ff5ce165cdf762bd88c1100c12eb44581e1c4ac963eab36dbcd7f117ee790607[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ff5ce165cdf762bd88c1100c12eb44581e1c4ac963eab36dbcd7f117ee790607.zip.zip
Size

9.1MB
MD5

f16341841f79003973c71dd22957fff1
SHA1

2675e5a303e184a4822369b747dc825d1fb8b93a
SHA256

706c0c3fedc159ac6a148cef4c796057201968f58ac2e9029b80e6b91a4928f3
SHA512

ce83fd427bdd31aa6a9f42a94a675ee8f43e0a174bfe9c77f19cde60f2992eec270a80c08db72a4bc022a97f7fd3165ddfc7ad6b6f3924b8a58a6f94eed02950
SSDEEP

196608:RWIznOAgnYohKXL6z7mEZqe8hXWFs3sP1/1Wnz7ntcoPCdh27KLSW5:RjzBgYOKb6/pZehXWFs3sP1/Y3tgd47i

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/CEffect.dll
unpack002/MHPClient.dll
unpack002/Main.dll
unpack002/MemRelease.dll
unpack002/Xor_Plus/Settings/tga.bmd

Files

ff5ce165cdf762bd88c1100c12eb44581e1c4ac963eab36dbcd7f117ee790607.zip.zip
.zip

Password: infected
ff5ce165cdf762bd88c1100c12eb44581e1c4ac963eab36dbcd7f117ee790607.zip
.zip
CEffect.dll
.dll windows:5 windows x86

6163e83295dc5a7d0298da8c3c8530af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
VirtualProtect
CloseHandle
CreateFileA
GetPrivateProfileIntA
GetFileSize
ReadFile
GetLastError
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
LoadLibraryW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
WriteFile
GetConsoleCP
GetConsoleMode
IsProcessorFeaturePresent
SetFilePointer
FlushFileBuffers
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetProcessHeap

user32

MessageBoxA

winmm

timeGetTime

opengl32

glColor4f
glPopMatrix
glClear
glLoadIdentity
glPushMatrix
glMatrixMode
glColor3fv
glColor3f

Exports

Exports

EntryProc

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Custom/Interface/Rank01.OZT
Data/Custom/Interface/Rank02.OZT
Data/Custom/Interface/Rank03.OZT
Data/Custom/Interface/Rank04.OZT
Data/Custom/Interface/Rank05.OZT
Data/Custom/Interface/Rank06.OZT
Data/Custom/Interface/Rank07.OZT
Data/Custom/Interface/Rank08.OZT
Data/Custom/Interface/Rank09.OZT
Data/Custom/Interface/Rank10.OZT
Data/Custom/Interface/Rank11.OZT
Data/Custom/Interface/Rank12.OZT
Data/Custom/Interface/Rank13.OZT
Data/Custom/Interface/Rank14.OZT
Data/Custom/Interface/Rank15.OZT
Data/Custom/Interface/Rank16.OZT
Data/Custom/Interface/Rank17.OZT
Data/Custom/Interface/Rank18.OZT
Data/Custom/Interface/Rank19.OZT
Data/Custom/Interface/Rank20.OZT
Data/Custom/Interface/Rank21.OZT
Data/Custom/Interface/Rank22.OZT
Data/Custom/Monster/BOSS.bmd
Data/Custom/Monster/BossNHT33_infame53H.ozt
Data/Custom/Monster/Brokais.bmd
Data/Custom/Monster/Brokais.jpg
.jpg
Data/Custom/Monster/Brokais.ozj
.jpg
Data/Custom/Monster/Brokais.smd
Data/Custom/Monster/Brokais_001.smd
Data/Custom/Monster/Brokais_002.smd
Data/Custom/Monster/Brokais_003.smd
Data/Custom/Monster/Brokais_004.smd
Data/Custom/Monster/Brokais_005.smd
Data/Custom/Monster/Brokais_006.smd
Data/Custom/Monster/Brokais_007.smd
Data/Custom/Monster/Fafurion_t00_ori.ozt
Data/Custom/Monster/Fafurion_t01_ori.ozt
Data/Custom/Monster/Fafurion_t02_ori.ozt
Data/Custom/Monster/Fafurion_t03_ori.ozt
Data/Custom/Monster/OZ_Mntr_Icarus_A.ozt
Data/Custom/Monster/OZ_Mntr_Icarus_D.ozj
Data/Custom/Monster/OZ_Mntr_Icarus_D2.ozj
Data/Custom/Monster/belphegor.bmd
Data/InGameShopScript/512.2011.006/IBSCategory.txt
Data/InGameShopScript/512.2011.006/IBSPackage.txt
Data/InGameShopScript/512.2011.006/IBSProduct.txt
Data/Local/Eng/ItemLevelTooltip_eng.bmd
Data/Local/Eng/ItemTooltipText_eng.bmd
Data/Local/Eng/ItemTooltip_eng.bmd
Data/Local/Eng/MasterSkillTooltip_eng.bmd
Data/Local/Eng/MasterSkillTreeData_eng.bmd
Data/Local/Eng/MasterSkillTree_eng.bmd
Data/Local/Eng/Mix_eng.bmd
Data/Local/Eng/item_eng.bmd
Data/Local/Eng/movereq_eng.bmd
Data/Local/Eng/text_eng.bmd
Data/Local/Mix.bmd
Data/Local/Por/ItemLevelTooltip_por.bmd
Data/Local/Por/ItemTooltipText_por.bmd
Data/Local/Por/ItemTooltip_por.bmd
Data/Local/Por/MasterSkillTooltip_por.bmd
Data/Local/Por/MasterSkillTreeData_por.bmd
Data/Local/Por/MasterSkillTree_por.bmd
Data/Local/Por/Mix_por.bmd
Data/Local/Por/item_por.bmd
Data/Local/Por/movereq_por.bmd
Data/Local/Por/text_por.bmd
Data/Local/Spn/ItemLevelTooltip_spn.bmd
Data/Local/Spn/ItemTooltipText_spn.bmd
Data/Local/Spn/ItemTooltip_spn.bmd
Data/Local/Spn/MasterSkillTooltip_spn.bmd
Data/Local/Spn/MasterSkillTreeData_spn.bmd
Data/Local/Spn/MasterSkillTree_spn.bmd
Data/Local/Spn/Mix_spn.bmd
Data/Local/Spn/item_spn.bmd
Data/Local/Spn/movereq_spn.bmd
Data/Local/Spn/text_spn.bmd
Data/Local/item.bmd
Data/Local/movereq.bmd
Data/Skill/musign.bmd
Data/Skill/musign.ozj
MHPClient.dll
.dll windows:5 windows x86

ad471dc4a1dffd58951574c13702c0f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
WaitForMultipleObjects
UnmapViewOfFile
CreateFileW
GetFileInformationByHandle
CreateFileMappingA
MapViewOfFile
SetFilePointer
CreateDirectoryA
GetLocalTime
GetFullPathNameA
GetCurrentProcessId
CreateMutexA
OpenMutexA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
GetCurrentThreadId
VirtualQuery
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
LoadLibraryA
GetVersionExA
GlobalMemoryStatusEx
GetModuleHandleA
GetLastError
GetCurrentProcess
TryEnterCriticalSection
TerminateProcess
VirtualProtect
Sleep
GetLogicalDriveStringsW
QueryDosDeviceW
SetEvent
CreateEventA
InterlockedCompareExchange
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
SetLastError
GetProcAddress
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
DecodePointer
EncodePointer
OpenProcess
GetTickCount
DeleteFileA
WriteFile
ReadFile
GetFileSize
CreateFileA
GetCurrentThread
OpenFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
TerminateThread
DeviceIoControl
CreateThread

user32

wsprintfW
wsprintfA
GetForegroundWindow
SetWindowsHookExA
GetMessageA
TranslateMessage
DispatchMessageA
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcA
PostQuitMessage
BeginPaint
GetClientRect
EndPaint
LoadImageA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
ShowWindow
GetWindowThreadProcessId
FindWindowExA
GetWindowLongA
SetWindowLongA
UnregisterClassA
SendMessageA
UpdateWindow

gdi32

GetObjectA
GetStockObject
TextOutA
SetTextColor
SetBkMode
CreateFontA
DeleteDC
BitBlt
DeleteObject
CreateCompatibleDC
SelectObject

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

socket
WSACreateEvent
htons
inet_addr
gethostbyname
connect
WSAGetLastError
WSAEventSelect
closesocket
WSACloseEvent
recv
send
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
getpeername
ntohs
WSAStartup

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA
GetModuleInformation
GetProcessImageFileNameW

shlwapi

PathRemoveFileSpecW
SHDeleteKeyA

dbghelp

ImageRvaToSection

msvcr100

_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
memset
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_CxxThrowException
memcpy
__CxxFrameHandler3
_amsg_exit
wcscpy_s
_stricmp
vsprintf_s
strcpy_s
wcsstr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??_V@YAXPAX@Z
rand
memmove
??3@YAXPAX@Z
_wfopen_s
free
fread
fclose
malloc
fopen_s

Exports

Exports

EntryProc

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 995KB - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Main.dll
.dll windows:5 windows x86

2f2e13ad551f4bf0ebfaf92a9de20fae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
CreateMutexA
OpenMutexA
ReadFile
GetFileSize
CreateThread
VirtualProtect
SetThreadPriority
SetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
ExitProcess
lstrlenA
CreateFileA
GetCurrentThread
GetCurrentThreadId
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
DecodePointer
EncodePointer
SetLastError
VirtualQuery
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
InterlockedCompareExchange
WideCharToMultiByte
CloseHandle
GetTickCount
IsProcessorFeaturePresent

user32

LoadIconA
wsprintfA
GetKeyState
GetSystemMetrics
GetWindowTextW
SetWindowsHookExA
LoadImageA
UpdateWindow
ShowWindow
IsWindowVisible
SendMessageA
FindWindowA
SetWindowLongA
SetWindowTextA
MessageBoxA
GetDC
CallWindowProcA
CallNextHookEx
GetForegroundWindow

gdi32

GetTextExtentPoint32A
SelectObject
DeleteObject
CreateFontA

shell32

Shell_NotifyIconA

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

ntohs
getpeername

winmm

timeGetTime

opengl32

glDisable
glPushMatrix
glLoadIdentity
wglGetProcAddress
glGenTextures
glHint
glFogi
glClearColor
glPopMatrix
glOrtho
glCopyTexImage2D
glFogf
glFogfv
glTexParameteri
glGetIntegerv
glClear
glEnd
glTexCoord2f
glBegin
glEnable
glAlphaFunc
glColor3f
glColor4f
glMatrixMode
glBindTexture
glTexImage2D
glVertex3f
glViewport

cg

cgGetError
cgCreateContext
cgGetNamedParameter
cgCreateProgramFromFile
cgGetErrorString

cggl

cgGLGetLatestProfile
cgGLSetOptimalOptions
cgGLBindProgram
cgGLSetParameter1f
cgGLEnableProfile
cgGLSetStateMatrixParameter
cgGLDisableProfile
cgGLLoadProgram

msvcr100

_CIcos
__CxxFrameHandler3
_CIatan2
_CIatan
_CIsin
_strdup
_itoa
_CxxThrowException
floor
__CppXcptFilter
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
sprintf
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memset
memcpy
memchr
strncpy_s
toupper
tolower
fopen
srand
_mbsicmp
_stricmp
fopen_s
malloc
fclose
fread
free
sscanf_s
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
_beginthreadex
strncpy
strtok
_gmtime64
rand
vsprintf_s
??_V@YAXPAX@Z
printf
strcpy_s
sprintf_s
atoi
strcat_s
isdigit
isalpha
_time64
_localtime64
strncmp
memcpy_s

iphlpapi

GetAdaptersInfo

Exports

Exports

?AddTexture@MUEmoji@emojisl@@YAXHH@Z
?GetMouseFocus@MUEmoji@emojisl@@YAHXZ
?SetTokenInfo@MUEmoji@emojisl@@YAXPAXH@Z
EntryProc

Sections

.text
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MemRelease.dll
.dll windows:6 windows x86

aa1353f1a5d8593d3edd378c32915c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
Sleep
SetThreadPriority
SetProcessWorkingSetSize
CreateThread
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcr110

__crtTerminateProcess
__crtUnhandledException
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
_lock

Exports

Exports

Init

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xor.dll
.dll windows:5 windows x86

2810379b045edf1c2b34350a9efedd89

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:0e:a2:4a:c8:fa:21:3d:df:e4:83:a2:d1:97:23:de
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/03/2023, 00:00

Not After

12/03/2024, 23:59

Subject

CN=Roger Alexander Gonzalez Castillo,O=Roger Alexander Gonzalez Castillo,ST=Portuguesa,C=VE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:0a:2a:6b:1a:a3:a2:1b:ef:e8:c1:6a:ed:2f:39:15:83:e7:d3:52
Signer

Actual PE Digest

47:0a:2a:6b:1a:a3:a2:1b:ef:e8:c1:6a:ed:2f:39:15:83:e7:d3:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
Thread32First
OpenThread
ResumeThread
Thread32Next
GetCurrentProcessId
GetCurrentProcess
SetProcessWorkingSetSize
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForMultipleObjects
WinExec
GetModuleFileNameA
CreateProcessA
CreateMutexA
ReadProcessMemory
GetLastError
CreateFileMappingA
MapViewOfFile
SetFileAttributesA
TerminateProcess
GetCurrentThreadId
DeviceIoControl
HeapFree
GetProcessHeap
HeapAlloc
VirtualProtect
SetUnhandledExceptionFilter
SetLastError
SuspendThread
GetThreadContext
TryEnterCriticalSection
GetSystemInfo
VirtualQueryEx
InterlockedCompareExchange
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedExchange
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
GetTickCount
GetLocalTime
DeleteFileA
GetFileSize
GetCurrentThread
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
LoadLibraryA
GetProcAddress
TerminateThread
OpenProcess
Sleep
CreateThread
ReadFile
CloseHandle
WriteFile
VirtualQuery
CreateFileA

user32

GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
EnumWindows
GetCursorPos
WindowFromPoint
GetForegroundWindow
wsprintfA
MessageBoxA
GetWindowTextLengthW
IsWindowVisible
BlockInput
EndPaint
DestroyWindow
RegisterClassExA
GetClientRect
BeginPaint
SetWindowLongA
UnregisterClassA
GetWindowLongA
CreateWindowExA
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadImageA
UpdateWindow
LoadCursorA
GetWindowTextW
GetDC
ReleaseDC
GetMonitorInfoA
EnumDisplayMonitors

gdi32

GetObjectA
GetStockObject
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

msvcp100

?_Xfunc@tr1@std@@YAXXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdiplusShutdown

ws2_32

htons
inet_addr
socket
WSAGetLastError
closesocket
WSAStartup
WSACloseEvent
recv
send
WSACleanup
connect

psapi

GetModuleFileNameExA
GetModuleFileNameExW
EnumProcessModules
EnumProcesses

msvcr100

fputc
_mkdir
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
memset
memcpy
_strdup
_stricmp
asctime
_localtime64
_purecall
toupper
_time64
strcpy_s
rand
remove
vsprintf_s
_vscprintf
strstr
free
malloc
fopen_s
fread
isalnum
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
fclose
memchr
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
fgetc
ungetc
fwrite
_CxxThrowException
_unlock_file
_lock_file
sprintf
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memmove
??_V@YAXPAX@Z
??3@YAXPAX@Z

iphlpapi

GetAdaptersInfo

wininet

FtpGetFileA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
InternetOpenA
InternetConnectA

Exports

Exports

EntryProc

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jUm
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xor_Plus/Settings/Special.xml
Xor_Plus/Settings/tga.bmd
.dll windows:5 windows x86

0f89a47f0224c020c24a48970c19d976

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetCurrentProcessId
GetProcessId
CreateFileMappingA
MapViewOfFile
GetProcAddress
GetModuleHandleA
GetCurrentThread
CloseHandle
GetLastError
InterlockedCompareExchange
GetCurrentProcess
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
SetLastError
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
IsProcessorFeaturePresent
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Exports

Exports

GameGuardVerity

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xor_Plus/Settings/tga.ozn
Xor_Plus/Splash/Xor-Ban.bmp
Xor_Plus/Splash/Xor-Welc.bmp
Xor_Plus/Splash/Xor-hack.bmp
ah.emu
armyred.host

Sharing

General

Malware Config

Signatures

Files

Password: infected

6163e83295dc5a7d0298da8c3c8530af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winmm

opengl32

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 9KB - Virtual size: 793KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 23KB

ad471dc4a1dffd58951574c13702c0f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp100

ws2_32

psapi

shlwapi

dbghelp

msvcr100

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 38KB - Virtual size: 60KB

.rsrc Size: 995KB - Virtual size: 994KB

.reloc Size: 9KB - Virtual size: 8KB

2f2e13ad551f4bf0ebfaf92a9de20fae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp100

ws2_32

winmm

opengl32

cg

cggl

msvcr100

iphlpapi

Exports

Exports

Sections

.text Size: 603KB - Virtual size: 603KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 4.3MB - Virtual size: 8.0MB

.rsrc Size: 162KB - Virtual size: 162KB

.reloc Size: 75KB - Virtual size: 75KB

aa1353f1a5d8593d3edd378c32915c2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr110

Exports

Exports

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 9KB - Virtual size: 793KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 23KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 38KB - Virtual size: 60KB

.rsrc
Size: 995KB - Virtual size: 994KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 603KB - Virtual size: 603KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 4.3MB - Virtual size: 8.0MB

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 75KB - Virtual size: 75KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 860B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 846B

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

62:0e:a2:4a:c8:fa:21:3d:df:e4:83:a2:d1:97:23:de
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

47:0a:2a:6b:1a:a3:a2:1b:ef:e8:c1:6a:ed:2f:39:15:83:e7:d3:52
Signer

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 1.1MB - Virtual size: 1.1MB

.jUm
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB