General

Malware Config

Signatures

Files

• PixInsight 1.8 - E3DDY.zip

  .zip
• PI-windows-x64-01.08.05.1353-20170809-t.exe

  .exe windows:5 windows x86 arch:x86

  eea8f1a5703b1f0584012e1cfa48e7f4

  
  

  Code Sign

  07:d6:6e:e2:f9:ce:a3:5e:91:58:00:49:fd:f6:6e:aa

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  26-11-2015 00:00

  Not After

  04-12-2018 12:00

  Subject

  SERIALNUMBER=B97989230,CN=Pleiades Astrophoto\, S.L.,O=Pleiades Astrophoto\, S.L.,POSTALCODE=46185,STREET=Calle Ribarroja 28,L=La Pobla de Vallbona,ST=Madrid,C=ES,1.3.6.1.4.1.311.60.2.1.3=#13024553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  04-01-2017 00:00

  Not After

  18-01-2028 00:00

  Subject

  CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  34:68:57:7e:3b:54:7c:14:d2:fc:ed:31:57:ae:51:2e:8c:dc:c2:e4:ef:ca:ce:ba:b6:b9:87:77:07:77:f7:e1

  Signer

  Actual PE Digest

  34:68:57:7e:3b:54:7c:14:d2:fc:ed:31:57:ae:51:2e:8c:dc:c2:e4:ef:ca:ce:ba:b6:b9:87:77:07:77:f7:e1

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Branch\win\Release\stubs\x86\ExternalUi.pdb

  Imports

  kernel32

  CreateFileW

  WriteFile

  CloseHandle

  DeleteCriticalSection

  GetLastError

  InitializeCriticalSectionAndSpinCount

  HeapDestroy

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  GetProcessHeap

  RaiseException

  SetEvent

  EnterCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  FindResourceExW

  lstrcpynW

  MulDiv

  WaitForSingleObject

  CreateThread

  GetProcAddress

  LoadLibraryExW

  DecodePointer

  GetCurrentThreadId

  Sleep

  GetDiskFreeSpaceExW

  SetLastError

  CreateEventW

  GetExitCodeThread

  GetCurrentProcessId

  CreateDirectoryW

  GetSystemDirectoryW

  FreeLibrary

  lstrlenW

  GetVersionExW

  lstrcmpiW

  GetModuleHandleW

  LoadLibraryW

  GetDriveTypeW

  CompareStringW

  InterlockedDecrement

  InterlockedIncrement

  GetModuleFileNameW

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  lstrcmpW

  GetTempPathW

  GetSystemTime

  SystemTimeToFileTime

  GetTempFileNameW

  DeleteFileW

  FindFirstFileW

  RemoveDirectoryW

  FindNextFileW

  GetLogicalDriveStringsW

  GetFileSize

  GetFileAttributesW

  SetFileAttributesW

  GetFileTime

  CopyFileW

  ReadFile

  FindClose

  MultiByteToWideChar

  WideCharToMultiByte

  InterlockedExchange

  GetCurrentProcess

  GetSystemInfo

  WaitForMultipleObjects

  VirtualProtect

  VirtualQuery

  LoadLibraryExA

  GetShortPathNameW

  GetStringTypeW

  SetUnhandledExceptionFilter

  FormatMessageW

  GetEnvironmentVariableW

  LocalFree

  LoadLibraryA

  GetModuleFileNameA

  GetCurrentThread

  GetFullPathNameW

  SetConsoleTextAttribute

  GetStdHandle

  GetConsoleScreenBufferInfo

  SetFilePointer

  FlushFileBuffers

  OutputDebugStringW

  CreateProcessW

  GetExitCodeProcess

  GetCommandLineW

  SetCurrentDirectoryW

  SetEndOfFile

  EnumResourceLanguagesW

  GetLocaleInfoW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetWindowsDirectoryW

  FileTimeToSystemTime

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  MoveFileW

  ResetEvent

  GlobalFree

  GetPrivateProfileStringW

  GetPrivateProfileSectionNamesW

  WritePrivateProfileStringW

  GetLocalTime

  CreateNamedPipeW

  ConnectNamedPipe

  TerminateThread

  LocalAlloc

  CompareFileTime

  CopyFileExW

  OpenEventW

  PeekNamedPipe

  EncodePointer

  InitializeSListHead

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  FlushInstructionCache

  IsProcessorFeaturePresent

  VirtualAlloc

  VirtualFree

  IsDebuggerPresent

  GetCPInfo

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  LCMapStringW

  WaitForSingleObjectEx

  UnhandledExceptionFilter

  TerminateProcess

  GetStartupInfoW

  QueryPerformanceCounter

  RtlUnwind

  QueryPerformanceFrequency

  GetACP

  ExitProcess

  GetModuleHandleExW

  GetFileType

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetConsoleCP

  GetConsoleMode

  IsValidCodePage

  GetOEMCP

  SetFilePointerEx

  FindFirstFileExW

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  WriteConsoleW

  ReadConsoleW

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 337KB - Virtual size: 337KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 21KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1024B - Virtual size: 1008B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 228KB - Virtual size: 227KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 84KB - Virtual size: 83KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• PixInsight 1.8.exe

  .exe windows:4 windows x64 arch:x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  D:\OneDrive\Universal E3ddy\Universal E3ddy\obj\Release\PixInsight 1.8.pdb

  Sections

  .text

  Size: 42.3MB - Virtual size: 42.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .sdata

  Size: 512B - Virtual size: 312B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 122KB - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• README.txt