clink[.]1[.]5[.]0[.]b4f287[.]zip

Resubmissions

28/06/2023, 06:38

230628-hd63eshe5w 1

28/06/2023, 06:37

230628-hdlfqahe4z 8

Sharing

Copy URL

Twitter E-mail

General

Target

clink.1.5.0.b4f287.zip
Size

2.7MB
MD5

6b5ad541919464e22b0f40abf89c6711
SHA1

f106ac49824c63ce4ab9da9bcbc0924691116dc3
SHA256

cff92dfbcc22a9187dbf081f43695b2f510123e74d260805cf20acf54cec01c8
SHA512

47fa26c6752aadf52137274e652eb7fcd710756c2e29f5b822878117436a58796d8a3b3ca5a35de31d8cfb4288cbb348b809273b841d1268958473ffc316091d
SSDEEP

49152:P10hYBEdQXN9znAcbBzNPnVWq0smt+pDLk/XnFquKhqQ7J81befSLjo/FG:P1CYBEyNZnAc3vvmt+lLk/3ou0qYCY6x

Score

1^/10

Malware Config

Signatures

Files

clink.1.5.0.b4f287.zip
.zip
CHANGES
LICENSE
_default_inputrc
_default_settings
clink.bat
clink.html
.html .js
clink.ico
clink.lua
clink_arm64.exe
clink_blue.ico
clink_cyan.ico
clink_dll_arm64.dll
clink_dll_x64.dll
.dll windows x64

1cf61acd2cecab5ad62461fbc835bb1f

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:63:05:c1:ca:70:a7:eb:48:be:83:c1:f2:d7:62:09:98:9f:99:90:56:46:56:5f:b3:b0:a1:b7:67:e8:97:da
Signer

Actual PE Digest

92:63:05:c1:ca:70:a7:eb:48:be:83:c1:f2:d7:62:09:98:9f:99:90:56:46:56:5f:b3:b0:a1:b7:67:e8:97:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoW

shlwapi

AssocQueryStringW

dbghelp

MiniDumpWriteDump

kernel32

WriteConsoleW
FindFirstFileW
FindClose
CompareFileTime
CreateFileW
WriteFile
GetTickCount
CreateToolhelp32Snapshot
Module32First
Module32Next
GetLocalTime
OpenProcess
LoadLibraryA
GetModuleFileNameW
GetProcAddress
SetEnvironmentVariableW
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetFileSize
ReadFile
GetModuleFileNameA
GetVersionExA
ReadConsoleOutputA
ReadConsoleW
GetEnvironmentVariableW
SetConsoleTitleW
FormatMessageW
GetCurrentThread
GetCurrentProcess
GetFileType
GetProcessId
LockFileEx
UnlockFileEx
SetFilePointer
SetEndOfFile
VirtualAlloc
VirtualFree
GetConsoleAliasW
AddConsoleAliasW
SetConsoleCtrlHandler
GetCurrentDirectoryW
GetConsoleWindow
GetConsoleScreenBufferInfoEx
SetConsoleMode
GetConsoleOutputCP
CompareStringW
GetFileAttributesW
QueryPerformanceFrequency
QueryPerformanceCounter
SetCurrentDirectoryW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
CopyFileW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeProcess
CreateProcessW
DuplicateHandle
FindNextFileW
GetSystemTime
SystemTimeToFileTime
LCMapStringW
GetUserDefaultLCID
GetDateFormatW
GetLocaleInfoW
ReadConsoleOutputCharacterW
CreateEventA
SetEvent
NeedCurrentDirectoryForExePathW
ResetEvent
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetSystemPowerStatus
OutputDebugStringA
GetUserDefaultLangID
GetSystemDefaultLangID
SetFilePointerEx
GetConsoleTitleW
SetConsoleScreenBufferInfoEx
SetLastError
ResumeThread
CreatePipe
SetHandleInformation
CreateJobObjectA
SetInformationJobObject
CreateProcessA
AssignProcessToJobObject
GetSystemInfo
ReadProcessMemory
IsWow64Process
Thread32First
OpenThread
SuspendThread
Thread32Next
CreateRemoteThread
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
Sleep
FlushInstructionCache
GetConsoleCursorInfo
SetConsoleCursorInfo
WaitForMultipleObjects
PeekConsoleInputW
GetCurrentConsoleFontEx
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
ScrollConsoleScreenBufferA
ReadConsoleOutputAttribute
VirtualProtect
VirtualQuery
ReadConsoleInputW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
FormatMessageA
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
GetCommandLineA
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFileTime
TzSpecificLocalTimeToSystemTime
FindFirstFileExW
HeapAlloc
HeapFree
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
MoveFileExW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
HeapSize
TerminateThread
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetStdHandle
SetConsoleActiveScreenBuffer
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
GetConsoleMode
CreateConsoleScreenBuffer
WriteConsoleInputA
GetStdHandle
WaitForSingleObject
CreateThread
CloseHandle
GetNativeSystemInfo
GetLastError
LocalFree
WideCharToMultiByte
GetCommandLineW
WriteProcessMemory
LoadLibraryExA

user32

MapVirtualKeyW
GetKeyState
SetClipboardData
EmptyClipboard
IsWindowVisible
GetClipboardData
OpenClipboard
SendMessageA
GetDoubleClickTime
CharLowerW
GetWindowLongW
GetCursorPos
SystemParametersInfoA
MessageBeep
GetKeyNameTextW
CloseClipboard

gdi32

CreateFontIndirectW
SelectObject
GetTextMetricsW
SaveDC
GetObjectW
DeleteObject
DeleteDC
RestoreDC
GetTextExtentPoint32W
GetCharABCWidthsW
CreateCompatibleDC
GetCharWidth32W

advapi32

OpenProcessToken
RegGetValueA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
GetTokenInformation
OpenThreadToken
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

Exports

Exports

?loader_main_thunk@@YAHXZ

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clink_dll_x86.dll
.dll windows x86

657aceca1b3d43221fc276ca1f78dc81

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:22:b2:68:60:18:01:99:74:05:5d:34:19:83:ce:3f:ca:2c:6e:12:1e:a3:2f:5a:c8:70:59:4e:2b:20:70:69
Signer

Actual PE Digest

98:22:b2:68:60:18:01:99:74:05:5d:34:19:83:ce:3f:ca:2c:6e:12:1e:a3:2f:5a:c8:70:59:4e:2b:20:70:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoW

shlwapi

AssocQueryStringW

dbghelp

MiniDumpWriteDump

kernel32

WriteConsoleW
FindFirstFileW
FindClose
CompareFileTime
CreateFileW
WriteFile
GetTickCount
CreateToolhelp32Snapshot
Module32First
Module32Next
GetLocalTime
OpenProcess
LoadLibraryA
GetModuleFileNameW
GetProcAddress
SetEnvironmentVariableW
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetFileSize
ReadFile
GetModuleFileNameA
GetVersionExA
ReadConsoleOutputA
ReadConsoleW
GetEnvironmentVariableW
SetConsoleTitleW
FormatMessageW
GetCurrentThread
GetCurrentProcess
GetFileType
GetProcessId
LockFileEx
UnlockFileEx
SetFilePointer
SetEndOfFile
VirtualAlloc
VirtualFree
GetConsoleAliasW
AddConsoleAliasW
SetConsoleCtrlHandler
GetCurrentDirectoryW
GetConsoleWindow
GetConsoleScreenBufferInfoEx
SetConsoleMode
GetConsoleOutputCP
CompareStringW
GetFileAttributesW
QueryPerformanceFrequency
QueryPerformanceCounter
SetCurrentDirectoryW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
CopyFileW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeProcess
CreateProcessW
DuplicateHandle
FindNextFileW
GetSystemTime
SystemTimeToFileTime
LCMapStringW
GetUserDefaultLCID
GetDateFormatW
GetLocaleInfoW
ReadConsoleOutputCharacterW
CreateEventA
SetEvent
NeedCurrentDirectoryForExePathW
ResetEvent
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetSystemPowerStatus
OutputDebugStringA
GetUserDefaultLangID
GetSystemDefaultLangID
SetFilePointerEx
GetConsoleTitleW
SetConsoleScreenBufferInfoEx
SetLastError
ResumeThread
CreatePipe
SetHandleInformation
CreateJobObjectA
SetInformationJobObject
CreateProcessA
AssignProcessToJobObject
GetSystemInfo
ReadProcessMemory
IsWow64Process
Thread32First
OpenThread
SuspendThread
Thread32Next
CreateRemoteThread
VirtualQueryEx
Sleep
VirtualFreeEx
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
GetConsoleCursorInfo
SetConsoleCursorInfo
WaitForMultipleObjects
PeekConsoleInputW
GetCurrentConsoleFontEx
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
ScrollConsoleScreenBufferA
ReadConsoleOutputAttribute
VirtualProtect
ReadConsoleInputW
VirtualQuery
LoadLibraryExA
GetModuleHandleW
FreeLibrary
LoadLibraryExW
FormatMessageA
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
RtlUnwind
InterlockedFlushSList
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
SetFileTime
TzSpecificLocalTimeToSystemTime
FindFirstFileExW
HeapAlloc
HeapFree
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
MoveFileExW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
HeapSize
TerminateThread
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetStdHandle
SetConsoleActiveScreenBuffer
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
GetConsoleMode
CreateConsoleScreenBuffer
WriteConsoleInputA
GetStdHandle
WaitForSingleObject
CreateThread
CloseHandle
GetNativeSystemInfo
GetLastError
LocalFree
WideCharToMultiByte
GetCommandLineW
VirtualAllocEx

user32

MapVirtualKeyW
GetKeyState
SetClipboardData
EmptyClipboard
IsWindowVisible
GetClipboardData
OpenClipboard
SendMessageA
GetDoubleClickTime
CharLowerW
GetWindowLongW
GetCursorPos
SystemParametersInfoA
MessageBeep
GetKeyNameTextW
CloseClipboard

gdi32

CreateFontIndirectW
SelectObject
GetTextMetricsW
SaveDC
GetObjectW
DeleteObject
DeleteDC
RestoreDC
GetTextExtentPoint32W
GetCharABCWidthsW
CreateCompatibleDC
GetCharWidth32W

advapi32

OpenProcessToken
RegGetValueA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
GetTokenInformation
OpenThreadToken
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

Exports

Exports

?loader_main_thunk@@YAHXZ

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clink_gold.ico
clink_gray.ico
clink_green.ico
clink_orange.ico
clink_purple.ico
clink_red.ico
clink_x64.exe
.exe windows x64

ffc0b8895345215a5789ac6b9d315849

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:8f:df:9e:0b:42:3c:7e:89:4d:24:b5:76:6b:4b:7c:8d:9c:cd:84:fd:e2:f1:55:73:23:2f:8e:f1:fc:72:95
Signer

Actual PE Digest

dd:8f:df:9e:0b:42:3c:7e:89:4d:24:b5:76:6b:4b:7c:8d:9c:cd:84:fd:e2:f1:55:73:23:2f:8e:f1:fc:72:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
LocalAlloc
ReadConsoleW
WriteConsoleW
ExitProcess

clink_dll_x64

?loader_main_thunk@@YAHXZ

Exports

Exports

testbed_hook_loop

Sections

.text
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
clink_x86.exe
.exe windows x86

b52399ede42d668e12bc7284d727e1ec

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:7a:bb:f2:4c:9f:0d:cf:7d:14:5a:f3:46:4f:29:82:69:ca:0e:3f:ec:55:47:92:c5:85:18:2e:2a:16:ff:51
Signer

Actual PE Digest

59:7a:bb:f2:4c:9f:0d:cf:7d:14:5a:f3:46:4f:29:82:69:ca:0e:3f:ec:55:47:92:c5:85:18:2e:2a:16:ff:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
LocalAlloc
ReadConsoleW
WriteConsoleW
ExitProcess

clink_dll_x86

?loader_main_thunk@@YAHXZ

Exports

Exports

_testbed_hook_loop@0

Sections

.text
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1cf61acd2cecab5ad62461fbc835bb1f

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

92:63:05:c1:ca:70:a7:eb:48:be:83:c1:f2:d7:62:09:98:9f:99:90:56:46:56:5f:b3:b0:a1:b7:67:e8:97:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 468KB - Virtual size: 468KB

.data Size: 31KB - Virtual size: 82KB

.pdata Size: 64KB - Virtual size: 64KB

_RDATA Size: 512B - Virtual size: 252B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 576B

.reloc Size: 11KB - Virtual size: 11KB

657aceca1b3d43221fc276ca1f78dc81

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

98:22:b2:68:60:18:01:99:74:05:5d:34:19:83:ce:3f:ca:2c:6e:12:1e:a3:2f:5a:c8:70:59:4e:2b:20:70:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

92:63:05:c1:ca:70:a7:eb:48:be:83:c1:f2:d7:62:09:98:9f:99:90:56:46:56:5f:b3:b0:a1:b7:67:e8:97:da
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 468KB - Virtual size: 468KB

.data
Size: 31KB - Virtual size: 82KB

.pdata
Size: 64KB - Virtual size: 64KB

_RDATA
Size: 512B - Virtual size: 252B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 11KB - Virtual size: 11KB

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

98:22:b2:68:60:18:01:99:74:05:5d:34:19:83:ce:3f:ca:2c:6e:12:1e:a3:2f:5a:c8:70:59:4e:2b:20:70:69
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 364KB - Virtual size: 364KB

.data
Size: 19KB - Virtual size: 60KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 56KB - Virtual size: 55KB

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

dd:8f:df:9e:0b:42:3c:7e:89:4d:24:b5:76:6b:4b:7c:8d:9c:cd:84:fd:e2:f1:55:73:23:2f:8e:f1:fc:72:95
Signer

.text
Size: 512B - Virtual size: 408B

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 576B

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

59:7a:bb:f2:4c:9f:0d:cf:7d:14:5a:f3:46:4f:29:82:69:ca:0e:3f:ec:55:47:92:c5:85:18:2e:2a:16:ff:51
Signer

.text
Size: 512B - Virtual size: 264B

.rdata
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 40B