Idm_Trail_reset-main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Idm_Trail_reset-main.zip
Size

460KB
MD5

4798da9a32450b4974ca48964e4621a5
SHA1

23972669fd21651be8199d50c262303070febc40
SHA256

fa6b50b89736e8af212ec37352fc6e0f67c94b68512357fcc02cbf5f3d9fac6c
SHA512

125618e2d06b26248f13c8315d48fa32009b720d047cae7bbf112a3921f1c68c74eb3e3d6693e4c2fb307c5bd06247355aa347c6194241b854715a44540da0ed
SSDEEP

12288:6wXp53z33H6dfxdLlrXJqq6dZwpkyNMAi568:TP3M5dLlrXD6TwCySAiE8

Score

1^/10

Malware Config

Signatures

Files

Idm_Trail_reset-main.zip
.zip
Idm_Trail_reset-main/README.md
Idm_Trail_reset-main/src/IDM Trial Reset.au3
Idm_Trail_reset-main/src/IDM.ico
Idm_Trail_reset-main/src/SetACLx32.exe
.exe windows:5 windows x86

b8086f6290816fb617f882601f009ecd

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:a9:04:54:92:bc:c8:64:10:a5:a3:0b:f5:34:1a:e8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/03/2012, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Helge Klein GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Helge Klein GmbH,L=Köln,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:32:ce:44:24:f1:24:42:14:46:e6:3d:4d:bd:07:f9:13:85:74:25
Signer

Actual PE Digest

3a:32:ce:44:24:f1:24:42:14:46:e6:3d:4d:bd:07:f9:13:85:74:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

version

VerQueryValueW

activeds

ord13

kernel32

FindClose
CreateFileW
InterlockedIncrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
GetCommandLineW
HeapSetInformation
RtlUnwind
RaiseException
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
FindFirstFileW
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetLocaleInfoW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
CompareStringW
SetEnvironmentVariableW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
ReadFile
SetEvent
ResetEvent
ReleaseMutex
CreateEventW
CreateMutexW
FindNextFileW
MoveFileExW
WriteFile
SetFilePointerEx
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
WaitForSingleObject
CreateThread
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LocalFree
FormatMessageW
LoadLibraryExW
InterlockedDecrement
LoadLibraryW
GetModuleFileNameW
GetVersionExW
GetComputerNameW
FreeResource
GetUserDefaultLangID
LockResource
LoadResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetCurrentProcess
GetProcAddress
GetLastError
GetModuleHandleW
CreateDirectoryW
GetFileAttributesW
DeleteFileW

user32

LoadStringW

advapi32

LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
MapGenericMask
GetSecurityDescriptorLength
AddAccessAllowedAce
AddAce
InitializeAcl
IsValidAcl
DeleteAce
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetNamedSecurityInfoW
SetSecurityInfo
IsValidSecurityDescriptor
GetNamedSecurityInfoW
GetKernelObjectSecurity
ConvertStringSidToSidW
EqualSid
GetAce
GetAclInformation
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetEntriesInAclW
RegCreateKeyExW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegCloseKey
RegOpenKeyExW
RegConnectRegistryW
RegEnumKeyExW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoQueryProxyBlanket

oleaut32

SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocString
SysFreeString
SysAllocStringByteLen

netapi32

DsGetDcNameW
NetShareSetInfo
NetApiBufferFree
NetDfsGetClientInfo
NetShareGetInfo

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Idm_Trail_reset-main/src/SetACLx64.exe
.exe windows:5 windows x64

8ba0fb5dc3f82d59312179b110e138fe

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:a9:04:54:92:bc:c8:64:10:a5:a3:0b:f5:34:1a:e8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/03/2012, 00:00

Not After

08/03/2013, 23:59

Subject

CN=Helge Klein GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Helge Klein GmbH,L=Köln,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:45:e7:ab:d5:c8:db:4d:53:5d:40:ff:9c:82:1d:91:74:67:c8:49
Signer

Actual PE Digest

d4:45:e7:ab:d5:c8:db:4d:53:5d:40:ff:9c:82:1d:91:74:67:c8:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

GetUserNameExW

version

VerQueryValueW

activeds

ord13

kernel32

CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
GetCommandLineW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FindClose
HeapSetInformation
GetVersion
HeapCreate
GetStdHandle
GetLocaleInfoW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
CompareStringW
SetEnvironmentVariableW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
ReadFile
FindFirstFileW
SetEvent
ResetEvent
ReleaseMutex
CreateEventW
CreateMutexW
FindNextFileW
MoveFileExW
WriteFile
SetFilePointerEx
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
WaitForSingleObject
CreateThread
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LocalFree
FormatMessageW
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
GetVersionExW
GetComputerNameW
FreeResource
GetUserDefaultLangID
LockResource
LoadResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetCurrentProcess
GetProcAddress
GetLastError
GetModuleHandleW
FlsAlloc
CreateDirectoryW
GetFileAttributesW
DeleteFileW

user32

LoadStringW

advapi32

LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
MapGenericMask
GetSecurityDescriptorLength
AddAccessAllowedAce
AddAce
InitializeAcl
IsValidAcl
DeleteAce
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetNamedSecurityInfoW
SetSecurityInfo
IsValidSecurityDescriptor
GetNamedSecurityInfoW
GetKernelObjectSecurity
ConvertStringSidToSidW
EqualSid
GetAce
GetAclInformation
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetEntriesInAclW
RegCreateKeyExW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegCloseKey
RegOpenKeyExW
RegConnectRegistryW
RegEnumKeyExW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoQueryProxyBlanket

oleaut32

SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocString
SysFreeString
SysAllocStringByteLen

netapi32

DsGetDcNameW
NetShareSetInfo
NetApiBufferFree
NetDfsGetClientInfo
NetShareGetInfo

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Idm_Trail_reset-main/src/core.au3
.ps1
Idm_Trail_reset-main/src/idm_reg.reg
Idm_Trail_reset-main/src/idm_reset.reg
Idm_Trail_reset-main/src/idm_trial.reg

Sharing

General

Malware Config

Signatures

Files

b8086f6290816fb617f882601f009ecd

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

27:a9:04:54:92:bc:c8:64:10:a5:a3:0b:f5:34:1a:e8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3a:32:ce:44:24:f1:24:42:14:46:e6:3d:4d:bd:07:f9:13:85:74:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

secur32

version

activeds

kernel32

user32

advapi32

ole32

oleaut32

netapi32

mpr

Sections

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 29KB - Virtual size: 29KB

8ba0fb5dc3f82d59312179b110e138fe

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

27:a9:04:54:92:bc:c8:64:10:a5:a3:0b:f5:34:1a:e8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d4:45:e7:ab:d5:c8:db:4d:53:5d:40:ff:9c:82:1d:91:74:67:c8:49Signer

Headers

DLL Characteristics

File Characteristics

Imports

secur32

version

activeds

kernel32

user32

advapi32

ole32

oleaut32

netapi32

mpr

Sections

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 11KB - Virtual size: 21KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

27:a9:04:54:92:bc:c8:64:10:a5:a3:0b:f5:34:1a:e8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3a:32:ce:44:24:f1:24:42:14:46:e6:3d:4d:bd:07:f9:13:85:74:25
Signer

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 29KB - Virtual size: 29KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

27:a9:04:54:92:bc:c8:64:10:a5:a3:0b:f5:34:1a:e8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d4:45:e7:ab:d5:c8:db:4d:53:5d:40:ff:9c:82:1d:91:74:67:c8:49
Signer

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 11KB - Virtual size: 21KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB