Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
OpenRec.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
OpenRec.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
websocket-sharp.dll
Resource
win10v2004-20240226-en
Target
OpenRec_0.6.9.zip
Size
483KB
MD5
688dc5da859fbaae27d95ca4814b81f3
SHA1
d404d1cfd8227f07963b5602b3e37b4124deed22
SHA256
53d7b2885cb073e971572b2fd0c729f453ebbbb16d82d0c5a40260afe493dcf2
SHA512
00f953e8e86a828b5f09a16f57e350ac709275fcb4dfd7d513724fed87d60673fc2c1ac11a280eaf50869548ba0e712bb21bbba37ebebeabecd2e64a2b53b2e0
SSDEEP
6144:UaqH4MqrkrISUj8DfVXZTJAirx4DAV4v4cG/1F8fS+/9PXZOFF6rgOJoLrmJ8YD1:N+Eksh4Dfyi14DAPB/x+VPX7rWLrCZ
Checks for missing Authenticode signature.
Processes:
resource |
---|
unpack001/OpenRec.dll |
unpack001/OpenRec.exe |
unpack001/websocket-sharp.dll |
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
/_/Src/Newtonsoft.Json/obj/Release/netstandard2.0/Newtonsoft.Json.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\Users\jwhit\Documents\OpenRec\OpenRec\OpenRec\obj\Release\netcoreapp3.1\OpenRec.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\cli\apphost\Release\apphost.pdb
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
GetTempPathW
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
GetCurrentProcess
IsWow64Process
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
RtlUnwindEx
RaiseException
OutputDebugStringW
GetModuleHandleW
GetCurrentProcessId
Sleep
RemoveDirectoryW
DeleteCriticalSection
CreateDirectoryW
RtlPcToFileHeader
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetStringTypeW
MessageBoxW
ShellExecuteW
RegOpenKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW
_initialize_wide_environment
_set_app_type
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
terminate
_configure_wide_argv
exit
_exit
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
abort
_get_initial_wide_environment
_errno
_initterm
_initialize_onexit_table
_initterm_e
malloc
calloc
free
_callnewh
_set_new_mode
__setusermatherr
frexp
_wfopen
__stdio_common_vswprintf
fclose
fread
fseek
fwrite
__acrt_iob_func
_set_fmode
fputwc
fputws
__stdio_common_vfwprintf
fflush
__p__commode
__stdio_common_vsprintf_s
_wcsicmp
_wcsdup
_wcsnicmp
wcsncmp
strcspn
wcsnlen
memset
strcpy_s
_unlock_locales
__pctype_func
___lc_locale_name_func
___mb_cur_max_func
setlocale
_configthreadlocale
_lock_locales
localeconv
___lc_codepage_func
_wremove
_wrename
_wtoi
wcstoul
wcsftime
_gmtime64
_time64
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
C:\Users\colejelinek\Documents\GitHub\websocket-sharp\websocket-sharp\obj\Debug_Ubuntu\websocket-sharp.pdb
_CorDllMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ