintf
waitpid
write

cygreadline7

add_history
append_history
read_history
readline
using_history
where_history
write_history

cygssl-1.0.0

SSL_CIPHER_get_name
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_accept
SSL_connect
SSL_free
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_error
SSL_get_peer_certificate
SSL_get_verify_result
SSL_library_init
SSL_load_error_strings
SSL_new
SSL_pending
SSL_read
SSL_set_cipher_list
SSL_set_fd
SSL_shutdown
SSL_write
SSLv23_client_method
SSLv23_server_method
SSLv2_server_method
SSLv3_client_method
SSLv3_server_method
TLSv1_client_method
TLSv1_server_method

cygwrap-0

hosts_access
hosts_access_verbose
hosts_allow_table
hosts_deny_table
request_init
sock_hostaddr
sock_hostname

kernel32

GetModuleHandleA
GetProcAddress

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 1024B - Virtual size: 581B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/87
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 1024B - Virtual size: 1015B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/134
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 644KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48aa5c8931746a9655524f67b25a47ef

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4e:45:63:ad:ea:d3:fe:da:c7:bd:44:ec:5c:59:05:77Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ce:8b:14:27:d5:99:df:d0:ae:29:55:67:c4:98:d0:3f:5e:38:67:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 60KB - Virtual size: 60KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 159KB - Virtual size: 158KB

067bfba6a76ac305f9182c8f24b5d45c

Headers

DLL Characteristics

File Characteristics

Imports

cygcrypto-1.0.0

cygwin1

cygreadline7

cygssl-1.0.0

cygwrap-0

kernel32

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 72KB - Virtual size: 71KB

.rdata Size: 512B - Virtual size: 96B

/4 Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 5KB

.idata Size: 7KB - Virtual size: 6KB

/14 Size: 512B - Virtual size: 384B

/29 Size: 1024B - Virtual size: 581B

/45 Size: 1KB - Virtual size: 1KB

/61 Size: 19KB - Virtual size: 19KB

/73 Size: 2KB - Virtual size: 2KB

/87 Size: 4KB - Virtual size: 3KB

/99 Size: 1024B - Virtual size: 668B

/112 Size: 512B - Virtual size: 56B

/123 Size: 1024B - Virtual size: 1015B

/134 Size: 512B - Virtual size: 24B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 644KB - Virtual size: 648KB

.rsrc Size: 65KB - Virtual size: 68KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4e:45:63:ad:ea:d3:fe:da:c7:bd:44:ec:5c:59:05:77
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ce:8b:14:27:d5:99:df:d0:ae:29:55:67:c4:98:d0:3f:5e:38:67:17
Signer

.text
Size: 60KB - Virtual size: 60KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 159KB - Virtual size: 158KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 72KB - Virtual size: 71KB

.rdata
Size: 512B - Virtual size: 96B

/4
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 5KB

.idata
Size: 7KB - Virtual size: 6KB

/14
Size: 512B - Virtual size: 384B

/29
Size: 1024B - Virtual size: 581B

/45
Size: 1KB - Virtual size: 1KB

/61
Size: 19KB - Virtual size: 19KB

/73
Size: 2KB - Virtual size: 2KB

/87
Size: 4KB - Virtual size: 3KB

/99
Size: 1024B - Virtual size: 668B

/112
Size: 512B - Virtual size: 56B

/123
Size: 1024B - Virtual size: 1015B

/134
Size: 512B - Virtual size: 24B

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 644KB - Virtual size: 648KB

.rsrc
Size: 65KB - Virtual size: 68KB