MDE_File_Sample_6d14f9cd71201806fcd0bb8d020da2867d403220[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_6d14f9cd71201806fcd0bb8d020da2867d403220.zip
Size

2.9MB
MD5

ce641be003f58f14a9db78817e013dd9
SHA1

784c6461d47b99bf79806837482c1b218d896b58
SHA256

420c503bfd79c49c2129fe7adc3e0f9b8a1cad601cf56f7ee9f54c0a8dd019be
SHA512

6232c69b4321ad958eaa4cc7ac4ceae99da7a25cfbef990818f4c92accd1e0853386f87812aa3a3fbd3988f684356fe7ee009b8f538bd74bcdc337aa116e1756
SSDEEP

49152:6wnrDzPVh6qo/by/DL1ycDs7w3UFzVCpPHqHOvog0whlCFABuoCyNPajWY1:DnrDzNQqo/bKts7w3UFzV0/GqHhlCFlD

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_6d14f9cd71201806fcd0bb8d020da2867d403220.zip
.zip

Password: infected
v1.6.10.zip
.zip

Password: infected
CHANGES
LICENSE
_default_inputrc
_default_settings
clink.bat
clink.html
.html .js polyglot
clink.ico
clink.lua
clink_arm64.exe
clink_blue.ico
clink_cyan.ico
clink_dll_arm64.dll
clink_dll_x64.dll
.dll windows:6 windows x64 arch:x64

Password: infected

c97f1ed771ac33c7972bfc8d9efe36ef

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:e3:26:73:26:59:41:91:0e:66:67:8f:9c:ac:63:23:fd:65:d6:88:54:76:db:65:50:7b:8f:36:2e:c7:29:09
Signer

Actual PE Digest

e4:e3:26:73:26:59:41:91:0e:66:67:8f:9c:ac:63:23:fd:65:d6:88:54:76:db:65:50:7b:8f:36:2e:c7:29:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_dll_x64.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoW

shlwapi

AssocQueryStringW

dbghelp

MiniDumpWriteDump

kernel32

GetACP
FindFirstFileW
FindClose
CompareFileTime
CreateFileW
WriteFile
GetTickCount
Module32First
Module32Next
GetLocalTime
OpenProcess
LoadLibraryA
GetModuleFileNameW
GetProcAddress
SetEnvironmentVariableW
SetConsoleMode
GetModuleFileNameA
GetFileSize
ReadFile
GetVersionExA
GetCurrentThreadId
GetModuleHandleA
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ReadConsoleOutputA
SetEnvironmentStringsW
ReadConsoleW
GetEnvironmentVariableW
SetConsoleTitleW
FormatMessageW
GetCurrentThread
GetCurrentProcess
GetFileType
GetProcessId
LockFileEx
UnlockFileEx
SetFilePointer
SetEndOfFile
NeedCurrentDirectoryForExePathW
CreateEventA
SetEvent
ResetEvent
VirtualAlloc
VirtualFree
GetConsoleAliasW
AddConsoleAliasW
MultiByteToWideChar
SetConsoleCtrlHandler
GetConsoleOutputCP
CompareStringW
GetCurrentDirectoryW
GetConsoleWindow
GetFileAttributesW
QueryPerformanceFrequency
QueryPerformanceCounter
SetCurrentDirectoryW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
CopyFileW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeProcess
CreateProcessW
DuplicateHandle
FindNextFileW
GetSystemTime
SystemTimeToFileTime
LCMapStringW
GetUserDefaultLCID
GetDateFormatW
GetLocaleInfoW
ReadConsoleOutputCharacterW
CreateMutexA
ReleaseMutex
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetSystemPowerStatus
OutputDebugStringA
GetUserDefaultLangID
GetSystemDefaultLangID
SetFilePointerEx
GetConsoleTitleW
SetLastError
CreatePipe
SetHandleInformation
CreateJobObjectA
SetInformationJobObject
CreateProcessA
AssignProcessToJobObject
GetSystemInfo
ResumeThread
ReadProcessMemory
IsWow64Process
Thread32First
OpenThread
SuspendThread
Thread32Next
CreateRemoteThread
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
Module32FirstW
WriteProcessMemory
FlushInstructionCache
GetConsoleCursorInfo
SetConsoleCursorInfo
WaitForMultipleObjects
GetCurrentConsoleFontEx
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
ScrollConsoleScreenBufferA
ReadConsoleOutputAttribute
VirtualProtect
VirtualQuery
LoadLibraryExA
GetModuleHandleW
FreeLibrary
LoadLibraryExW
FormatMessageA
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
CreateToolhelp32Snapshot
GetStartupInfoW
IsProcessorFeaturePresent
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
GetCommandLineA
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileTime
TzSpecificLocalTimeToSystemTime
FindFirstFileExW
HeapAlloc
HeapFree
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
MoveFileExW
IsValidCodePage
GetOEMCP
GetProcessHeap
HeapSize
GetCurrentProcessId
WriteConsoleW
GetConsoleMode
Sleep
ReadConsoleInputW
TerminateThread
SetConsoleScreenBufferSize
SetConsoleWindowInfo
Module32NextW
SetStdHandle
SetConsoleActiveScreenBuffer
SetConsoleCursorPosition
CreateConsoleScreenBuffer
WriteConsoleInputA
WaitForSingleObject
CreateThread
CloseHandle
GetNativeSystemInfo
GetLastError
GetStdHandle
GetConsoleScreenBufferInfo
LocalFree
WideCharToMultiByte
GetCommandLineW
VirtualProtectEx
UnhandledExceptionFilter

user32

ReleaseDC
GetWindowRect
DrawFrameControl
DrawFocusRect
FillRect
SetWindowLongA
OffsetRect
DrawTextW
PostMessageA
SetWindowLongPtrA
GetWindowLongPtrA
GetKeyState
MapVirtualKeyW
GetKeyNameTextW
IsWindowVisible
GetWindowLongW
GetCursorPos
MessageBeep
SetWindowPos
GetDC
GetSysColorBrush
DrawTextA
GetDlgCtrlID
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
PostQuitMessage
GetMessageW
FlashWindowEx
ShowWindow
LockSetForegroundWindow
CreateDialogIndirectParamW
AllowSetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SendMessageA
GetDoubleClickTime
CharLowerW
GetKeyboardLayoutNameW
GetKeyboardLayout
CreateWindowExA
InflateRect
GetClientRect
SetWindowTextA
GetSysColor
SystemParametersInfoA

gdi32

GetCharWidth32W
DeleteDC
GetObjectW
CreateCompatibleDC
SaveDC
CreateFontIndirectW
GetTextMetricsW
GetCharABCWidthsW
SetBkMode
GetTextMetricsA
SelectObject
CreateFontIndirectA
SetBkColor
GetTextExtentPoint32W
RestoreDC
DeleteObject
SetTextColor

advapi32

GetTokenInformation
OpenThreadToken
RegGetValueA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteA
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize

Exports

Exports

?loader_main_thunk@@YAHXZ

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clink_dll_x86.dll
.dll windows:6 windows x86 arch:x86

Password: infected

a1dff0c582ac2dfcb14b7a17fbf413b7

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:ee:19:e0:cb:2a:91:2e:28:f5:f8:22:18:37:51:3e:40:e0:8c:51:59:de:f3:6b:a4:58:cc:39:14:cc:82:96
Signer

Actual PE Digest

ea:ee:19:e0:cb:2a:91:2e:28:f5:f8:22:18:37:51:3e:40:e0:8c:51:59:de:f3:6b:a4:58:cc:39:14:cc:82:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_dll_x86.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoW

shlwapi

AssocQueryStringW

dbghelp

MiniDumpWriteDump

kernel32

GetACP
FindFirstFileW
FindClose
CompareFileTime
CreateFileW
WriteFile
GetTickCount
Module32First
Module32Next
GetLocalTime
OpenProcess
LoadLibraryA
GetModuleFileNameW
GetProcAddress
SetEnvironmentVariableW
SetConsoleMode
GetModuleFileNameA
GetFileSize
ReadFile
GetVersionExA
GetCurrentThreadId
GetModuleHandleA
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ReadConsoleOutputA
SetEnvironmentStringsW
ReadConsoleW
GetEnvironmentVariableW
SetConsoleTitleW
FormatMessageW
GetCurrentThread
GetCurrentProcess
GetFileType
GetProcessId
LockFileEx
UnlockFileEx
SetFilePointer
SetEndOfFile
NeedCurrentDirectoryForExePathW
CreateEventA
SetEvent
ResetEvent
VirtualAlloc
VirtualFree
GetConsoleAliasW
AddConsoleAliasW
MultiByteToWideChar
SetConsoleCtrlHandler
GetConsoleOutputCP
CompareStringW
GetCurrentDirectoryW
GetConsoleWindow
GetFileAttributesW
QueryPerformanceFrequency
QueryPerformanceCounter
SetCurrentDirectoryW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
CopyFileW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeProcess
CreateProcessW
DuplicateHandle
FindNextFileW
GetSystemTime
SystemTimeToFileTime
LCMapStringW
GetUserDefaultLCID
GetDateFormatW
GetLocaleInfoW
ReadConsoleOutputCharacterW
CreateMutexA
ReleaseMutex
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetSystemPowerStatus
OutputDebugStringA
GetUserDefaultLangID
GetSystemDefaultLangID
SetFilePointerEx
GetConsoleTitleW
SetLastError
CreatePipe
SetHandleInformation
CreateJobObjectA
SetInformationJobObject
CreateProcessA
AssignProcessToJobObject
GetSystemInfo
ResumeThread
ReadProcessMemory
IsWow64Process
Thread32First
OpenThread
SuspendThread
Thread32Next
CreateRemoteThread
VirtualQueryEx
Module32FirstW
VirtualFreeEx
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
GetConsoleCursorInfo
SetConsoleCursorInfo
WaitForMultipleObjects
GetCurrentConsoleFontEx
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
ScrollConsoleScreenBufferA
ReadConsoleOutputAttribute
VirtualProtect
VirtualQuery
LoadLibraryExA
GetModuleHandleW
FreeLibrary
LoadLibraryExW
FormatMessageA
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
CreateToolhelp32Snapshot
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
RtlUnwind
InterlockedFlushSList
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileTime
TzSpecificLocalTimeToSystemTime
FindFirstFileExW
HeapAlloc
HeapFree
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
MoveFileExW
IsValidCodePage
GetOEMCP
GetProcessHeap
HeapSize
GetCurrentProcessId
WriteConsoleW
GetConsoleMode
Sleep
ReadConsoleInputW
TerminateThread
SetConsoleScreenBufferSize
SetConsoleWindowInfo
Module32NextW
SetStdHandle
SetConsoleActiveScreenBuffer
SetConsoleCursorPosition
CreateConsoleScreenBuffer
WriteConsoleInputA
WaitForSingleObject
CreateThread
CloseHandle
GetNativeSystemInfo
GetLastError
GetStdHandle
GetConsoleScreenBufferInfo
LocalFree
WideCharToMultiByte
GetCommandLineW
VirtualAllocEx
UnhandledExceptionFilter

user32

ReleaseDC
GetWindowRect
DrawFrameControl
DrawFocusRect
FillRect
SetWindowLongA
OffsetRect
DrawTextW
PostMessageA
GetWindowLongA
GetKeyState
MapVirtualKeyW
GetKeyNameTextW
IsWindowVisible
GetWindowLongW
GetCursorPos
MessageBeep
SetWindowPos
GetDC
GetSysColorBrush
DrawTextA
GetDlgCtrlID
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
PostQuitMessage
GetMessageW
FlashWindowEx
ShowWindow
LockSetForegroundWindow
CreateDialogIndirectParamW
AllowSetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SendMessageA
GetDoubleClickTime
CharLowerW
GetKeyboardLayoutNameW
GetKeyboardLayout
CreateWindowExA
InflateRect
GetClientRect
SetWindowTextA
GetSysColor
SystemParametersInfoA

gdi32

GetCharWidth32W
DeleteDC
GetObjectW
CreateCompatibleDC
SaveDC
CreateFontIndirectW
GetTextMetricsW
GetCharABCWidthsW
SetBkMode
GetTextMetricsA
SelectObject
CreateFontIndirectA
SetBkColor
GetTextExtentPoint32W
RestoreDC
DeleteObject
SetTextColor

advapi32

GetTokenInformation
OpenThreadToken
RegGetValueA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteA
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize

Exports

Exports

?loader_main_thunk@@YAHXZ

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clink_gold.ico
clink_gray.ico
clink_green.ico
clink_orange.ico
clink_purple.ico
clink_red.ico
clink_x64.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ffc0b8895345215a5789ac6b9d315849

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:6a:c2:0b:45:a7:57:c9:dc:9f:66:37:54:00:52:fb:0f:dc:25:d5:52:c5:fa:45:1c:23:25:12:6e:6d:30:5c
Signer

Actual PE Digest

13:6a:c2:0b:45:a7:57:c9:dc:9f:66:37:54:00:52:fb:0f:dc:25:d5:52:c5:fa:45:1c:23:25:12:6e:6d:30:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_x64.pdb

Imports

kernel32

GetStdHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
LocalAlloc
ReadConsoleW
WriteConsoleW
ExitProcess

clink_dll_x64

?loader_main_thunk@@YAHXZ

Exports

Exports

testbed_hook_loop

Sections

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
clink_x86.exe
.exe windows:6 windows x86 arch:x86

Password: infected

b52399ede42d668e12bc7284d727e1ec

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

26/06/2023, 10:27

Not After

25/06/2024, 10:27

Subject

CN=Open Source Developer\, Christopher Antos,O=Open Source Developer,L=Issaquah,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c1873706172726f776861776b39393640676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:75:9c:ad:08:0e:8a:d8:0b:d7:9a:9e:e3:e9:75:eb:4c:82:33:19:2d:37:10:c0:45:6b:4a:3c:d1:3d:9e:bf
Signer

Actual PE Digest

c7:75:9c:ad:08:0e:8a:d8:0b:d7:9a:9e:e3:e9:75:eb:4c:82:33:19:2d:37:10:c0:45:6b:4a:3c:d1:3d:9e:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\repos\clink\.build\release\~working\.build\vs2019\bin\final\clink_x86.pdb

Imports

kernel32

GetStdHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
LocalAlloc
ReadConsoleW
WriteConsoleW
ExitProcess

clink_dll_x86

?loader_main_thunk@@YAHXZ

Exports

Exports

_testbed_hook_loop@0

Sections

.text
Size: 512B - Virtual size: 281B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

c97f1ed771ac33c7972bfc8d9efe36ef

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

e4:e3:26:73:26:59:41:91:0e:66:67:8f:9c:ac:63:23:fd:65:d6:88:54:76:db:65:50:7b:8f:36:2e:c7:29:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shlwapi

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 510KB - Virtual size: 509KB

.data Size: 32KB - Virtual size: 89KB

.pdata Size: 70KB - Virtual size: 70KB

_RDATA Size: 512B - Virtual size: 252B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

Password: infected

a1dff0c582ac2dfcb14b7a17fbf413b7

Code Sign

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

ea:ee:19:e0:cb:2a:91:2e:28:f5:f8:22:18:37:51:3e:40:e0:8c:51:59:de:f3:6b:a4:58:cc:39:14:cc:82:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shlwapi

dbghelp

kernel32

user32

gdi32

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

e4:e3:26:73:26:59:41:91:0e:66:67:8f:9c:ac:63:23:fd:65:d6:88:54:76:db:65:50:7b:8f:36:2e:c7:29:09
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 510KB - Virtual size: 509KB

.data
Size: 32KB - Virtual size: 89KB

.pdata
Size: 70KB - Virtual size: 70KB

_RDATA
Size: 512B - Virtual size: 252B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

ea:ee:19:e0:cb:2a:91:2e:28:f5:f8:22:18:37:51:3e:40:e0:8c:51:59:de:f3:6b:a4:58:cc:39:14:cc:82:96
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 395KB - Virtual size: 394KB

.data
Size: 19KB - Virtual size: 67KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 61KB - Virtual size: 60KB

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

13:6a:c2:0b:45:a7:57:c9:dc:9f:66:37:54:00:52:fb:0f:dc:25:d5:52:c5:fa:45:1c:23:25:12:6e:6d:30:5c
Signer

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 2KB - Virtual size: 2KB

63:64:a9:f2:31:22:e8:91:af:59:83:65:ee:9f:ab:47
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

c7:75:9c:ad:08:0e:8a:d8:0b:d7:9a:9e:e3:e9:75:eb:4c:82:33:19:2d:37:10:c0:45:6b:4a:3c:d1:3d:9e:bf
Signer