External[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

External.zip
Size

6.8MB
MD5

856958b912c63f1259834baf2cf44ae5
SHA1

59050f96cd06c725ca23d93f37658fcabb27db99
SHA256

7c622baa826d8a476d862cf1094ae161c87c906da84c7a5144cd525d6d80010b
SHA512

e90264adf2a8db04d696fed86b28897661c6620ce66ab6ead1d8b4426205aacb2ea1ffeeb9c1c8a9827dfdf6b044386db82fe2cbd1879eb690e2c089b092e035
SSDEEP

196608:skpmQdLfLUMMaSNqp3r0cNdPrAw7zW6x8+:skpDzUraSNWrpLzvS+

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Derkstaware/External.bat	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Derkstaware/External.bat

Files

External.zip
.zip

Password: rose123
Derkstaware/External.bat
.exe windows:5 windows x64 arch:x64

Password: rose123

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
External.pyc
Derkstaware/External.dll
.dll windows:6 windows x86 arch:x86

Password: rose123

c85c1c96a17417feb77f58eddec50e0b

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07/07/2016, 17:27

Not After

07/07/2017, 17:27

Subject

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67
Signer

Actual PE Digest

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
Sleep
GetSystemInfo
VirtualAlloc
EnterCriticalSection
VirtualProtect
VirtualLock
VirtualUnlock
VirtualFree
InitializeCriticalSection
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

SystemFunction036

vcruntime140

strchr
memcpy
memset
_except_handler4_common
memchr
memmove
strrchr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_errno
abort
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
raise

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-time-l1-1-0

_ftime64

Exports

Exports

crypto_aead_aes256gcm_abytes
crypto_aead_aes256gcm_beforenm
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_decrypt_afternm
crypto_aead_aes256gcm_decrypt_detached
crypto_aead_aes256gcm_decrypt_detached_afternm
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_encrypt_afternm
crypto_aead_aes256gcm_encrypt_detached
crypto_aead_aes256gcm_encrypt_detached_afternm
crypto_aead_aes256gcm_is_available
crypto_aead_aes256gcm_keybytes
crypto_aead_aes256gcm_npubbytes
crypto_aead_aes256gcm_nsecbytes
crypto_aead_aes256gcm_statebytes
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_auth
crypto_auth_bytes
crypto_auth_hmacsha256
crypto_auth_hmacsha256_bytes
crypto_auth_hmacsha256_final
crypto_auth_hmacsha256_init
crypto_auth_hmacsha256_keybytes
crypto_auth_hmacsha256_statebytes
crypto_auth_hmacsha256_update
crypto_auth_hmacsha256_verify
crypto_auth_hmacsha512
crypto_auth_hmacsha512256
crypto_auth_hmacsha512256_bytes
crypto_auth_hmacsha512256_final
crypto_auth_hmacsha512256_init
crypto_auth_hmacsha512256_keybytes
crypto_auth_hmacsha512256_statebytes
crypto_auth_hmacsha512256_update
crypto_auth_hmacsha512256_verify
crypto_auth_hmacsha512_bytes
crypto_auth_hmacsha512_final
crypto_auth_hmacsha512_init
crypto_auth_hmacsha512_keybytes
crypto_auth_hmacsha512_statebytes
crypto_auth_hmacsha512_update
crypto_auth_hmacsha512_verify
crypto_auth_keybytes
crypto_auth_primitive
crypto_auth_verify
crypto_box
crypto_box_afternm
crypto_box_beforenm
crypto_box_beforenmbytes
crypto_box_boxzerobytes
crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_afternm
crypto_box_curve25519xsalsa20poly1305_beforenm
crypto_box_curve25519xsalsa20poly1305_beforenmbytes
crypto_box_curve25519xsalsa20poly1305_boxzerobytes
crypto_box_curve25519xsalsa20poly1305_keypair
crypto_box_curve25519xsalsa20poly1305_macbytes
crypto_box_curve25519xsalsa20poly1305_noncebytes
crypto_box_curve25519xsalsa20poly1305_open
crypto_box_curve25519xsalsa20poly1305_open_afternm
crypto_box_curve25519xsalsa20poly1305_publickeybytes
crypto_box_curve25519xsalsa20poly1305_secretkeybytes
crypto_box_curve25519xsalsa20poly1305_seed_keypair
crypto_box_curve25519xsalsa20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305_zerobytes
crypto_box_detached
crypto_box_detached_afternm
crypto_box_easy
crypto_box_easy_afternm
crypto_box_keypair
crypto_box_macbytes
crypto_box_noncebytes
crypto_box_open
crypto_box_open_afternm
crypto_box_open_detached
crypto_box_open_detached_afternm
crypto_box_open_easy
crypto_box_open_easy_afternm
crypto_box_primitive
crypto_box_publickeybytes
crypto_box_seal
crypto_box_seal_open
crypto_box_sealbytes
crypto_box_secretkeybytes
crypto_box_seed_keypair
crypto_box_seedbytes
crypto_box_zerobytes
crypto_core_hchacha20
crypto_core_hchacha20_constbytes
crypto_core_hchacha20_inputbytes
crypto_core_hchacha20_keybytes
crypto_core_hchacha20_outputbytes
crypto_core_hsalsa20
crypto_core_hsalsa20_constbytes
crypto_core_hsalsa20_inputbytes
crypto_core_hsalsa20_keybytes
crypto_core_hsalsa20_outputbytes
crypto_core_salsa20
crypto_core_salsa2012
crypto_core_salsa2012_constbytes
crypto_core_salsa2012_inputbytes
crypto_core_salsa2012_keybytes
crypto_core_salsa2012_outputbytes
crypto_core_salsa208
crypto_core_salsa208_constbytes
crypto_core_salsa208_inputbytes
crypto_core_salsa208_keybytes
crypto_core_salsa208_outputbytes
crypto_core_salsa20_constbytes
crypto_core_salsa20_inputbytes
crypto_core_salsa20_keybytes
crypto_core_salsa20_outputbytes
crypto_generichash
crypto_generichash_blake2b
crypto_generichash_blake2b_bytes
crypto_generichash_blake2b_bytes_max
crypto_generichash_blake2b_bytes_min
crypto_generichash_blake2b_final
crypto_generichash_blake2b_init
crypto_generichash_blake2b_init_salt_personal
crypto_generichash_blake2b_keybytes
crypto_generichash_blake2b_keybytes_max
crypto_generichash_blake2b_keybytes_min
crypto_generichash_blake2b_personalbytes
crypto_generichash_blake2b_salt_personal
crypto_generichash_blake2b_saltbytes
crypto_generichash_blake2b_statebytes
crypto_generichash_blake2b_update
crypto_generichash_bytes
crypto_generichash_bytes_max
crypto_generichash_bytes_min
crypto_generichash_final
crypto_generichash_init
crypto_generichash_keybytes
crypto_generichash_keybytes_max
crypto_generichash_keybytes_min
crypto_generichash_primitive
crypto_generichash_statebytes
crypto_generichash_update
crypto_hash
crypto_hash_bytes
crypto_hash_primitive
crypto_hash_sha256
crypto_hash_sha256_bytes
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_statebytes
crypto_hash_sha256_update
crypto_hash_sha512
crypto_hash_sha512_bytes
crypto_hash_sha512_final
crypto_hash_sha512_init
crypto_hash_sha512_statebytes
crypto_hash_sha512_update
crypto_onetimeauth
crypto_onetimeauth_bytes
crypto_onetimeauth_final
crypto_onetimeauth_init
crypto_onetimeauth_keybytes
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_onetimeauth_primitive
crypto_onetimeauth_statebytes
crypto_onetimeauth_update
crypto_onetimeauth_verify
crypto_pwhash
crypto_pwhash_alg_argon2i13
crypto_pwhash_alg_default
crypto_pwhash_argon2i
crypto_pwhash_argon2i_alg_argon2i13
crypto_pwhash_argon2i_memlimit_interactive
crypto_pwhash_argon2i_memlimit_moderate
crypto_pwhash_argon2i_memlimit_sensitive
crypto_pwhash_argon2i_opslimit_interactive
crypto_pwhash_argon2i_opslimit_moderate
crypto_pwhash_argon2i_opslimit_sensitive
crypto_pwhash_argon2i_saltbytes
crypto_pwhash_argon2i_str
crypto_pwhash_argon2i_str_verify
crypto_pwhash_argon2i_strbytes
crypto_pwhash_argon2i_strprefix
crypto_pwhash_memlimit_interactive
crypto_pwhash_memlimit_moderate
crypto_pwhash_memlimit_sensitive
crypto_pwhash_opslimit_interactive
crypto_pwhash_opslimit_moderate
crypto_pwhash_opslimit_sensitive
crypto_pwhash_primitive
crypto_pwhash_saltbytes
crypto_pwhash_scryptsalsa208sha256
crypto_pwhash_scryptsalsa208sha256_ll
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
crypto_pwhash_scryptsalsa208sha256_saltbytes
crypto_pwhash_scryptsalsa208sha256_str
crypto_pwhash_scryptsalsa208sha256_str_verify
crypto_pwhash_scryptsalsa208sha256_strbytes
crypto_pwhash_scryptsalsa208sha256_strprefix
crypto_pwhash_str
crypto_pwhash_str_verify
crypto_pwhash_strbytes
crypto_pwhash_strprefix
crypto_scalarmult
crypto_scalarmult_base
crypto_scalarmult_bytes
crypto_scalarmult_curve25519
crypto_scalarmult_curve25519_base
crypto_scalarmult_curve25519_bytes
crypto_scalarmult_curve25519_scalarbytes
crypto_scalarmult_primitive
crypto_scalarmult_scalarbytes
crypto_secretbox
crypto_secretbox_boxzerobytes
crypto_secretbox_detached
crypto_secretbox_easy
crypto_secretbox_keybytes
crypto_secretbox_macbytes
crypto_secretbox_noncebytes
crypto_secretbox_open
crypto_secretbox_open_detached
crypto_secretbox_open_easy
crypto_secretbox_primitive
crypto_secretbox_xsalsa20poly1305
crypto_secretbox_xsalsa20poly1305_boxzerobytes
crypto_secretbox_xsalsa20poly1305_keybytes
crypto_secretbox_xsalsa20poly1305_macbytes
crypto_secretbox_xsalsa20poly1305_noncebytes
crypto_secretbox_xsalsa20poly1305_open
crypto_secretbox_xsalsa20poly1305_zerobytes
crypto_secretbox_zerobytes
crypto_shorthash
crypto_shorthash_bytes
crypto_shorthash_keybytes
crypto_shorthash_primitive
crypto_shorthash_siphash24
crypto_shorthash_siphash24_bytes
crypto_shorthash_siphash24_keybytes
crypto_sign
crypto_sign_bytes
crypto_sign_detached
crypto_sign_ed25519
crypto_sign_ed25519_bytes
crypto_sign_ed25519_detached
crypto_sign_ed25519_keypair
crypto_sign_ed25519_open
crypto_sign_ed25519_pk_to_curve25519
crypto_sign_ed25519_publickeybytes
crypto_sign_ed25519_secretkeybytes
crypto_sign_ed25519_seed_keypair
crypto_sign_ed25519_seedbytes
crypto_sign_ed25519_sk_to_curve25519
crypto_sign_ed25519_sk_to_pk
crypto_sign_ed25519_sk_to_seed
crypto_sign_ed25519_verify_detached
crypto_sign_edwards25519sha512batch
crypto_sign_edwards25519sha512batch_keypair
crypto_sign_edwards25519sha512batch_open
crypto_sign_keypair
crypto_sign_open
crypto_sign_primitive
crypto_sign_publickeybytes
crypto_sign_secretkeybytes
crypto_sign_seed_keypair
crypto_sign_seedbytes
crypto_sign_verify_detached
crypto_stream
crypto_stream_aes128ctr
crypto_stream_aes128ctr_afternm
crypto_stream_aes128ctr_beforenm
crypto_stream_aes128ctr_beforenmbytes
crypto_stream_aes128ctr_keybytes
crypto_stream_aes128ctr_noncebytes
crypto_stream_aes128ctr_xor
crypto_stream_aes128ctr_xor_afternm
crypto_stream_chacha20
crypto_stream_chacha20_ietf
crypto_stream_chacha20_ietf_noncebytes
crypto_stream_chacha20_ietf_xor
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_keybytes
crypto_stream_chacha20_noncebytes
crypto_stream_chacha20_xor
crypto_stream_chacha20_xor_ic
crypto_stream_keybytes
crypto_stream_noncebytes
crypto_stream_primitive
crypto_stream_salsa20
crypto_stream_salsa2012
crypto_stream_salsa2012_keybytes
crypto_stream_salsa2012_noncebytes
crypto_stream_salsa2012_xor
crypto_stream_salsa208
crypto_stream_salsa208_keybytes
crypto_stream_salsa208_noncebytes
crypto_stream_salsa208_xor
crypto_stream_salsa20_keybytes
crypto_stream_salsa20_noncebytes
crypto_stream_salsa20_xor
crypto_stream_salsa20_xor_ic
crypto_stream_xor
crypto_stream_xsalsa20
crypto_stream_xsalsa20_keybytes
crypto_stream_xsalsa20_noncebytes
crypto_stream_xsalsa20_xor
crypto_stream_xsalsa20_xor_ic
crypto_verify_16
crypto_verify_16_bytes
crypto_verify_32
crypto_verify_32_bytes
crypto_verify_64
crypto_verify_64_bytes
randombytes
randombytes_buf
randombytes_close
randombytes_implementation_name
randombytes_random
randombytes_salsa20_implementation
randombytes_set_implementation
randombytes_stir
randombytes_sysrandom_implementation
randombytes_uniform
sodium_add
sodium_allocarray
sodium_bin2hex
sodium_compare
sodium_free
sodium_hex2bin
sodium_increment
sodium_init
sodium_is_zero
sodium_library_version_major
sodium_library_version_minor
sodium_malloc
sodium_memcmp
sodium_memzero
sodium_mlock
sodium_mprotect_noaccess
sodium_mprotect_readonly
sodium_mprotect_readwrite
sodium_munlock
sodium_runtime_has_aesni
sodium_runtime_has_avx
sodium_runtime_has_avx2
sodium_runtime_has_neon
sodium_runtime_has_pclmul
sodium_runtime_has_sse2
sodium_runtime_has_sse3
sodium_runtime_has_sse41
sodium_runtime_has_ssse3
sodium_version_string

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Derkstaware/Read me.txt

Sharing

General

Malware Config

Signatures

Files

Password: rose123

Password: rose123

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 2KB - Virtual size: 1KB

Password: rose123

c85c1c96a17417feb77f58eddec50e0b

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bfCertificate

Extended Key Usages

Key Usages

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 415KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 2KB - Virtual size: 1KB

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67
Signer

.text
Size: 415KB - Virtual size: 415KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB