Extracted

• nZUHcRav9ZMb38xbORpZwfcSyJYcoRNGQyALUnVr.zip

  .zip
• Ro-exec/Defender_Settings.vbs

  .vbs
• Ro-exec/READ ME (ro-exec).txt
• Ro-exec/dControl.ini
• Ro-exec/defcon.exe

  .exe windows:5 windows x86 arch:x86

  
  

  Code Sign

  69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40

  Certificate

  Issuer

  CN=Sordum Software

  Not Before

  11-09-2021 21:00

  Not After

  31-07-2030 21:00

  Subject

  CN=Sordum Software

  Extended Key Usages

  ExtKeyUsageCodeSigning

  1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  31-05-2021 06:43

  Not After

  17-09-2029 06:43

  Subject

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8

  Certificate

  Issuer

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  19-05-2021 05:42

  Not After

  18-05-2032 05:42

  Subject

  CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

  Signer

  Actual PE Digest

  13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 492KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 262KB - Virtual size: 264KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 57KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows:5 windows x86 arch:x86

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 514KB - Virtual size: 513KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 55KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 26KB - Virtual size: 105KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 56KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Ro-exec/ezdebug.png

  .png
• Ro-exec/loader.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 70KB - Virtual size: 69KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ