General

Malware Config

Signatures

Files

• 8aa7d04339f3e0474f70ca4f790be5f6273e8ef66e0ff3620b21a48c0201f87f

  .zip

  Password: infected

• 52dd1ddf925baa01a172d0e420ec8833a10726ee7a7dcfc2a55f1e04f47c6a63.exe

  .exe windows:4 windows x86 arch:x86

  e2a592076b17ef8bfb48b7e03965a3fc

  
  

  Code Sign

  3f:ba:21:3a:94:4d:93:f8:67:a0:af:b8:c9:6f:16:c1:33:37:14:35

  Certificate

  Issuer

  CN=Forbigaaelsens,O=Forbigaaelsens,L=Bethel,ST=Pennsylvania,C=US,1.2.840.113549.1.9.1=#0c17416c676f6c73323230405068696c69737469616e2e4976

  Not Before

  01-07-2023 05:07

  Not After

  30-06-2026 05:07

  Subject

  CN=Forbigaaelsens,O=Forbigaaelsens,L=Bethel,ST=Pennsylvania,C=US,1.2.840.113549.1.9.1=#0c17416c676f6c73323230405068696c69737469616e2e4976

  cc:43:26:60:6d:60:bd:87:2d:94:97:2c:c4:87:e8:dc:b0:1d:04:5d:83:5c:a4:6f:a9:c8:7b:44:9f:1b:67:72

  Signer

  Actual PE Digest

  cc:43:26:60:6d:60:bd:87:2d:94:97:2c:c4:87:e8:dc:b0:1d:04:5d:83:5c:a4:6f:a9:c8:7b:44:9f:1b:67:72

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetCurrentDirectoryW

  GetFileAttributesW

  GetFullPathNameW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  MoveFileW

  SetFileAttributesW

  GetCurrentProcess

  ExitProcess

  SetEnvironmentVariableW

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  GetVersion

  SetErrorMode

  lstrlenW

  WaitForSingleObject

  CopyFileW

  CompareFileTime

  GlobalLock

  CreateThread

  GetLastError

  CreateDirectoryW

  CreateProcessW

  RemoveDirectoryW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  WriteFile

  lstrcpyA

  lstrcpyW

  MoveFileExW

  lstrcatW

  GetSystemDirectoryW

  GetProcAddress

  GetModuleHandleA

  GlobalFree

  GlobalAlloc

  GetShortPathNameW

  SearchPathW

  lstrcmpiW

  SetFileTime

  CloseHandle

  ExpandEnvironmentStringsW

  lstrcmpW

  GlobalUnlock

  lstrcpynW

  GetDiskFreeSpaceW

  GetExitCodeProcess

  FindFirstFileW

  FindNextFileW

  DeleteFileW

  SetFilePointer

  ReadFile

  FindClose

  MulDiv

  MultiByteToWideChar

  lstrlenA

  WideCharToMultiByte

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  FreeLibrary

  LoadLibraryExW

  GetModuleHandleW

  user32

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  EnableMenuItem

  SetWindowPos

  GetSysColor

  GetWindowLongW

  SetCursor

  LoadCursorW

  CheckDlgButton

  GetMessagePos

  LoadBitmapW

  CallWindowProcW

  IsWindowVisible

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  wsprintfW

  ScreenToClient

  GetWindowRect

  GetSystemMetrics

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharPrevW

  CharNextA

  wsprintfA

  DispatchMessageW

  PeekMessageW

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  EndDialog

  RegisterClassW

  SystemParametersInfoW

  CreateWindowExW

  GetClassInfoW

  DialogBoxParamW

  CharNextW

  ExitWindowsEx

  DestroyWindow

  LoadImageW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  ShowWindow

  GetDlgItem

  IsWindow

  SetWindowLongW

  FindWindowExW

  TrackPopupMenu

  AppendMenuW

  CreatePopupMenu

  DrawTextW

  EndPaint

  CreateDialogParamW

  SendMessageTimeoutW

  SetForegroundWindow

  gdi32

  SelectObject

  SetBkMode

  CreateFontIndirectW

  SetTextColor

  DeleteObject

  GetDeviceCaps

  CreateBrushIndirect

  SetBkColor

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  advapi32

  RegDeleteKeyW

  SetFileSecurityW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  RegOpenKeyExW

  RegEnumValueW

  RegDeleteValueW

  RegCloseKey

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumKeyW

  comctl32

  ImageList_AddMasked

  ord17

  ImageList_Destroy

  ImageList_Create

  ole32

  OleUninitialize

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  Sections

  .text

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 128KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 296KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 161KB - Virtual size: 160KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/System.dll

  .dll windows:4 windows x86 arch:x86

  fc0224e99e736751432961db63a41b76

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GetModuleHandleW

  GlobalFree

  GlobalSize

  lstrcpynW

  lstrcpyW

  GetProcAddress

  WideCharToMultiByte

  VirtualFree

  FreeLibrary

  lstrlenW

  LoadLibraryW

  GlobalAlloc

  MultiByteToWideChar

  VirtualAlloc

  VirtualProtect

  GetLastError

  user32

  wsprintfW

  ole32

  StringFromGUID2

  CLSIDFromString

  Exports

  Exports

  Alloc

  Call

  Copy

  Free

  Get

  Int64Op

  Store

  StrAlloc

  Sections

  .text

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 851B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 120B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 610B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsDialogs.dll

  .dll windows:4 windows x86 arch:x86

  e2ee55bddad4241d619d6a8a38e2d869

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GetFileAttributesW

  lstrcpyW

  MulDiv

  lstrlenW

  HeapFree

  GetCurrentDirectoryW

  lstrcmpiW

  GetProcessHeap

  HeapReAlloc

  GlobalFree

  lstrcpynW

  GlobalAlloc

  SetCurrentDirectoryW

  HeapAlloc

  user32

  DestroyWindow

  CallWindowProcW

  SetCursor

  LoadCursorW

  GetPropW

  CharPrevW

  DrawFocusRect

  GetWindowLongW

  DrawTextW

  GetClientRect

  GetDlgItem

  GetSysColor

  SetWindowLongW

  SetWindowPos

  CreateDialogParamW

  MapDialogRect

  GetWindowRect

  SetPropW

  CreateWindowExW

  IsWindow

  SetTimer

  KillTimer

  DispatchMessageW

  TranslateMessage

  GetMessageW

  IsDialogMessageW

  ShowWindow

  wsprintfW

  CharNextW

  SendMessageW

  MapWindowPoints

  RemovePropW

  GetWindowTextW

  gdi32

  SetTextColor

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  CommDlgExtendedError

  ole32

  CoTaskMemFree

  Exports

  Exports

  Create

  CreateControl

  CreateItem

  CreateTimer

  GetUserData

  KillTimer

  OnBack

  OnChange

  OnClick

  OnNotify

  SelectFileDialog

  SelectFolderDialog

  SetRTL

  SetUserData

  Show

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 152B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 630B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsExec.dll

  .dll windows:4 windows x86 arch:x86

  0b75f1007d3cc8e457970ae3e3fd53c3

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GetModuleHandleW

  MultiByteToWideChar

  lstrlenA

  GetExitCodeProcess

  WaitForSingleObject

  Sleep

  TerminateProcess

  GlobalReAlloc

  GlobalUnlock

  GlobalSize

  lstrcpynW

  ReadFile

  PeekNamedPipe

  GetTickCount

  CreateProcessW

  GetStartupInfoW

  CreatePipe

  GetProcAddress

  lstrcpyW

  DeleteFileW

  lstrcmpiW

  GetCurrentProcess

  lstrcatW

  CloseHandle

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  CreateFileW

  CopyFileW

  GetTempFileNameW

  GlobalFree

  GlobalAlloc

  GetModuleFileNameW

  ExitProcess

  GetCommandLineW

  GlobalLock

  GetVersion

  lstrlenW

  user32

  SendMessageW

  FindWindowExW

  CharNextW

  wsprintfW

  CharPrevW

  advapi32

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  Exports

  Exports

  Exec

  ExecToLog

  ExecToStack

  Sections

  .text

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 448B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Diskforbruget/Hjemgivelsers/Dydsprmier/Hldningskoefficienterne101/syntan.kon
• Diskforbruget/Hjemgivelsers/Dydsprmier/Hldningskoefficienterne101/tbrudsskader.pis
• Jukeboksenes/gr/Mouldwarp32.ant
• Lingvisterne.rid
• Loebes23.Uag
• Monotonises226.ami
• Proctodynia/forretter.txt
• Proctodynia/megapode.app