Package[.]tar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Package.tar
Size

5.8MB
MD5

74a97275a336ebca7e0d405188553507
SHA1

3bcae9d53df03f0ad03ef6e12100ef012430f8ff
SHA256

28836a8e5d0a902b442e6f430433018a0b76f0a9f9c3fb9f7d14c365a07a1a5b
SHA512

48cd5b24c6813fc033cac6678c701904109030e0bda066f0e642c72e63a7a86e971423959fa4690caf92b07e19707959a3018db9f79343669c98035d1b437db7
SSDEEP

98304:XWmtbF605bOZ7J9XEHLQcbjDhE/YVAUNWqSBnQqIP:m2bFTOZtlEH3REASpny

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Package/BException.dll
unpack001/Package/BabyServices.dll

Files

Package.tar
.tar
Package/BException.dll
.dll windows:4 windows x86 arch:x86

6043255cb3cc74dec0aef719287a6935

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
GetProcAddress
CreateFileW
GetCurrentProcessId
GetCurrentProcess
CloseHandle
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
GetLastError
lstrcmpiW
FlushFileBuffers
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
TlsFree
TlsGetValue
TlsSetValue
GetModuleHandleW
TlsAlloc
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
SetLastError
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA

user32

DestroyWindow
CharNextW
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

Exports

Exports

??0BException@@AAE@XZ
??0BException@@QAE@ABV0@@Z
??1BException@@EAE@XZ
??4BException@@QAEAAV0@ABV0@@Z
??BBException@@QAEPB_WXZ
??_7BException@@6B@
?Append@BException@@AAEXPAU_EXCEPTION_POINTERS@@@Z
?Append@BException@@QAAXPB_WZZ
?ExceptionStr@BException@@AAEPB_WK@Z
?Finish@BException@@QAEXXZ
?GetExceptions@BException@@QAEPB_WXZ
?Raise@BException@@SAPAV1@PAU_EXCEPTION_POINTERS@@@Z
?Raise@BException@@SAPAV1@PB_WZZ
?SetStage@BException@@QAEXK@Z

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Package/BabyServices.dll
.dll windows:4 windows x86 arch:x86

59586c98fcfc4eb47a367fef6517ab84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
GetFileAttributesW
GetLastError
CreateDirectoryW
DeleteFileW
CreateFileW
CloseHandle
VirtualAlloc
WriteFile
FlushFileBuffers
VirtualFree
LoadLibraryW
GetCurrentProcessId
RaiseException
Sleep
GetModuleHandleW
GetCPInfo
GetModuleFileNameW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CreateMutexW
WaitForSingleObject
ReleaseMutex
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
lstrcmpiW
GetStringTypeW
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetACP
lstrlenW
GetWindowsDirectoryW
GetLocalTime
GetComputerNameW
LocalFree
FormatMessageW
GetEnvironmentStringsW
GetCurrentProcess
FreeEnvironmentStringsW
GetStringTypeA
SetEndOfFile
CreateFileA
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
SetStdHandle
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTickCount
LocalAlloc
InterlockedExchange
LoadLibraryA
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetFileType
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
RtlUnwind
GetConsoleCP
GetConsoleMode
GetModuleHandleA
SetLastError
HeapSize
ExitProcess
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
SetFilePointer
SetHandleCount
GetStartupInfoA
GetOEMCP
QueryPerformanceCounter

user32

CharNextW
DestroyWindow
UnregisterClassA

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
ReportEventW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegisterEventSourceW
GetUserNameW
DeregisterEventSource

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocStringLen
VarBstrCmp
VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathFindFileNameA
PathAddBackslashW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

CloseLog
CreateRegExpObjectImpl
GetHTImpl
GetLocalizeImpl
GetLogImpl
GetPWImpl
GetSRImpl
GetUCPImpl
GetZLImpl
SetMainPathImpl
SetRegPathImpl

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 356KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Package/Babylon.exe
.exe windows:4 windows x86 arch:x86

588385192249056dd9c9ef626b461f02

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:71:e0:1d:90:b1:47:dc:f8:0e:63:da:c3:51:46:a7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/02/2006, 00:00

Not After

27/02/2007, 23:59

Subject

CN=Babylon Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Babylon Ltd.,L=Or-Yehuda,ST=Or-Yehuda,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

82:fa:16:cd:5b:7f:c9:ac:61:8c:9b:8f:4c:e1:e0:b9:87:5c:62:2e
Signer

Actual PE Digest

82:fa:16:cd:5b:7f:c9:ac:61:8c:9b:8f:4c:e1:e0:b9:87:5c:62:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
DuplicateHandle
LoadLibraryExW
lstrcmpiW
GlobalAddAtomW
GlobalFindAtomW
GetThreadLocale
Beep
GetUserDefaultLCID
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
OutputDebugStringW
FindResourceW
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetCurrentDirectoryA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetOEMCP
LoadResource
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
GetLocaleInfoW
LCMapStringW
LCMapStringA
RtlUnwind
RemoveDirectoryW
GetFullPathNameW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetTimeZoneInformation
CreateThread
ExitThread
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedCompareExchange
GetVersionExA
LoadLibraryA
LocalAlloc
GetCPInfo
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryW
ResumeThread
ReleaseMutex
GetVolumeInformationW
VirtualFree
FlushFileBuffers
VirtualAlloc
GetFileTime
SetFileAttributesW
MoveFileExW
GetFileAttributesW
GlobalFree
WritePrivateProfileStringW
GetEnvironmentVariableW
TlsFree
GlobalDeleteAtom
LockResource
FreeResource
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
DeleteFileW
CopyFileW
CreateDirectoryW
Sleep
GetComputerNameW
InterlockedExchange
CreateMutexW
IsBadReadPtr
GetCurrentThread
IsValidCodePage
SetThreadPriority
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
GlobalGetAtomNameW
SetCurrentDirectoryW
TerminateProcess
OpenProcess
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetTempFileNameW
WriteFile
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
IsBadStringPtrA
ReadFile
SetFilePointer
CloseHandle
CreateFileW
GetSystemTime
GetDateFormatA
lstrlenA
CompareFileTime
GetNumberFormatA
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoA
GetTimeFormatA
LocalFree
FormatMessageW
WaitForMultipleObjects
IsBadStringPtrW
GetModuleHandleW
IsBadCodePtr
GetProcAddress
LoadLibraryW
FreeLibrary
GetTempPathW
RaiseException
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
SetLastError
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
InitializeCriticalSection
GetTickCount
WideCharToMultiByte
MulDiv
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentThreadId
lstrcpyW
lstrlenW
ExitProcess
GetACP
MultiByteToWideChar
HeapSize

user32

FindWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
InsertMenuItemW
ModifyMenuW
WinHelpW
GetDC
ReleaseDC
GetSysColorBrush
GetClassNameW
EnumChildWindows
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindow
EnumThreadWindows
CopyRect
FillRect
GetSysColor
DrawTextW
UnregisterClassA
MessageBoxExW
EnableMenuItem
DialogBoxParamW
CheckDlgButton
MessageBeep
IsDlgButtonChecked
SendMessageTimeoutW
EnumWindows
LoadIconW
LoadStringW
SetDlgItemTextW
EndDialog
SetClassLongW
IntersectRect
LoadImageW
FrameRect
ClipCursor
CharNextExA
GetActiveWindow
SetActiveWindow
CheckRadioButton
PostQuitMessage
GetMenuItemID
RemoveMenu
GetWindowDC
GetNextDlgTabItem
FindWindowW
UnregisterHotKey
GetGUIThreadInfo
ReuseDDElParam
UnpackDDElParam
PeekMessageW
MessageBoxW
SendDlgItemMessageW
CharLowerBuffW
GetMonitorInfoW
GetLastInputInfo
EnumDisplayMonitors
MonitorFromPoint
AppendMenuW
TrackPopupMenuEx
CreatePopupMenu
UnionRect
MonitorFromRect
DestroyIcon
GetForegroundWindow
LockSetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
CreateWindowExW
SendMessageW
InflateRect
SetWindowPos
GetWindowLongW
SetWindowLongW
EnableWindow
InvalidateRect
UpdateWindow
GetWindowRect
LoadBitmapW
IsWindowEnabled
InvertRect
GetSystemMenu
InsertMenuW
GetDlgItemTextW
MapVirtualKeyW
VkKeyScanW
GetKeyNameTextW
RegisterHotKey
SetFocus
GetClientRect
MapWindowPoints
GetCursorPos
TrackPopupMenu
DestroyMenu
DrawIconEx
AttachThreadInput
GetWindowThreadProcessId
keybd_event
OffsetRect
GetMessagePos
IsWindowVisible
GetWindowRgn
SetWindowRgn
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
CloseWindow
DrawAnimatedRects
IsDialogMessageW
GetUpdateRgn
EqualRect
SetCursor
SetRect
IsRectEmpty
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CreateDialogParamW
OpenClipboard
DestroyAcceleratorTable
GetFocus
GetWindow
CharNextW
CreateAcceleratorTableW
ScreenToClient
MoveWindow
InvalidateRgn
GetDesktopWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetDlgItem
GetKeyState
SetForegroundWindow
IsIconic
IsChild
RegisterWindowMessageW
ShowWindow
SetParent
WindowFromPoint
RedrawWindow
CallWindowProcW
DefWindowProcW
ClientToScreen
AdjustWindowRectEx
GetMenu
KillTimer
PtInRect
ReleaseCapture
GetDlgCtrlID
SetTimer
SystemParametersInfoW
GetCapture
SetCapture
EndPaint
BeginPaint
SetRectEmpty
DrawFocusRect
DrawEdge
GetParent
DestroyWindow
PostMessageW
GetSystemMetrics

gdi32

SetTextAlign
ExtTextOutW
EnumFontFamiliesExW
CreateDCW
SetMapMode
GetCurrentObject
CreateRectRgnIndirect
AddFontResourceW
RemoveFontResourceW
GetObjectType
Polyline
Polygon
EnumFontsW
GetDeviceCaps
FrameRgn
CreateFontIndirectA
TextOutA
GetCurrentPositionEx
LineTo
GetGlyphOutlineW
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
GetTextFaceA
SetBkMode
SetTextColor
CreateCompatibleDC
GetStockObject
BitBlt
GetObjectW
RectInRegion
CreateSolidBrush
CreateCompatibleBitmap
GetRgnBox
GetPixel
CreateRectRgn
MoveToEx
CreatePen
DeleteDC
SelectObject
CreateFontW
GetTextFaceW
GetTextCharset
GetTextMetricsW
GetGlyphOutlineA
DeleteObject
GetMapMode
CreateFontIndirectW
GetCharacterPlacementW
CombineRgn
PtInRegion
StretchBlt
PatBlt
CreateBitmap
CreatePatternBrush
TranslateCharsetInfo
GetTextExtentPoint32W
SetBkColor
LPtoDP
FillRgn
CreateRoundRectRgn

comdlg32

GetOpenFileNameW
CommDlgExtendedError

advapi32

FreeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegEnumKeyExW
GetUserNameW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
AllocateAndInitializeSid

shell32

ExtractIconW
SHGetFolderPathW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW

ole32

OleLoadFromStream
CoGetMalloc
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance
CLSIDFromProgID
CoCreateGuid
CoTaskMemRealloc

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VarUI4FromStr
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
OleCreateFontIndirect
SafeArrayCopy
SafeArrayGetVartype
SysAllocStringByteLen
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantCopy
SysAllocStringLen

shlwapi

StrStrIW
PathAddBackslashW
PathFindFileNameW
PathFindExtensionW

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_Add
ImageList_Create
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Draw
ImageList_Destroy
ord17

urlmon

URLDownloadToFileW

imm32

ImmGetContext
ImmSetOpenStatus
ImmGetOpenStatus

ws2_32

WSAStartup
inet_ntoa
gethostbyname
gethostname
WSACleanup

wininet

InternetGetLastResponseInfoW
UnlockUrlCacheEntryFileW
RetrieveUrlCacheEntryFileW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW

rasapi32

RasEnumConnectionsW
RasGetConnectStatusW

psapi

GetModuleFileNameExW
EnumProcessModules

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

_LoadError

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Package/puffball.app

Sharing

General

Malware Config

Signatures

Files

6043255cb3cc74dec0aef719287a6935

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 1012B

.reloc Size: 8KB - Virtual size: 8KB

59586c98fcfc4eb47a367fef6517ab84

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 356KB - Virtual size: 368KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 35KB - Virtual size: 35KB

588385192249056dd9c9ef626b461f02

Code Sign

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

12:71:e0:1d:90:b1:47:dc:f8:0e:63:da:c3:51:46:a7Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

82:fa:16:cd:5b:7f:c9:ac:61:8c:9b:8f:4c:e1:e0:b9:87:5c:62:2eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

imm32

ws2_32

wininet

rasapi32

psapi

iphlpapi

version

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 1012B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 356KB - Virtual size: 368KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 35KB - Virtual size: 35KB

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

12:71:e0:1d:90:b1:47:dc:f8:0e:63:da:c3:51:46:a7
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

82:fa:16:cd:5b:7f:c9:ac:61:8c:9b:8f:4c:e1:e0:b9:87:5c:62:2e
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 449KB - Virtual size: 449KB

.data
Size: 40KB - Virtual size: 183KB

.rsrc
Size: 572KB - Virtual size: 572KB