Extracted

Extracted

• 11605881355.zip

  .zip

  Password: infected

• 39289d15b69d40f7ffce282503aa03276625ff2f18766eafb379a55ac906a7b0

  .dll windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Sections

  .text

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 604B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: 1024B - Virtual size: 735B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 29KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• 78f6f94aaa72e41d64e4dc309a3553399db2b4cd0edae5653ca4b6e7839e1215

  .dll windows x64

  689ff199fb7bbb786a1b91371ee279cc

  
  

  Code Sign

  72:2a:66:67:75:dc:48:0e:a2:b8:41:41:3d:7b:87:65

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  27/03/2019, 00:00

  Not After

  03/04/2022, 23:59

  Subject

  CN=Ubisoft Entertainment Sweden AB,O=Ubisoft Entertainment Sweden AB,L=Malmo,ST=Skåne,C=SE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10/12/2013, 00:00

  Not After

  09/12/2023, 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22/10/2014, 00:00

  Not After

  22/10/2024, 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10/11/2006, 00:00

  Not After

  10/11/2021, 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  9d:a2:f4:0c:e3:a0:c3:51:0d:1c:d4:cc:09:7c:d3:03:d6:79:37:95:f1:ab:49:8b:a1:78:a3:ed:66:5b:1a:f6

  Signer

  Actual PE Digest

  9d:a2:f4:0c:e3:a0:c3:51:0d:1c:d4:cc:09:7c:d3:03:d6:79:37:95:f1:ab:49:8b:a1:78:a3:ed:66:5b:1a:f6

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  iphlpapi

  GetAdaptersAddresses

  shell32

  SHBrowseForFolderW

  ord190

  SHCreateItemFromParsingName

  ShellExecuteW

  SHGetFolderPathW

  ord155

  SHOpenFolderAndSelectItems

  SHGetPathFromIDListW

  CommandLineToArgvW

  ShellExecuteExW

  propsys

  PSGetPropertyKeyFromName

  winhttp

  WinHttpGetProxyForUrl

  WinHttpGetIEProxyConfigForCurrentUser

  WinHttpCloseHandle

  WinHttpOpen

  rpcrt4

  UuidCreate

  RpcStringFreeA

  UuidToStringA

  d3d9

  Direct3DCreate9

  advapi32

  RegEnumKeyExW

  RegOpenKeyExA

  RegQueryValueExA

  OpenProcessToken

  SetNamedSecurityInfoW

  GetNamedSecurityInfoW

  GetExplicitEntriesFromAclW

  SetEntriesInAclW

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegCreateKeyW

  GetTokenInformation

  EqualSid

  AllocateAndInitializeSid

  user32

  GetLastInputInfo

  GetForegroundWindow

  GetWindowThreadProcessId

  SetClipboardData

  CloseClipboard

  OpenClipboard

  SendMessageW

  AllowSetForegroundWindow

  MessageBoxW

  GetMonitorInfoW

  EnumDisplayMonitors

  SetProcessDPIAware

  PostMessageW

  SetWindowPos

  GetWindowRect

  GetParent

  MonitorFromPoint

  GetWindowInfo

  GetSystemMetrics

  GetClipboardData

  EmptyClipboard

  kernel32

  GetStdHandle

  FlushFileBuffers

  GetACP

  HeapReAlloc

  SetStdHandle

  GetDateFormatW

  GetTimeFormatW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  SetConsoleCtrlHandler

  WriteConsoleW

  FindFirstFileExA

  FindFirstFileExW

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetProcessHeap

  HeapSize

  HeapFree

  GetModuleFileNameA

  GetConsoleCP

  ReadConsoleW

  GetConsoleMode

  GetFileAttributesExW

  GetModuleHandleExW

  ResumeThread

  ExitThread

  SystemTimeToTzSpecificLocalTime

  GetFileType

  GetFileInformationByHandle

  GetCurrentDirectoryA

  SetCurrentDirectoryW

  SetCurrentDirectoryA

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  GetFullPathNameA

  GetDriveTypeW

  RtlUnwindEx

  LoadLibraryW

  UnregisterWaitEx

  Sleep

  GetCommandLineW

  GetCurrentDirectoryW

  GetCurrentProcessId

  OpenProcess

  GetModuleFileNameW

  LocalFree

  CloseHandle

  GetLastError

  WaitForSingleObject

  TerminateProcess

  GetExitCodeProcess

  RtlCaptureStackBackTrace

  GetProcessId

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  CreateDirectoryW

  CreateFileW

  DeleteFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileAttributesW

  GetFileSizeEx

  GetFileTime

  GetFullPathNameW

  GetTempFileNameW

  GetVolumePathNameW

  RemoveDirectoryW

  SetEndOfFile

  SetFileAttributesW

  SetFilePointerEx

  SetFileTime

  SetErrorMode

  CopyFileW

  MoveFileExW

  OutputDebugStringA

  GetEnvironmentVariableW

  GetDiskFreeSpaceExW

  GetVolumeNameForVolumeMountPointW

  GetCurrentProcess

  ExitProcess

  GetSystemInfo

  GetTickCount

  GetVersionExW

  GetNativeSystemInfo

  GetPhysicallyInstalledSystemMemory

  GetModuleHandleA

  GetModuleHandleW

  GetProcAddress

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalFree

  GetComputerNameA

  FileTimeToSystemTime

  SystemTimeToFileTime

  GetTimeZoneInformation

  GetLocaleInfoW

  GetUserDefaultUILanguage

  SetEvent

  ResetEvent

  WaitForMultipleObjectsEx

  CreateEventW

  GetTempPathW

  CreateThread

  GetCurrentThreadId

  RaiseException

  SuspendThread

  ReadFile

  WriteFile

  PeekNamedPipe

  GetOverlappedResult

  GetSystemTimeAsFileTime

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  TryEnterCriticalSection

  DeleteCriticalSection

  MultiByteToWideChar

  WideCharToMultiByte

  SetLastError

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  ReleaseSemaphore

  SetProcessAffinityMask

  HeapAlloc

  CreateProcessW

  FormatMessageW

  DuplicateHandle

  WaitForSingleObjectEx

  SwitchToThread

  GetCurrentThread

  GetExitCodeThread

  RtlPcToFileHeader

  EncodePointer

  DecodePointer

  GetStringTypeW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetCPInfo

  QueryPerformanceCounter

  QueryPerformanceFrequency

  CompareStringW

  LCMapStringW

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  InitializeSListHead

  CreateTimerQueue

  SignalObjectAndWait

  SetThreadPriority

  GetThreadPriority

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  OutputDebugStringW

  GetThreadTimes

  FreeLibrary

  FreeLibraryAndExitThread

  LoadLibraryExW

  VirtualAlloc

  VirtualProtect

  VirtualFree

  RtlUnwind

  ole32

  CoInitializeEx

  CoCreateInstance

  CoInitialize

  CoUninitialize

  comdlg32

  GetSaveFileNameW

  Exports

  Exports

  ??0OrbitSession@orbitdll@mg@@QEAA@XZ

  ??1OrbitSession@orbitdll@mg@@QEAA@XZ

  ?CheckUpdate@OrbitSession@orbitdll@mg@@QEAAHXZ

  ?Close@SavegameReader@orbitdll@mg@@QEAAXXZ

  ?Close@SavegameWriter@orbitdll@mg@@QEAAX_N@Z

  ?GetLocText@OrbitSession@orbitdll@mg@@QEAAPEBGPEBGPEBD@Z

  ?GetLoginDetails@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetLoginDetailsListener@23@@Z

  ?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ

  ?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetNetworkTrafficListener@23@@Z

  ?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z

  ?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QEAAIXZ

  ?GetSavegameId@SavegameInfo@orbitdll@mg@@QEAAIXZ

  ?GetSavegameList@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameListListener@23@I@Z

  ?GetSavegameReader@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameReaderListener@23@II@Z

  ?GetSavegameWriter@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameWriterListener@23@II_N@Z

  ?GetSize@SavegameInfo@orbitdll@mg@@QEAAIXZ

  ?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ

  ?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z

  ?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z

  ?SetName@SavegameWriter@orbitdll@mg@@QEAA_NPEAG@Z

  ?StartLauncher@OrbitSession@orbitdll@mg@@QEAA_NIIPEBD0@Z

  ?StartProcess@OrbitSession@orbitdll@mg@@QEAAXPEBG00@Z

  ?Update@OrbitSession@orbitdll@mg@@QEAAXXZ

  ?Write@SavegameWriter@orbitdll@mg@@QEAAXIPEAVISavegameWriteListener@23@PEAXI@Z

  MgOrbitdllCheckUpdate

  MgOrbitdllGetFakeSession

  MgOrbitdllGetLocText

  MgOrbitdllGetLoginDetails

  MgOrbitdllGetNetworkTraffic

  MgOrbitdllGetOrbitServer

  MgOrbitdllGetRequestUniqueId

  MgOrbitdllGetSavegameList

  MgOrbitdllGetSavegameReader

  MgOrbitdllGetSavegameWriter

  MgOrbitdllGetSession

  MgOrbitdllRemoveSavegame

  MgOrbitdllSaveGameInfoGetName

  MgOrbitdllSaveGameInfoGetProductId

  MgOrbitdllSaveGameInfoGetSavegameId

  MgOrbitdllSaveGameInfoGetSize

  MgOrbitdllSaveGameReaderClose

  MgOrbitdllSaveGameReaderRead

  MgOrbitdllSaveGameWriterClose

  MgOrbitdllSaveGameWriterSetName

  MgOrbitdllSaveGameWriterWrite

  MgOrbitdllStartLauncher

  MgOrbitdllStartProcess

  MgOrbitdllUpdate

  Sections

  .text

  Size: 2.7MB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 717KB - Virtual size: 716KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 36KB - Virtual size: 71KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 170KB - Virtual size: 169KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ