7pe_x86_E[.]iso

Sharing

Copy URL Twitter E-mail

General

Target

7pe_x86_E.iso
Size

287.2MB
MD5

e3db90b64a2f3e9a95bc512368611c16
SHA1

36c50f65d442d1288eba78dce350405260d50ff0
SHA256

88ec7d7572f591bb637bf5ee14203cb41d3a9d4e126beb79d60e25984339d691
SHA512

814639cd01112563e310ee2e9f776be70667f629877d7e2a97c79bd89ba11d4d03577dfeb3a75abdf09620e08c1f69da2a88f640a7916fc8dbc7dec75223d7de
SSDEEP

6291456:V+K1Fz7MSwbdjYvL72ev59SkGR1Az+xd1YrQTipno:EA8YvL5+5kzOd1o/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BOOT/BOOTSECT.EXE
unpack001/BOOT/EN-US/BOOTSECT.EXE.MUI

Files

7pe_x86_E.iso
.iso

Password: milky
BOOT/BCD
BOOT/BOOT.SDI
BOOT/BOOTFIXX.BIN
BOOT/BOOTSECT.EXE
.exe windows x86

Password: milky

11ee6a8ad6acd010c04212b386d12fef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
LocalFree
FormatMessageW
GetModuleFileNameW
ReadFile
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WriteFile
GetLastError
QueryDosDeviceW
FindResourceExW
LoadResource
SetLastError
LoadLibraryExW
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
GetVersionExW
GetLocaleInfoW
FreeLibrary
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
UnhandledExceptionFilter

msvcrt

exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
malloc
_XcptFilter
iswctype
?terminate@@YAXXZ
_controlfp
calloc
isdigit
mbtowc
isleadbyte
isxdigit
localeconv
_snprintf
_itoa
wctomb
ferror
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
wcsstr
bsearch
wcsncmp
_exit
_cexit
__getmainargs
_iob
__mb_cur_max
_wcslwr
_errno
iswxdigit
memset
printf
_vsnwprintf
_stricmp
isalpha
_wcsnicmp
_wcsicmp
memcpy
free

ntdll

RtlUnwind
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtResetEvent
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenFile
NtClose
NtFsControlFile
NtQueryVolumeInformationFile
NtQuerySystemInformation
NtOpenKey
NtQueryValueKey

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BOOT/EN-US/BOOTMGR.EXE.MUI
.dll windows x86

Password: milky

Code Sign

61:04:ca:69:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2007, 22:03

Not After

05/06/2012, 22:13

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher DSE ESN:A5B0-CDE0-DC94,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:01:c6:c1:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 20:39

Not After

22/01/2010, 20:49

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

48:d5:ee:0c:71:9d:c1:a0:80:48:6b:47:38:fe:e8:c4:16:4f:e6:a6
Signer

Actual PE Digest

48:d5:ee:0c:71:9d:c1:a0:80:48:6b:47:38:fe:e8:c4:16:4f:e6:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BOOT/EN-US/BOOTSECT.EXE.MUI
.dll windows x86

Password: milky

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BOOT/ETFSBOOT.COM
BOOT/FONTS/CHS_BOOT.TTF
BOOT/FONTS/CHT_BOOT.TTF
BOOT/FONTS/JPN_BOOT.TTF
BOOT/FONTS/KOR_BOOT.TTF
BOOT/FONTS/WGL4_BOOT.TTF
BOOT/MEMTEST.EXE
.exe windows x86

Password: milky

Code Sign

61:04:ca:69:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2007, 22:03

Not After

05/06/2012, 22:13

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher DSE ESN:A5B0-CDE0-DC94,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:01:c6:c1:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 20:39

Not After

22/01/2010, 20:49

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

7e:f9:86:03:f1:c8:85:be:7e:3f:72:7d:a1:cb:72:2d:52:e8:62:0c
Signer

Actual PE Digest

7e:f9:86:03:f1:c8:85:be:7e:3f:72:7d:a1:cb:72:2d:52:e8:62:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGER32R
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BOOTMGR
SOURCES/BOOT.WIM
[BOOT]/Boot-NoEmul.img

Sharing

General

Malware Config

Signatures

Files

Password: milky

Password: milky

11ee6a8ad6acd010c04212b386d12fef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 22KB - Virtual size: 26KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 3KB

Password: milky

Code Sign

61:04:ca:69:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:01:c6:c1:00:00:00:00:00:07Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

48:d5:ee:0c:71:9d:c1:a0:80:48:6b:47:38:fe:e8:c4:16:4f:e6:a6Signer

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 75KB - Virtual size: 76KB

Password: milky

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 15KB - Virtual size: 16KB

Password: milky

Code Sign

61:04:ca:69:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:01:c6:c1:00:00:00:00:00:07Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

7e:f9:86:03:f1:c8:85:be:7e:3f:72:7d:a1:cb:72:2d:52:e8:62:0cSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 317KB - Virtual size: 316KB

PAGER32C Size: 34KB - Virtual size: 33KB

PAGE Size: 2KB - Virtual size: 1KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 538KB

PAGER32R Size: 1024B - Virtual size: 896B

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 22KB - Virtual size: 26KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 3KB

61:04:ca:69:00:00:00:00:00:08
Certificate

61:01:c6:c1:00:00:00:00:00:07
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

48:d5:ee:0c:71:9d:c1:a0:80:48:6b:47:38:fe:e8:c4:16:4f:e6:a6
Signer

.rsrc
Size: 75KB - Virtual size: 76KB

.rsrc
Size: 15KB - Virtual size: 16KB

61:04:ca:69:00:00:00:00:00:08
Certificate

61:01:c6:c1:00:00:00:00:00:07
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

7e:f9:86:03:f1:c8:85:be:7e:3f:72:7d:a1:cb:72:2d:52:e8:62:0c
Signer

.text
Size: 317KB - Virtual size: 316KB

PAGER32C
Size: 34KB - Virtual size: 33KB

PAGE
Size: 2KB - Virtual size: 1KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 538KB

PAGER32R
Size: 1024B - Virtual size: 896B

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 15KB - Virtual size: 15KB