Flood_Security5[.]9[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Flood_Security5.9.rar
Size

21.9MB
MD5

212070b3712264106399dbd202becdc7
SHA1

341a1cc182fdb52cc4851074adba44837e76b338
SHA256

7632bd3ca92c4e01f49ed94f8efe6b416da944eac4bbf6b7a6f1eeaf676328fd
SHA512

425d170ebc4f084c824914f647435cb9bfcf2f6712447c7109396f56ceaf05496c9e3c72b9d8ae291cd201edbb2e58701147749f1f5ea5824ed89c4896f9559b
SSDEEP

393216:jfZg0QL1XkcGuAGlZAhOfPeW+ebwkGFR6o9KFtF11ESk/s996wAZNOs6esiskWA6:G08tfrHe9ebwtRB8111X9MnZKpHy42u

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Flood Security5.9/AxInterop.WMPLib.dll
unpack001/Flood Security5.9/DiscordRPC.dll
unpack001/Flood Security5.9/Flood Security.exe
unpack001/Flood Security5.9/Interop.WMPLib.dll
unpack001/Flood Security5.9/LoginTheme.dll
unpack001/Flood Security5.9/MephTheme.dll
unpack001/Flood Security5.9/PcapDotNet.Analysis.dll
unpack001/Flood Security5.9/PcapDotNet.Base.dll
unpack001/Flood Security5.9/PcapDotNet.Core.Extensions.dll
unpack001/Flood Security5.9/PcapDotNet.Core.dll
unpack001/Flood Security5.9/PcapDotNet.Packets.dll
unpack001/Flood Security5.9/SafeGuard.dll
unpack001/Flood Security5.9/paping.exe

Files

Flood_Security5.9.rar
.rar
Flood Security5.9/AxInterop.WMPLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/DiscordRPC.dll
.dll windows:6 windows x86 arch:x86

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW

Exports

Exports

Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/Flood Security.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

�W�(9%
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Flood Security5.9/Flood Security.exe.config
Flood Security5.9/Flood Security.pdb
Flood Security5.9/Guna.UI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23/10/2019, 05:22

Not After

22/10/2025, 17:00

Subject

CN=Sobatdata Software

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:c7:11:ac:06:af:3c:b3:90:a8:99:02:20:3d:6b:dc:7b:d8:16:f0
Signer

Actual PE Digest

fd:c7:11:ac:06:af:3c:b3:90:a8:99:02:20:3d:6b:dc:7b:d8:16:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Guna.UI\Guna.UI\bin\Release\build\.net 4.0\Guna.UI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 869KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flood Security5.9/Interop.WMPLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/LoginTheme.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\Work\Themes\LoginTheme\LoginTheme\obj\Debug\LoginTheme.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/LoginTheme.pdb
Flood Security5.9/LoginTheme.xml
Flood Security5.9/MephTheme.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\Work\Themes\MephTheme\MephTheme\obj\Debug\MephTheme.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/MephTheme.pdb
Flood Security5.9/MephTheme.xml
Flood Security5.9/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:10:56:8e:61:ed:4a:db:b2:78:fe:51:cd:63:62:ed:e4:18:e6:f9:b5:44:af:42:d1:80:41:52:2d:66:12:81
Signer

Actual PE Digest

8c:10:56:8e:61:ed:4a:db:b2:78:fe:51:cd:63:62:ed:e4:18:e6:f9:b5:44:af:42:d1:80:41:52:2d:66:12:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/PcapDotNet.Analysis.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/PcapDotNet.Base.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/PcapDotNet.Core.Extensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Core.Extensions\obj\Release\PcapDotNet.Core.Extensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/PcapDotNet.Core.dll
.dll windows:5 windows x86 arch:x86

b0d7e5e2d1863ef226ece143700901c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdb

Imports

msvcr100

__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
?what@exception@std@@UBEPBDXZ
_lock
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
_amsg_exit
_onexit
__FrameUnwindFilter
_cexit
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
??2@YAPAXI@Z
_CxxThrowException
memmove
??1exception@std@@UAE@XZ

kernel32

GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

wpcap

pcap_dispatch
pcap_loop
pcap_sendpacket
pcap_offline_filter
pcap_freecode
pcap_setfilter
pcap_compile
pcap_open_dead
pcap_dump_flush
pcap_dump_ftell
pcap_dump_close
pcap_dump
pcap_dump_open
pcap_sendqueue_alloc
pcap_sendqueue_queue
pcap_sendqueue_destroy
pcap_sendqueue_transmit
pcap_datalink_val_to_name
pcap_datalink_val_to_description
pcap_datalink_name_to_val
pcap_geterr
pcap_lib_version
pcap_setmintocopy
pcap_setbuff
pcap_setnonblock
pcap_getnonblock
pcap_setmode
pcap_set_datalink
pcap_open
pcap_close
pcap_breakloop
pcap_setsampling
pcap_minor_version
pcap_major_version
pcap_is_swapped
pcap_snapshot
pcap_datalink
pcap_stats_ex
pcap_createsrcstr
pcap_findalldevs_ex
pcap_freealldevs
pcap_next_ex

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/PcapDotNet.Packets.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Packets\obj\Release\PcapDotNet.Packets.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/SafeGuard.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flood Security5.9/Siticone.UI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

Issuer

CN=Siticone Root CA

Not Before

05/02/2020, 06:42

Not After

22/10/2030, 17:00

Subject

CN=Siticone Technology

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0
Signer

Actual PE Digest

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flood Security5.9/Uh.mp3
Flood Security5.9/Uhh.mp3
Flood Security5.9/Uhhh.mp3
Flood Security5.9/paping.exe
.exe windows:5 windows x86 arch:x86

4a32289c717ca08ae1a68891867495da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\paping\paping_vs2010\Debug\paping_vs2010.pdb

Imports

kernel32

GetSystemTimeAsFileTime
Sleep
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
SetEnvironmentVariableA
CompareStringW
SetStdHandle
VirtualQuery
GetProcessHeap
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
OutputDebugStringW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedCompareExchange
RtlUnwind
RaiseException
HeapValidate
IsBadReadPtr
GetTimeZoneInformation
GetLastError
SetConsoleCtrlHandler
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetCPInfo
LCMapStringW
lstrlenA
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
InitializeCriticalSectionAndSpinCount
FatalAppExitA
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
WriteFile
FreeLibrary
GetLocaleInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
CreateFileW

ws2_32

socket
htons
ioctlsocket
connect
select
closesocket
__WSAFDIsSet
WSAStartup
gethostbyname
WSACleanup
inet_ntoa

Sections

.textbss
Size: - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 712B

.reloc Size: 512B - Virtual size: 12B

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 226KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

�W�(9% Size: 310KB - Virtual size: 310KB

.text Size: 5.1MB - Virtual size: 5.1MB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

fd:c7:11:ac:06:af:3c:b3:90:a8:99:02:20:3d:6b:dc:7b:d8:16:f0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 869KB - Virtual size: 868KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 321KB - Virtual size: 320KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 226KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

�W�(9%
Size: 310KB - Virtual size: 310KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

fd:c7:11:ac:06:af:3c:b3:90:a8:99:02:20:3d:6b:dc:7b:d8:16:f0
Signer

.text
Size: 869KB - Virtual size: 868KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 321KB - Virtual size: 320KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 113KB - Virtual size: 112KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 44KB - Virtual size: 44KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8c:10:56:8e:61:ed:4a:db:b2:78:fe:51:cd:63:62:ed:e4:18:e6:f9:b5:44:af:42:d1:80:41:52:2d:66:12:81
Signer

.text
Size: 673KB - Virtual size: 673KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 12B