LogonUI_overwriter_source_code[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

LogonUI_overwriter_source_code.zip
Size

112KB
MD5

3c20c305466728aa8174c34434d98b3f
SHA1

927c4d779522423beaea517fa2fc0eaf3bf32350
SHA256

dca2d88f17f988d79900e1cb81654b0996b711415a52096eca892d175b28558e
SHA512

798f03976d76c8b08e2c0af12692c2c644738d2ea4caa6a02037c9a73ae90d172d4023c0d83b3b68c386625f7d48f178845c42c3da4e8813e846115b80dcf1c2
SSDEEP

3072:LulclVM/kDBulclVM/kDaTNNTHYGkGuTHU1dubTH4nQ:LEco/kdEco/kOpNzYRGuz6dubzEQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
unpack001/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
unpack001/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
unpack001/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
unpack001/RSOD/RSOD/bin/Debug/LogonUI.exe
unpack001/RSOD/RSOD/obj/Debug/RSOD.exe

Files

LogonUI_overwriter_source_code.zip
.zip

Password: infected
Logon_overwriter/.vs/Logon_overwriter/v16/.suo
Logon_overwriter/Logon_overwriter.sln
Logon_overwriter/Logon_overwriter/Form1.Designer.cs
Logon_overwriter/Logon_overwriter/Form1.cs
.js
Logon_overwriter/Logon_overwriter/Form1.resx
.vbs
Logon_overwriter/Logon_overwriter/Logon_overwriter.csproj
Logon_overwriter/Logon_overwriter/Program.cs
Logon_overwriter/Logon_overwriter/Properties/AssemblyInfo.cs
Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.cs
.vbs
Logon_overwriter/Logon_overwriter/Properties/Resources.resx
.vbs
Logon_overwriter/Logon_overwriter/Properties/Settings.Designer.cs
Logon_overwriter/Logon_overwriter/Properties/Settings.settings
Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Logon_overwriter/Logon_overwriter/app.manifest
Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.pdb
Logon_overwriter/Logon_overwriter/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
Logon_overwriter/Logon_overwriter/obj/Debug/DesignTimeResolveAssemblyReferences.cache
Logon_overwriter/Logon_overwriter/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.Logon.resources
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.Properties.Resources.resources
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.CoreCompileInputs.cache
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.FileListAbsolute.txt
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.GenerateResource.cache
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csprojAssemblyReference.cache
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.pdb
Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RSOD/.vs/RSOD/v16/.suo
RSOD/RSOD.sln
RSOD/RSOD/Form1.Designer.cs
RSOD/RSOD/Form1.cs
RSOD/RSOD/Form1.resx
.vbs
RSOD/RSOD/Program.cs
RSOD/RSOD/Properties/AssemblyInfo.cs
RSOD/RSOD/Properties/Resources.Designer.cs
.vbs
RSOD/RSOD/Properties/Resources.resx
.vbs
RSOD/RSOD/Properties/Settings.Designer.cs
RSOD/RSOD/Properties/Settings.settings
RSOD/RSOD/RSOD.csproj
RSOD/RSOD/bin/Debug/LogonUI.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RSOD/RSOD/bin/Debug/RSOD.pdb
RSOD/RSOD/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
RSOD/RSOD/obj/Debug/DesignTimeResolveAssemblyReferences.cache
RSOD/RSOD/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
RSOD/RSOD/obj/Debug/RSOD.Properties.Resources.resources
RSOD/RSOD/obj/Debug/RSOD.RSOD.resources
RSOD/RSOD/obj/Debug/RSOD.csproj.CoreCompileInputs.cache
RSOD/RSOD/obj/Debug/RSOD.csproj.FileListAbsolute.txt
RSOD/RSOD/obj/Debug/RSOD.csproj.GenerateResource.cache
RSOD/RSOD/obj/Debug/RSOD.csprojAssemblyReference.cache
RSOD/RSOD/obj/Debug/RSOD.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RSOD/RSOD/obj/Debug/RSOD.pdb

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B