General

Malware Config

Signatures

Files

• Anti Malware VS Malware Document.zip

  .zip
• New Text Document.exe

  .exe windows:4 windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Windows-KB890830-V5.118.exe

  .exe windows:10 windows x86

  c6dac5bf8dfec8195dc65098f77dcd44

  
  

  Code Sign

  33:00:00:04:10:f2:6e:0e:c6:06:d3:8b:73:00:00:00:00:04:10

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  03-02-2023 00:05

  Not After

  01-02-2024 00:05

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  bf:4d:32:5e:d0:59:c2:19:92:5c:2c:59:e5:46:02:fa:97:98:f6:04:e7:e2:48:74:e8:06:f4:12:69:b1:d8:de

  Signer

  Actual PE Digest

  bf:4d:32:5e:d0:59:c2:19:92:5c:2c:59:e5:46:02:fa:97:98:f6:04:e7:e2:48:74:e8:06:f4:12:69:b1:d8:de

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegDeleteValueW

  RegOpenKeyExW

  RegSetValueExW

  TraceMessage

  RegCreateKeyExW

  RegCloseKey

  EventWriteTransfer

  UnregisterTraceGuids

  RegisterTraceGuidsW

  GetTraceEnableLevel

  GetTraceEnableFlags

  GetTraceLoggerHandle

  GetLengthSid

  AllocateAndInitializeSid

  CopySid

  FreeSid

  CheckTokenMembership

  EventUnregister

  EventRegister

  RegQueryValueExW

  kernel32

  GetModuleFileNameW

  GetExitCodeProcess

  CreateProcessW

  FreeLibrary

  GetProcAddress

  QueryFullProcessImageNameW

  FindResourceW

  LoadResource

  CloseHandle

  Process32FirstW

  LockResource

  Process32NextW

  GetLastError

  Sleep

  CreateToolhelp32Snapshot

  SetLastError

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  IsProcessorFeaturePresent

  GetCurrentThreadId

  HeapFree

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WriteFile

  GetConsoleOutputCP

  GetConsoleMode

  GetFileSizeEx

  SetFilePointerEx

  HeapAlloc

  SetFileAttributesW

  GetFileType

  GetStartupInfoW

  GetTempPathW

  FlsAlloc

  FlsGetValue

  FlsSetValue

  FlsFree

  InitializeCriticalSectionAndSpinCount

  GetSystemTimeAsFileTime

  LoadLibraryExW

  LCMapStringW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetStringTypeW

  MultiByteToWideChar

  ExitProcess

  GetModuleHandleW

  GetModuleHandleExW

  GetProcessHeap

  SetStdHandle

  FlushFileBuffers

  WideCharToMultiByte

  ReadFile

  ReadConsoleW

  CreateFileW

  WriteConsoleW

  SetEndOfFile

  EncodePointer

  DecodePointer

  HeapSize

  HeapReAlloc

  RaiseException

  QueryPerformanceCounter

  GetCurrentProcessId

  InitializeSListHead

  InitializeCriticalSectionEx

  GlobalMemoryStatusEx

  FindNextFileW

  FindClose

  GetFileAttributesW

  OpenProcess

  CreateEventW

  GetSystemDirectoryW

  HeapSetInformation

  VirtualLock

  WaitForSingleObject

  TerminateProcess

  DeviceIoControl

  GetVolumeInformationW

  SizeofResource

  GetNativeSystemInfo

  GetStdHandle

  FindFirstFileExW

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  rpcrt4

  UuidCreate

  ntdll

  RtlGetVersion

  RtlNtStatusToDosError

  NtSetInformationFile

  RtlUnwind

  wintrust

  WTHelperProvDataFromStateData

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  crypt32

  CertVerifyCertificateChainPolicy

  Sections

  .text

  Size: 170KB - Virtual size: 170KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 57.6MB - Virtual size: 57.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Windows-KB890830-x64-V5.118.exe

  .exe windows:10 windows x64

  8a95c1db7dbc1b4ecb1c7a0ce0936055

  
  

  Code Sign

  33:00:00:04:10:f2:6e:0e:c6:06:d3:8b:73:00:00:00:00:04:10

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  03-02-2023 00:05

  Not After

  01-02-2024 00:05

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3e:d8:71:d9:78:3a:f7:bb:2e:25:29:41:db:e3:40:05:ce:24:18:c7:f6:91:77:8d:92:1b:d5:a7:7a:6c:78:f0

  Signer

  Actual PE Digest

  3e:d8:71:d9:78:3a:f7:bb:2e:25:29:41:db:e3:40:05:ce:24:18:c7:f6:91:77:8d:92:1b:d5:a7:7a:6c:78:f0

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  advapi32

  RegDeleteValueW

  RegOpenKeyExW

  RegSetValueExW

  TraceMessage

  RegCreateKeyExW

  RegCloseKey

  EventWriteTransfer

  UnregisterTraceGuids

  RegisterTraceGuidsW

  GetTraceEnableLevel

  GetTraceEnableFlags

  GetTraceLoggerHandle

  AllocateAndInitializeSid

  CopySid

  FreeSid

  CheckTokenMembership

  GetLengthSid

  EventUnregister

  EventRegister

  RegQueryValueExW

  kernel32

  GetModuleFileNameW

  GetExitCodeProcess

  CreateProcessW

  FreeLibrary

  GetProcAddress

  QueryFullProcessImageNameW

  FindResourceW

  LoadResource

  CloseHandle

  Process32FirstW

  LockResource

  Process32NextW

  GetLastError

  Sleep

  CreateToolhelp32Snapshot

  SetLastError

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  IsProcessorFeaturePresent

  GetCurrentThreadId

  HeapFree

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WriteFile

  GetConsoleOutputCP

  GetConsoleMode

  SetFileAttributesW

  SetFilePointerEx

  HeapAlloc

  GetStdHandle

  GetFileType

  GetStartupInfoW

  GetTempPathW

  FlsAlloc

  FlsGetValue

  FlsSetValue

  FlsFree

  InitializeCriticalSectionAndSpinCount

  GetSystemTimeAsFileTime

  LoadLibraryExW

  LCMapStringW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetStringTypeW

  MultiByteToWideChar

  ExitProcess

  GetModuleHandleW

  GetModuleHandleExW

  GetProcessHeap

  SetStdHandle

  FlushFileBuffers

  WideCharToMultiByte

  ReadFile

  ReadConsoleW

  CreateFileW

  WriteConsoleW

  SetEndOfFile

  HeapSize

  HeapReAlloc

  RaiseException

  QueryPerformanceCounter

  GetCurrentProcessId

  InitializeSListHead

  EncodePointer

  InitializeCriticalSectionEx

  GlobalMemoryStatusEx

  FindNextFileW

  FindClose

  GetFileAttributesW

  OpenProcess

  CreateEventW

  GetSystemDirectoryW

  HeapSetInformation

  VirtualLock

  WaitForSingleObject

  TerminateProcess

  DeviceIoControl

  GetVolumeInformationW

  SizeofResource

  GetNativeSystemInfo

  GetFileSizeEx

  FindFirstFileExW

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  DecodePointer

  rpcrt4

  UuidCreate

  ntdll

  RtlGetVersion

  NtSetInformationFile

  RtlPcToFileHeader

  RtlUnwind

  RtlUnwindEx

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  RtlNtStatusToDosError

  wintrust

  WTHelperProvDataFromStateData

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  crypt32

  CertVerifyCertificateChainPolicy

  Sections

  .text

  Size: 156KB - Virtual size: 152KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 68KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 12KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 58.7MB - Virtual size: 58.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• rkill.exe

  .exe windows:5 windows x86

  136bea86936e01e1f983ef31dafa8b2a

  
  

  Code Sign

  04:00:00:00:00:01:31:89:c6:37:e8

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  02-08-2011 10:00

  Not After

  02-08-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:cf:f5:a4:ba:6c:c1:7d:76:0a:64:5b:e4:4b:65:ee:0b

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  26-01-2015 18:10

  Not After

  10-03-2018 20:39

  Subject

  CN=Bleeping Computer\, LLC.,O=Bleeping Computer\, LLC.,L=Huntington Station,ST=New York,C=US,1.2.840.113549.1.9.1=#0c196365727440626c656570696e67636f6d70757465722e636f6d

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  a1:18:64:ea:b4:3a:76:54:63:5e:ac:c3:99:af:cf:f2:5d:e8:76:70:86:c8:2b:a9:a7:0f:41:72:de:9b:ed:05

  Signer

  Actual PE Digest

  a1:18:64:ea:b4:3a:76:54:63:5e:ac:c3:99:af:cf:f2:5d:e8:76:70:86:c8:2b:a9:a7:0f:41:72:de:9b:ed:05

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LockResource

  SizeofResource

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetShortPathNameW

  SetLastError

  GetFileAttributesW

  SetFileAttributesW

  LoadResource

  LocalFree

  GetProcessHeap

  SetEndOfFile

  CreateProcessA

  GetExitCodeProcess

  FindResourceW

  GetEnvironmentVariableW

  CreateDirectoryW

  Sleep

  Process32NextW

  TerminateProcess

  OpenProcess

  Process32FirstW

  CreateToolhelp32Snapshot

  WaitForSingleObject

  CreateProcessW

  GetTickCount

  lstrlenW

  GetLastError

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  CloseHandle

  DeviceIoControl

  CreateFileW

  FindClose

  FindNextFileW

  FindFirstFileW

  GetCurrentProcessId

  GetNativeSystemInfo

  GetCurrentProcess

  GetVersionExW

  WriteConsoleW

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  HeapSize

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetFileAttributesA

  SetStdHandle

  LoadLibraryW

  SetEnvironmentVariableA

  GetTimeZoneInformation

  FlushFileBuffers

  InterlockedIncrement

  InterlockedDecrement

  WideCharToMultiByte

  InterlockedCompareExchange

  InterlockedExchange

  MultiByteToWideChar

  GetStringTypeW

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  EncodePointer

  DecodePointer

  GetLocaleInfoW

  HeapFree

  GetCPInfo

  HeapAlloc

  GetSystemTimeAsFileTime

  GetProcAddress

  GetModuleHandleW

  ExitProcess

  DeleteFileW

  GetTimeFormatW

  GetDateFormatW

  HeapReAlloc

  GetCommandLineW

  HeapSetInformation

  RaiseException

  RtlUnwind

  LCMapStringW

  CompareStringW

  GetTimeFormatA

  GetDateFormatA

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  HeapCreate

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetCurrentThreadId

  SetHandleCount

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  GetFileType

  GetStartupInfoW

  GetACP

  GetOEMCP

  IsValidCodePage

  ReadFile

  WriteFile

  GetModuleFileNameW

  GetConsoleCP

  GetConsoleMode

  SetFilePointer

  user32

  MessageBoxW

  GetSystemMetrics

  advapi32

  AllocateAndInitializeSid

  SetNamedSecurityInfoW

  SetEntriesInAclW

  GetNamedSecurityInfoW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  ControlService

  QueryServiceStatus

  RegDeleteValueW

  RegSetValueExW

  RegCreateKeyExW

  RegDeleteKeyW

  RegEnumValueW

  CloseServiceHandle

  OpenServiceW

  OpenSCManagerW

  RegCloseKey

  RegQueryValueExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegOpenKeyExW

  FreeSid

  shell32

  SHGetFolderPathW

  psapi

  GetModuleFileNameExW

  EnumProcessModules

  shlwapi

  StrStrIW

  wintrust

  CryptCATAdminReleaseCatalogContext

  CryptCATAdminAcquireContext

  CryptCATAdminReleaseContext

  CryptCATAdminCalcHashFromFileHandle

  WinVerifyTrust

  CryptCATAdminEnumCatalogFromHash

  CryptCATCatalogInfoFromContext

  Sections

  .text

  Size: 438KB - Virtual size: 437KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 155KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 19KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ