ef6db9011b6a1cabae2f0a3fc66cf290bd1caf7ca1a08565609dab7cd7048c37[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ef6db9011b6a1cabae2f0a3fc66cf290bd1caf7ca1a08565609dab7cd7048c37.zip.zip
Size

1.0MB
MD5

6ac4a0d57bebcbca0376b484508f4cea
SHA1

4e8dd0b3bb505887a632ed1a9524c83a6ca61442
SHA256

ff96b1f49869529fd29952d827dd8b13569fd1410a98664fa9c515a97f74aba2
SHA512

da1086aaf35bd462b1094688c8a4d3cf3d2779502e73f4e67f8b9dabc02ffa78c9016cb9908fea563c4d864d725ca63137f68f4812a595d8c2c2fff1bcdec9d7
SSDEEP

24576:3fpzaNrFmH2cfqDyIpZyXEsKGXSfojN0VNl6a3quOQLql7oLi:3h+pEWXyTXmjfojN0HD34QLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Moo0 SystemMonitor v1.76 Portable/SystemMonitor.exe
unpack002/Moo0 SystemMonitor v1.76 Portable/WinRing0.dll
unpack002/Moo0 SystemMonitor v1.76 Portable/WinRing0x64.dll

Files

ef6db9011b6a1cabae2f0a3fc66cf290bd1caf7ca1a08565609dab7cd7048c37.zip.zip
.zip

Password: infected
ef6db9011b6a1cabae2f0a3fc66cf290bd1caf7ca1a08565609dab7cd7048c37.zip
.zip
Moo0 SystemMonitor v1.76 Portable/SystemMonitor.exe
.exe windows:4 windows x86

80c2fb4048b19c2077a61fdc9234ab9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GlobalFlags
InterlockedIncrement
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
GetFileSize
DuplicateHandle
GetFullPathNameW
lstrlenA
SetErrorMode
GetFileTime
GetStartupInfoW
CreateDirectoryW
GetFileType
RtlUnwind
ExitThread
ExitProcess
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GlobalHandle
TlsFree
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetCurrentDirectoryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GlobalReAlloc
TlsGetValue
DeleteCriticalSection
LocalReAlloc
TlsSetValue
FreeEnvironmentStringsW
TlsAlloc
LocalAlloc
GetProfileIntW
GetModuleHandleA
GlobalSize
MulDiv
GetTickCount
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
CreateEventW
SetEvent
SetEndOfFile
FlushFileBuffers
SetFilePointerEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GlobalMemoryStatusEx
QueryPerformanceFrequency
GetSystemInfo
GetNativeSystemInfo
QueryPerformanceCounter
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
Module32FirstW
GetCurrentThreadId
Process32NextW
OpenProcess
SetFileAttributesW
GetFileInformationByHandle
GetVolumeInformationW
CopyFileW
RemoveDirectoryW
DeleteFileW
VirtualFree
VirtualAlloc
MoveFileExW
SetFileTime
GetDiskFreeSpaceW
FindNextFileW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
SetLastError
LocalFree
FormatMessageW
ExpandEnvironmentStringsW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetTimeZoneInformation
InterlockedDecrement
WriteFile
SetPriorityClass
SetProcessWorkingSetSize
GetCurrentProcessId
GetModuleFileNameW
FindClose
FindFirstFileW
GetFileAttributesW
DeviceIoControl
CreateFileW
HeapFree
GetProcessHeap
HeapAlloc
GetUserDefaultUILanguage
GetVersionExW
GetCurrentProcess
GetModuleHandleW
lstrcpyW
GlobalAddAtomW
GetCPInfoExW
EnumSystemCodePagesW
BeginUpdateResourceW
EnumResourceLanguagesW
FindResourceExW
EnumResourceNamesW
EnumResourceTypesW
FreeResource
EndUpdateResourceW
UpdateResourceW
SuspendThread
SetThreadPriority
GetThreadPriority
ResumeThread
WaitForSingleObject
TerminateThread
CreateThread
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemPowerStatus
GetLocalTime
CloseHandle
Sleep
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStrings
InitializeCriticalSection

user32

MapDialogRect
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
SetActiveWindow
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetScrollPos
GetMenu
GetSubMenu
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetMenuState
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
IntersectRect
GetMonitorInfoW
UnionRect
ScreenToClient
GetDesktopWindow
CopyRect
WindowFromPoint
GetForegroundWindow
EnumDisplayMonitors
MonitorFromRect
GetSystemMetrics
SetRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetParent
GetMenuInfo
EnableWindow
GetClientRect
UnregisterClassA
RegisterClassExW
GetDC
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ReleaseDC
SendMessageTimeoutW
EnumWindows
GetWindowThreadProcessId
EnumDesktopWindows
GetThreadDesktop
CreateIconFromResource
CreateIconFromResourceEx
DrawIconEx
GetIconInfo
IsRectEmpty
PtInRect
RegisterClipboardFormatW
GetCapture
ClientToScreen
wsprintfW
DeleteMenu
InsertMenuW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
GetSysColorBrush
CharUpperW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
CheckMenuItem
AppendMenuW
GetWindowDC
DestroyMenu
InflateRect
LoadBitmapW
SetWindowContextHelpId
ChangeClipboardChain
SetClipboardViewer
DrawMenuBar
DestroyIcon
IsWindow
GetSysColor
SendMessageW
SetMenu
SetCapture
GetWindowRect
PostMessageW
SetCursor
LoadCursorW
OffsetRect
SetWindowLongW
GetWindowLongW
ReleaseCapture
SystemParametersInfoW
SetWindowRgn
ShowWindow
KillTimer
RedrawWindow
SetForegroundWindow
GetCursorPos
IsIconic
SetTimer
IsZoomed
RegisterHotKey
UnregisterHotKey
MessageBoxW
DefWindowProcW
GetAsyncKeyState
UpdateWindow
PostThreadMessageW
InvalidateRect
WaitForInputIdle
SetFocus
ModifyMenuW
EnableMenuItem
CreatePopupMenu
GetMenuItemID
CheckMenuRadioItem
DestroyWindow

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
OffsetViewportOrgEx
ScaleViewportExtEx
GetWindowExtEx
GetViewportExtEx
ExcludeClipRect
SetMapMode
SetStretchBltMode
CreatePen
DeleteObject
SaveDC
CopyMetaFileW
GetClipBox
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
CreateDCW
CreateCompatibleBitmap
EndDoc
EndPage
StartPage
StartDocW
GetDeviceCaps
GetBkColor
GetTextExtentPoint32W
SetBkMode
GetStockObject
SetBkColor
CreateSolidBrush
SetTextColor
CreateFontIndirectW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetPaletteEntries
GetCurrentObject
DeleteDC
SetDIBColorTable
GetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection
StretchBlt
GetStretchBltMode
Ellipse
CombineRgn
CreateRoundRectRgn
CreateRectRgn
GetObjectW
BitBlt
RestoreDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExW
GetUserNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetDesktopFolder
DragAcceptFiles
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
DragFinish
DragQueryFileW
SHGetPathFromIDListW
ord155
ord716
ord162
ord190
ShellExecuteExW
SHChangeNotify
SHGetMalloc

comctl32

InitCommonControlsEx

shlwapi

StrFormatByteSizeW
PathFindExtensionW
PathRemoveExtensionW
PathIsUNCW
PathFindFileNameW
PathStripToRootW

oledlg

OleUIBusyW

ole32

OleDuplicateData
RegisterDragDrop
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoLockObjectExternal
CoTaskMemFree
RevokeDragDrop
OleUninitialize
OleFlushClipboard
OleGetClipboard
DoDragDrop
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleIsCurrentClipboard
CoTaskMemAlloc

oleaut32

SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
SysStringLen
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy

urlmon

URLDownloadToCacheFileW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo
GetIfTable
GetPerAdapterInfo
GetTcpStatistics

psapi

GetProcessImageFileNameW
GetPerformanceInfo

ws2_32

WSACleanup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Moo0 SystemMonitor v1.76 Portable/WinRing0.LICENSE.txt
Moo0 SystemMonitor v1.76 Portable/WinRing0.dll
.dll windows:4 windows x86

e4ff369ee09caa867ad3a47fc753ce7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

advapi32

ChangeServiceConfigA
QueryServiceConfigA
OpenSCManagerA
CloseServiceHandle
CreateServiceA
OpenServiceA
DeleteService
StartServiceA
ControlService

kernel32

ExitProcess
CloseHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThread
SetThreadAffinityMask
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
DeviceIoControl
Sleep
GetModuleFileNameA
CreateFileA
GetVersionExA
GetProcAddress
GetModuleHandleA
FindFirstFileA
FindClose
GetDriveTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

Exports

Exports

Cpuid
CpuidPx
CpuidTx
DeinitializeOls
FindPciDeviceByClass
FindPciDeviceById
GetDllStatus
GetDllVersion
GetDriverType
GetDriverVersion
Hlt
HltPx
HltTx
InitializeOls
IsCpuid
IsMsr
IsTsc
Rdmsr
RdmsrPx
RdmsrTx
Rdpmc
RdpmcPx
RdpmcTx
Rdtsc
RdtscPx
RdtscTx
ReadIoPortByte
ReadIoPortByteEx
ReadIoPortDword
ReadIoPortDwordEx
ReadIoPortWord
ReadIoPortWordEx
ReadPciConfigByte
ReadPciConfigByteEx
ReadPciConfigDword
ReadPciConfigDwordEx
ReadPciConfigWord
ReadPciConfigWordEx
SetPciMaxBusIndex
WriteIoPortByte
WriteIoPortByteEx
WriteIoPortDword
WriteIoPortDwordEx
WriteIoPortWord
WriteIoPortWordEx
WritePciConfigByte
WritePciConfigByteEx
WritePciConfigDword
WritePciConfigDwordEx
WritePciConfigWord
WritePciConfigWordEx
Wrmsr
WrmsrPx
WrmsrTx

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Moo0 SystemMonitor v1.76 Portable/WinRing0.sys
.sys windows:6 windows x86

7cf815757705e26b809574488ed56d0e

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:4d:70:19:94:6d:9d:d3:51:61:50:b4:78:9d:e9:2f:d3:18:70:af
Signer

Actual PE Digest

a0:4d:70:19:94:6d:9d:d3:51:61:50:b4:78:9d:e9:2f:d3:18:70:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IofCompleteRequest
KeTickCount
MmMapIoSpace
READ_REGISTER_BUFFER_ULONG
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_UCHAR
MmUnmapIoSpace
RtlInitUnicodeString
IoDeleteSymbolicLink
IoCreateDevice
IoDeleteDevice
RtlUnwind
KeBugCheckEx

hal

HalGetBusDataByOffset
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalSetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Moo0 SystemMonitor v1.76 Portable/WinRing0x64.dll
.dll windows:4 windows x64

7c1c1d24ee5f4360e2d2d3b17479b9d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessAffinityMask
GetModuleFileNameW
CreateFileW
GetVersionExW
FindFirstFileW
GetProcessAffinityMask
GetDriveTypeW
Sleep
GetCurrentProcess
SetThreadAffinityMask
GetCurrentThread
DeviceIoControl
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
FindClose
GetLastError
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

wsprintfW

advapi32

OpenSCManagerW
QueryServiceConfigW
ControlService
StartServiceW
DeleteService
ChangeServiceConfigW
OpenServiceW
CreateServiceW
CloseServiceHandle

Exports

Exports

Cpuid
CpuidPx
CpuidTx
DeinitializeOls
FindPciDeviceByClass
FindPciDeviceById
GetDllStatus
GetDllVersion
GetDriverType
GetDriverVersion
Hlt
HltPx
HltTx
InitializeOls
IsCpuid
IsMsr
IsTsc
Rdmsr
RdmsrPx
RdmsrTx
Rdpmc
RdpmcPx
RdpmcTx
Rdtsc
RdtscPx
RdtscTx
ReadIoPortByte
ReadIoPortByteEx
ReadIoPortDword
ReadIoPortDwordEx
ReadIoPortWord
ReadIoPortWordEx
ReadPciConfigByte
ReadPciConfigByteEx
ReadPciConfigDword
ReadPciConfigDwordEx
ReadPciConfigWord
ReadPciConfigWordEx
SetPciMaxBusIndex
WriteIoPortByte
WriteIoPortByteEx
WriteIoPortDword
WriteIoPortDwordEx
WriteIoPortWord
WriteIoPortWordEx
WritePciConfigByte
WritePciConfigByteEx
WritePciConfigDword
WritePciConfigDwordEx
WritePciConfigWord
WritePciConfigWordEx
Wrmsr
WrmsrPx
WrmsrTx

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Moo0 SystemMonitor v1.76 Portable/WinRing0x64.sys
.sys windows:6 windows x64

d41fa95d4642dc981f10de36f4dc8cd7

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

Actual PE Digest

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
KeBugCheckEx
IoCreateSymbolicLink
MmUnmapIoSpace
IofCompleteRequest
__C_specific_handler

hal

HalSetBusDataByOffset
HalGetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Moo0 SystemMonitor v1.76 Portable/license.txt
Moo0 SystemMonitor v1.76 Portable/readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

80c2fb4048b19c2077a61fdc9234ab9a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

iphlpapi

psapi

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 292KB - Virtual size: 290KB

.data Size: 36KB - Virtual size: 78KB

.rsrc Size: 668KB - Virtual size: 665KB

e4ff369ee09caa867ad3a47fc753ce7c

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

7cf815757705e26b809574488ed56d0e

Code Sign

01:00:00:00:00:01:15:37:24:21:a8Certificate

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:10:92:eb:82:95Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

a0:4d:70:19:94:6d:9d:d3:51:61:50:b4:78:9d:e9:2f:d3:18:70:afSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 388B

.data Size: 128B - Virtual size: 12B

INIT Size: 768B - Virtual size: 710B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 256B - Virtual size: 188B

7c1c1d24ee5f4360e2d2d3b17479b9d4

Headers

File Characteristics

Imports

kernel32

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 292KB - Virtual size: 290KB

.data
Size: 36KB - Virtual size: 78KB

.rsrc
Size: 668KB - Virtual size: 665KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

a0:4d:70:19:94:6d:9d:d3:51:61:50:b4:78:9d:e9:2f:d3:18:70:af
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 388B

.data
Size: 128B - Virtual size: 12B

INIT
Size: 768B - Virtual size: 710B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 256B - Virtual size: 188B

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 624B

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 380B

.data
Size: 512B - Virtual size: 276B

.pdata
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 546B

.rsrc
Size: 1024B - Virtual size: 960B