GTA III Retail (mixmods[.]com[.]br)[.]7z

Sharing

Copy URL Twitter E-mail

Reason

scan timeout

General

Target

GTA III Retail (mixmods.com.br).7z
Size

631.4MB
MD5

a7aaed080d65758eb168b68ff6493f52
SHA1

01a89be40ec5015cd79b0e36e024af8135603bed
SHA256

49ff7b9a4610752413b185313d8c28d0ee62c8b8a9acb5ffff03e4728862b8d6
SHA512

c518f0b4e00a6152d4c2369f31e8ece6489d44ab4801d353cbeed31ce48976f191a6957ed467eee9b0f86fc686440dfc7be8a684c17286111218009f38e1e67f
SSDEEP

12582912:3kL1sGDVU2D5rQHRDY1HWJ9QAixH9mzZdF7kUaJiG7Rp8aHt:3kDDVU2DJQHR8VVxHYf7XaUe5N

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/drvmgt.dll
unpack001/secdrv.sys

Files

GTA III Retail (mixmods.com.br).7z
.7z
00000001.TMP
00000407.016
00000407.256
00000409.016
00000409.256
0000040c.016
0000040c.256
00000410.016
00000410.256
00000809.016
00000809.256
00000c0a.016
00000c0a.256
Audio/A1_a.wav
Audio/AMMU_A.wav
Audio/AMMU_C.wav
Audio/AMMU_b.wav
Audio/BET.mp3
Audio/CHAT.wav
Audio/CLASS.wav
Audio/COMopen.wav
Audio/City.wav
Audio/END.mp3
Audio/FLASH.wav
Audio/GAME.wav
Audio/HEAD.wav
Audio/JB.mp3
Audio/K3_A.wav
Audio/KJAH.wav
Audio/LIPS.wav
Audio/MSX.wav
Audio/Miscom.wav
Audio/RISE.wav
Audio/SUBopen.wav
Audio/Water.wav
Audio/YD2_A.wav
Audio/a1_sso.wav
Audio/a2_pp.wav
Audio/a3_a.wav
Audio/a3_ss.wav
Audio/a4_a.wav
Audio/a4_b.wav
Audio/a4_c.wav
Audio/a4_d.wav
Audio/a4_pdr.wav
Audio/a5_a.wav
Audio/a5_k2ft.wav
Audio/a6_bait.wav
Audio/a7_etg.wav
Audio/a8_ps.wav
Audio/a9_asd.wav
Audio/c1_tex.mp3
Audio/cat1.wav
Audio/d1_stog.mp3
Audio/d2_kk.mp3
Audio/d3_ado.mp3
Audio/d4_gta.mp3
Audio/d4_gta2.mp3
Audio/d5_es.mp3
Audio/d6_sts.mp3
Audio/d7_mld.mp3
Audio/door_1.wav
Audio/door_2.wav
Audio/door_3.wav
Audio/door_4.wav
Audio/door_5.wav
Audio/door_6.wav
Audio/el3_a.wav
Audio/el_ph1.mp3
Audio/el_ph2.mp3
Audio/el_ph3.mp3
Audio/el_ph4.mp3
Audio/h5_a.wav
Audio/h5_b.wav
Audio/h5_c.wav
Audio/hd_ph1.mp3
Audio/hd_ph2.mp3
Audio/hd_ph3.mp3
Audio/hd_ph4.mp3
Audio/hd_ph5.mp3
Audio/j0_dm2.mp3
Audio/j1_lfl.mp3
Audio/j2_kcl.mp3
Audio/j3_vh.mp3
Audio/j4_a.wav
Audio/j4_b.wav
Audio/j4_c.wav
Audio/j4_d.wav
Audio/j4_e.wav
Audio/j4_eth.mp3
Audio/j4_f.wav
Audio/j4t_1.wav
Audio/j4t_2.wav
Audio/j4t_3.wav
Audio/j4t_4.wav
Audio/j5_dst.mp3
Audio/j6_1.wav
Audio/j6_a.wav
Audio/j6_b.wav
Audio/j6_c.wav
Audio/j6_d.wav
Audio/j6_tbj.mp3
Audio/k1_a.wav
Audio/k1_b.wav
Audio/k1_kbo.mp3
Audio/k2_gis.mp3
Audio/k3_ds.mp3
Audio/k4_shi.mp3
Audio/k4_shi2.mp3
Audio/k5_sd.mp3
Audio/l1_lg.mp3
Audio/l2_a.wav
Audio/l2_dsb.mp3
Audio/l3_dm.mp3
Audio/l4_pap.mp3
Audio/l5_tfb.mp3
Audio/lib_a.wav
Audio/lib_a1.wav
Audio/lib_a2.wav
Audio/lib_b.wav
Audio/lib_c.wav
Audio/lib_d.wav
Audio/lo2_a.wav
Audio/lo6_a.wav
Audio/mf1_a.wav
Audio/mf2_a.wav
Audio/mf3_a.wav
Audio/mf3_b.wav
Audio/mf3_b1.wav
Audio/mf3_c.wav
Audio/mf4_a.wav
Audio/mf4_b.wav
Audio/mf4_c.wav
Audio/mt_ph1.mp3
Audio/mt_ph2.mp3
Audio/mt_ph3.mp3
Audio/mt_ph4.mp3
Audio/police.wav
Audio/r0_pdr2.mp3
Audio/r1_a.wav
Audio/r1_sw.mp3
Audio/r2_a.wav
Audio/r2_ap.mp3
Audio/r2_b.wav
Audio/r2_c.wav
Audio/r2_d.wav
Audio/r2_e.wav
Audio/r2_f.wav
Audio/r2_g.wav
Audio/r2_h.wav
Audio/r3_ed.mp3
Audio/r4_gf.mp3
Audio/r5_a.wav
Audio/r5_pb.mp3
Audio/r6_a.wav
Audio/r6_a1.wav
Audio/r6_b.wav
Audio/r6_mm.mp3
Audio/s0_mas.mp3
Audio/s1_a.wav
Audio/s1_a1.wav
Audio/s1_b.wav
Audio/s1_c.wav
Audio/s1_c1.wav
Audio/s1_d.wav
Audio/s1_e.wav
Audio/s1_f.wav
Audio/s1_g.wav
Audio/s1_h.wav
Audio/s1_i.wav
Audio/s1_j.wav
Audio/s1_k.wav
Audio/s1_l.wav
Audio/s1_pf.mp3
Audio/s2_ctg.mp3
Audio/s2_ctg2.mp3
Audio/s3_a.wav
Audio/s3_b.wav
Audio/s3_rtc.mp3
Audio/s4_bdba.mp3
Audio/s4_bdbb.mp3
Audio/s4_bdbd.mp3
Audio/s5_lrq.mp3
Audio/s5_lrqb.mp3
Audio/s5_lrqc.mp3
Audio/t1_tol.mp3
Audio/t2_tpu.mp3
Audio/t3_a.wav
Audio/t3_b.wav
Audio/t3_c.wav
Audio/t3_mas.mp3
Audio/t4_a.wav
Audio/t4_tat.mp3
Audio/t5_bf.mp3
Audio/yd2_ass.wav
Audio/yd2_b.wav
Audio/yd2_c.wav
Audio/yd2_c1.wav
Audio/yd2_d.wav
Audio/yd2_e.wav
Audio/yd2_f.wav
Audio/yd2_g.wav
Audio/yd2_h.wav
Audio/yd2_ok.wav
Audio/yd_ph1.mp3
Audio/yd_ph2.mp3
Audio/yd_ph3.mp3
Audio/yd_ph4.mp3
DirectX RunTime/DX81Win2000.exe
.exe windows:5 windows x86 arch:x86

5b5affe5cc3d8e2098fc60270b23e0a6

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/03/2001, 21:27

Not After

29/05/2002, 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
LoadLibraryA
CloseHandle
LocalFree
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcatA
GetShortPathNameA
GetSystemDirectoryA
RemoveDirectoryA
lstrcpyA
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
GetModuleFileNameA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
FormatMessageA
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA

gdi32

GetDeviceCaps

user32

ExitWindowsEx
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
wsprintfA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDesktopWindow
EndDialog
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
SendMessageA
GetDlgItemTextA
MsgWaitForMultipleObjects
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DirectX RunTime/DX81win98_ME.exe
.exe windows:5 windows x86 arch:x86

5b5affe5cc3d8e2098fc60270b23e0a6

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/03/2001, 21:27

Not After

29/05/2002, 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
LoadLibraryA
CloseHandle
LocalFree
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcatA
GetShortPathNameA
GetSystemDirectoryA
RemoveDirectoryA
lstrcpyA
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
GetModuleFileNameA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
FormatMessageA
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA

gdi32

GetDeviceCaps

user32

ExitWindowsEx
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
wsprintfA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDesktopWindow
EndDialog
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
SendMessageA
GetDlgItemTextA
MsgWaitForMultipleObjects
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.bmp
Setup.exe
.exe windows:4 windows x86 arch:x86

b4e0151a222ad217806d8344bc933b60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerInstallFileA

kernel32

CloseHandle
Sleep
lstrlenW
DeleteFileA
GetAtomNameA
RemoveDirectoryA
SetEvent
OpenEventA
AddAtomA
HeapDestroy
GetModuleHandleA
GetStartupInfoA
HeapCreate
ExitProcess
GetCommandLineA
HeapAlloc
CompareStringA
HeapFree
LockResource
LoadResource
CompareStringW
GetVersionExA
SetErrorMode
LocalFree
FormatMessageA
InterlockedDecrement
CreateProcessA
CreateFileA
CopyFileA
GetTempFileNameA
GetTempPathA
WaitForSingleObject
SetFileAttributesA
ReadFile
GetShortPathNameA
GetPrivateProfileStringA
GetFileAttributesA
CreateDirectoryA
GlobalLock
GlobalAlloc
MultiByteToWideChar
GetModuleFileNameA
RtlUnwind
WideCharToMultiByte
lstrlenA
GlobalUnlock
GlobalFree
GetLastError
SetLastError
lstrcpyA
lstrcatA
GetUserDefaultLangID
GetPrivateProfileIntA
FindResourceA
FindResourceExA
GetWindowsDirectoryA

user32

TranslateMessage
PeekMessageA
GetWindowLongA
EndDialog
GetDlgItem
SendMessageA
SetWindowLongA
DispatchMessageA
IsDialogMessageA
CreateDialogIndirectParamA
SetDlgItemTextA
GetDesktopWindow
GetClientRect
GetWindowRect
MoveWindow
CharNextA
CharUpperA
CharLowerA
ReleaseDC
LoadImageA
GetDC
EndPaint
CreateDialogParamA
BeginPaint
DialogBoxIndirectParamA
MessageBoxA
DestroyWindow
wsprintfA

gdi32

DeleteDC
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetSystemPaletteEntries
GetDIBColorTable
BitBlt

advapi32

RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

ole32

CoCreateInstance
CoFreeAllLibraries
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SafeArrayGetLBound
VariantClear
SafeArrayGetElement
SysAllocString
SafeArrayGetUBound

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.ini
autorun.inf
data1.cab
data1.hdr
data2.cab
drvmgt.dll
.dll windows:4 windows x86 arch:x86

aa76d1d181494666a3338cea602a4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
Sleep
CopyFileA
GetSystemDirectoryA
lstrlenA
CreateFileA
GetLastError
DeviceIoControl
HeapDestroy
TlsFree
TlsAlloc
HeapAlloc
SetFileAttributesA
GetFileAttributesA
HeapFree
GetCommandLineA
GetVersion
CloseHandle
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
SetStdHandle
SetFilePointer
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
FlushFileBuffers

user32

wsprintfA

advapi32

SetServiceObjectSecurity
LockServiceDatabase
SetSecurityDescriptorDacl
ChangeServiceConfigA
ControlService
UnlockServiceDatabase
QueryServiceStatus
StartServiceA
OpenServiceA
CreateServiceA
QueryServiceConfigA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
DeleteService
OpenSCManagerA
InitializeSecurityDescriptor
GetAce
GetAclInformation
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CloseServiceHandle

Exports

Exports

Remove
Setup
_DllMain@12

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ikernel.ex_
layout.bin
secdrv.sys
.sys windows:4 windows x86 arch:x86

2b0417c9fd2e5af9bf7029653696ba27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
RtlEqualUnicodeString
NtBuildNumber
RtlQueryRegistryValues
PsGetVersion
KeTickCount
MmIsAddressValid
RtlUnwind
ExAllocatePoolWithTag
ExFreePool
IofCompleteRequest

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 704B - Virtual size: 678B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.inx

Sharing

Errors

General

Malware Config

Signatures

Files

5b5affe5cc3d8e2098fc60270b23e0a6

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:06:2a:8d:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 7.5MB - Virtual size: 7.5MB

5b5affe5cc3d8e2098fc60270b23e0a6

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:06:2a:8d:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 11.5MB - Virtual size: 11.5MB

b4e0151a222ad217806d8344bc933b60

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 128KB - Virtual size: 127KB

aa76d1d181494666a3338cea602a4c9f

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:06:2a:8d:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:06:2a:8d:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 11.5MB - Virtual size: 11.5MB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 128KB - Virtual size: 127KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 10KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 896B - Virtual size: 892B

INIT
Size: 704B - Virtual size: 678B

.reloc
Size: 512B - Virtual size: 494B