DeDRM_tools_7[.]1[.]0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

DeDRM_tools_7.1.0.zip
Size

435KB
MD5

c2c9cf9a7560bba2d225bfa8dc3d570a
SHA1

8800f59454f59caedfaff7de367af3f104f25397
SHA256

d06eb1b7770e67ab88e1ac1546f3c2741f4c3e50d44fed970294f925d01d6b94
SHA512

3debda71eeef81e116372269a43f7f503d851630b0e9c5bd055f24496f6efc949145a3827c7d03336fcf56a21df36ca7ed0d4bed355de2afd5d9f07fbe18c137
SSDEEP

12288:GemdoH2DBWFRfuR/2Hp/z8dsxjStdhBqX/1zc6Mez8:GtoWDBWFRHpgsxKV0bt8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/alfcrypto.dll
unpack002/alfcrypto64.dll

Files

DeDRM_tools_7.1.0.zip
.zip
DeDRM_plugin.zip
.zip
.DS_Store
DeDRM_Adobe Digital Editions Key_Help.htm
.html
DeDRM_Barnes and Noble Key_Help.htm
.html
DeDRM_EInk Kindle Serial Number_Help.htm
DeDRM_Help.htm
.html
DeDRM_Kindle for Android Key_Help.htm
DeDRM_Kindle for Mac and PC Key_Help.htm
.html
DeDRM_Mobipocket PID_Help.htm
.html
DeDRM_eReader Key_Help.htm
.html
__init__.py
.py .sh linux
activitybar.py
adobekey.py
.py .sh linux
aescbc.py
.py .sh linux
alfcrypto.dll
.dll windows x86

12d73dba74165470a1910a457b54e948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCurrentThreadId
DecodePointer
GetCommandLineA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
Sleep
GetLastError
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
HeapSize
CloseHandle
SetStdHandle
CreateFileW

Exports

Exports

AES_cbc_encrypt
AES_set_decrypt_key
PC1
topazCryptoDecrypt
topazCryptoInit

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alfcrypto.py
.py .sh linux
alfcrypto64.dll
.dll windows x64

cd3de9dc67c13b3a02b485a1b854d4b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__iob_func
__mb_cur_max
_amsg_exit
_errno
_exit
_initterm
_lock
_onexit
_unlock
abort
atoi
calloc
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
raise
setlocale
signal
strchr
strerror
strlen
strncmp
wcslen

user32

MessageBoxA

Exports

Exports

AES_cbc_encrypt
AES_set_decrypt_key
PC1
topazCryptoDecrypt
topazCryptoInit

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alfcrypto_src.zip
.zip
androidkindlekey.py
.py .sh linux
argv_utils.py
.py .sh linux
askfolder_ed.py
.py .sh linux
config.py
.py .sh linux
convert2xml.py
.py .sh linux
epubtest.py
.py .sh linux
erdr2pml.py
.py .sh linux
flatxml2html.py
flatxml2svg.py
.py .js
genbook.py
.py .sh linux
ignobleepub.py
.py .sh linux
ignoblekey.py
.sh .vbs linux
ignoblekeyfetch.py
.py .sh linux
ignoblekeygen.py
.py .sh linux
ignoblepdf.py
.py .sh linux
ineptepub.py
.py .sh linux
ineptpdf.py
.py .sh linux
ion.py
.py .sh linux
k4mobidedrm.py
.py .sh linux
kfxdedrm.py
.py .sh linux
kgenpids.py
.py .sh linux
kindlekey.py
.sh .vbs linux
kindlepid.py
.py .sh linux
libalfcrypto.dylib
.macho macos
libalfcrypto32.so
.elf linux x86
libalfcrypto64.so
.elf linux x64
mobidedrm.py
.py .sh linux
openssl_des.py
.py .sh linux
prefs.py
.py .sh linux
pycrypto_des.py
.py .sh linux
python_des.py
.py .sh linux
scriptinterface.py
.py .sh linux
scrolltextwidget.py
.py .sh linux
simpleprefs.py
.py .sh linux
stylexml2css.py
subasyncio.py
.py .sh linux
topazextract.py
.py .sh linux
utilities.py
.py .sh linux
wineutils.py
.py .sh linux
zipfilerugged.py
.py .sh linux
zipfix.py
.py .sh linux
DeDRM_plugin_ReadMe.txt
Obok_plugin.zip
.zip
ReadMe_Overview.txt
obok_plugin_ReadMe.txt

Sharing

General

Malware Config

Signatures

Files

12d73dba74165470a1910a457b54e948

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

cd3de9dc67c13b3a02b485a1b854d4b9

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 10KB - Virtual size: 9KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 4KB

.edata Size: 512B - Virtual size: 181B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 72B

.reloc Size: 512B - Virtual size: 52B

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 10KB - Virtual size: 9KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 181B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 72B

.reloc
Size: 512B - Virtual size: 52B