General

Malware Config

Signatures

Files

• coba.zip

  .zip
• chrome_elf.dll

  .dll windows:6 windows x86 arch:x86

  c0c7512af5a76f08657a2c1bb7c7ec3e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  C:\Users\test\Desktop\tool\d11_pro\Release\New_dll.pdb

  Imports

  kernel32

  VirtualProtect

  DeviceIoControl

  CreateFileW

  Sleep

  CreateThread

  GetProcAddress

  GlobalMemoryStatusEx

  GetModuleHandleW

  GetTickCount

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  DisableThreadLibraryCalls

  InitializeSListHead

  IsDebuggerPresent

  UnhandledExceptionFilter

  msvcp140

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z

  ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?uncaught_exception@std@@YA_NXZ

  ?_Xout_of_range@std@@YAXPBD@Z

  ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?_Xlength_error@std@@YAXPBD@Z

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  vcruntime140

  memmove

  _except_handler4_common

  memset

  __std_type_info_destroy_list

  _CxxThrowException

  __std_terminate

  __std_exception_copy

  __std_exception_destroy

  __CxxFrameHandler3

  memcpy

  api-ms-win-crt-runtime-l1-1-0

  _cexit

  exit

  _execute_onexit_table

  _configure_narrow_argv

  _seh_filter_dll

  _initterm_e

  _initterm

  _initialize_onexit_table

  _invalid_parameter_noinfo_noreturn

  __p___argv

  _initialize_narrow_environment

  api-ms-win-crt-string-l1-1-0

  _strdup

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vsprintf

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  malloc

  free

  Exports

  Exports

  SignalInitializeCrashReporting

  Sections

  .text

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 211KB - Virtual size: 210KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 680B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• pfexec.exe

  .exe windows:5 windows x86 arch:x86

  f198292994fe65dc133cf54ea6b27c34

  
  

  Code Sign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  06-01-2016 00:00

  Not After

  28-03-2019 23:59

  Subject

  CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  28-12-2015 00:00

  Not After

  28-03-2019 23:59

  Subject

  CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  02-01-2017 00:00

  Not After

  01-04-2028 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  f4:5d:60:0c:50:90:7e:f6:a6:e5:00:0b:6e:3e:87:84:3d:10:6c:34:86:3b:3a:ba:84:39:a2:db:cb:68:2e:44

  Signer

  Actual PE Digest

  f4:5d:60:0c:50:90:7e:f6:a6:e5:00:0b:6e:3e:87:84:3d:10:6c:34:86:3b:3a:ba:84:39:a2:db:cb:68:2e:44

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  ef:ae:72:1a:1b:b0:36:15:c8:dc:d2:ca:62:38:6f:d4:da:4e:65:16

  Signer

  Actual PE Digest

  ef:ae:72:1a:1b:b0:36:15:c8:dc:d2:ca:62:38:6f:d4:da:4e:65:16

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  d:\se9\src\out\Release\initialexe\360se.exe.pdb

  Imports

  advapi32

  RegQueryValueExW

  DuplicateTokenEx

  RegOpenKeyExW

  CheckTokenMembership

  FreeSid

  OpenProcessToken

  AllocateAndInitializeSid

  RegCloseKey

  CreateProcessAsUserW

  RegDeleteValueW

  RegSetValueExW

  RegEnumKeyExW

  RegCreateKeyExW

  RegDeleteKeyW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  SystemFunction036

  GetLengthSid

  SetKernelObjectSecurity

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  GetKernelObjectSecurity

  SetSecurityInfo

  ConvertStringSidToSidW

  SetTokenInformation

  GetAce

  GetSecurityDescriptorSacl

  GetTokenInformation

  DuplicateToken

  CreateRestrictedToken

  EqualSid

  CopySid

  CreateWellKnownSid

  RegDisablePredefinedCache

  RevertToSelf

  GetSecurityInfo

  SetEntriesInAclW

  ConvertSidToStringSidW

  SetThreadToken

  RegQueryValueExA

  kernel32

  CreateFileW

  GetLastError

  CloseHandle

  GetFileSize

  GetModuleHandleW

  GetCurrentProcess

  GetVersionExW

  GetCurrentThread

  LoadLibraryW

  VirtualQuery

  TerminateProcess

  WaitForSingleObject

  GetSystemDirectoryW

  UnmapViewOfFile

  GetModuleHandleA

  FindFirstChangeNotificationW

  OpenProcess

  CreateEventW

  Sleep

  SetEvent

  FindCloseChangeNotification

  CreateThread

  HeapSetInformation

  GetCurrentProcessId

  FreeLibrary

  CreateFileMappingW

  MapViewOfFile

  GetTickCount

  WritePrivateProfileStringW

  SetLastError

  GetPrivateProfileIntW

  GetVersion

  ProcessIdToSessionId

  SetCurrentDirectoryW

  WTSGetActiveConsoleSessionId

  LoadLibraryExW

  VirtualFree

  VirtualAlloc

  SetFilePointer

  GetSystemInfo

  GetSystemTime

  MultiByteToWideChar

  WideCharToMultiByte

  HeapFree

  HeapSize

  HeapReAlloc

  HeapAlloc

  GetModuleHandleExW

  CreateProcessW

  lstrcmpiW

  DuplicateHandle

  GetExitCodeProcess

  SetEnvironmentVariableW

  SetInformationJobObject

  SetHandleInformation

  GetStdHandle

  AssignProcessToJobObject

  ResumeThread

  GetCommandLineW

  LocalFree

  GetNativeSystemInfo

  ExpandEnvironmentStringsW

  GetUserDefaultLangID

  QueryPerformanceFrequency

  SystemTimeToFileTime

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  WriteFile

  DeleteFileW

  ReadFile

  FormatMessageA

  QueryDosDeviceW

  InitializeCriticalSectionAndSpinCount

  RaiseException

  DecodePointer

  DeleteCriticalSection

  ReadProcessMemory

  EnterCriticalSection

  LeaveCriticalSection

  GetUserDefaultLCID

  FindFirstFileW

  FindFirstFileExW

  FindNextFileW

  FindClose

  GetFileAttributesW

  CreateDirectoryW

  GetLongPathNameW

  GetModuleFileNameW

  GetTempPathW

  SetFileAttributesW

  GetFileAttributesExW

  CopyFileW

  GetTempFileNameW

  CreateToolhelp32Snapshot

  Process32NextW

  Process32FirstW

  GetCurrentThreadId

  GetDiskFreeSpaceExW

  GlobalMemoryStatusEx

  GetFileSizeEx

  SetFileTime

  SetEndOfFile

  SetFilePointerEx

  FlushFileBuffers

  IsDebuggerPresent

  GetProcessTimes

  VirtualQueryEx

  InitializeCriticalSection

  WritePrivateProfileStructW

  GetProcessHeap

  DebugBreak

  SetUnhandledExceptionFilter

  RegisterWaitForSingleObject

  UnregisterWaitEx

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  DeviceIoControl

  TlsSetValue

  TlsAlloc

  TlsGetValue

  TlsFree

  RtlCaptureStackBackTrace

  lstrcmpA

  lstrcmpiA

  IsBadWritePtr

  SetWaitableTimer

  CreateWaitableTimerW

  WaitForMultipleObjects

  CancelWaitableTimer

  ResetEvent

  IsBadReadPtr

  TryEnterCriticalSection

  CompareStringW

  CreateRemoteThread

  GetLocaleInfoW

  SuspendThread

  GetThreadContext

  FlushInstructionCache

  SetThreadContext

  GetWindowsDirectoryW

  VirtualAllocEx

  GetQueuedCompletionStatus

  PostQueuedCompletionStatus

  TerminateJobObject

  CreateIoCompletionPort

  WriteProcessMemory

  VirtualProtectEx

  GetProcessHandleCount

  SignalObjectAndWait

  GetFileType

  VirtualFreeEx

  CreateJobObjectW

  CreateNamedPipeW

  CreateMutexW

  lstrlenW

  SearchPathW

  LoadLibraryExA

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  WriteConsoleW

  GetTimeZoneInformation

  EnumSystemLocalesW

  IsValidLocale

  RemoveDirectoryW

  VirtualProtect

  ReadConsoleW

  GetACP

  GetProcAddress

  GetEnvironmentVariableW

  GetCurrentDirectoryW

  FormatMessageW

  GetStringTypeW

  EncodePointer

  LCMapStringW

  GetCPInfo

  UnhandledExceptionFilter

  IsProcessorFeaturePresent

  GetStartupInfoW

  InitializeSListHead

  OutputDebugStringW

  LocalFileTimeToFileTime

  CreateFileA

  HeapLock

  ReleaseMutex

  HeapWalk

  HeapUnlock

  OpenThread

  RtlUnwind

  GetDriveTypeW

  GetConsoleCP

  GetConsoleMode

  ExitProcess

  GetFullPathNameW

  SetStdHandle

  ExitThread

  FreeLibraryAndExitThread

  psapi

  GetModuleInformation

  GetProcessImageFileNameW

  GetMappedFileNameW

  GetProcessMemoryInfo

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  netapi32

  Netbios

  Exports

  Exports

  GetHandleVerifier

  GetUploadedReportsImpl

  IsSandboxedProcess

  MakeIntigretyLevelLow

  SeSNKMB

  get_launch_failed

  Sections

  .text

  Size: 571KB - Virtual size: 571KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 175KB - Virtual size: 174KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 30KB - Virtual size: 57KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1024B - Virtual size: 972B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 25B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 226KB - Virtual size: 225KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ