17541178989[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

17541178989.zip
Size

7.4MB
MD5

b4398714fb1d346cc679d102787a5c53
SHA1

8c54de012ecddac388d2425961c2f2546c776975
SHA256

55a35e274170365cb002d6fb694f02fe5b69311aa610b4979166e48057c12191
SHA512

7d4ab8ee326a3194ef407579df35538f0392a856eb0e25c70014f28f2c7d17c9f48af3bd7d1b087b87bf66742c1278bf1374bc2b3d6a0d6be1a52c9df298cf99
SSDEEP

196608:fE/SXiVnsgof1qg9CVpXNfPi+OyF34YXoCKv5Ou7264kLM:fCSSV4tIr0DvvCKxOfx

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack003/red.exe
unpack005/CFDI8320e9890-a437239bd3233-b454ac564f37713533/CFDI8320e9890-a437239bd3233-b454ac564f37713533.dll
unpack008/jli.dll

Files

17541178989.zip
.zip

Password: infected
0f8de2a116f590ace3a818302d2531af9f3c972816638c92773048c640807acc
.iso
out.iso
.iso
Reader.lnk
.lnk
red.exe
.exe windows:5 windows x86 arch:x86

29525f792856afcbe668712dc050a52b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
LoadLibraryA
CloseHandle
GetNativeSystemInfo
CreateThread
SetVolumeMountPointW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
GetVolumePathNamesForVolumeNameW
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
CreateEventA
FindNextVolumeW
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
GetDriveTypeW
GetComputerNameA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
QueryDosDeviceW
GetFinalPathNameByHandleW
K32GetModuleFileNameExW
DuplicateHandle
CreateEventW
GetWindowsDirectoryW
FindVolumeClose
GetFileType
GetTickCount64
GetCurrentThread
GetSystemTimeAsFileTime
ReadFile
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
GetSystemInfo
GlobalMemoryStatusEx
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetDiskFreeSpaceExW
SetEvent
GetLastError
Sleep
MultiByteToWideChar
PostQueuedCompletionStatus
GetLocaleInfoA
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetQueuedCompletionStatus
SetErrorMode
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
lstrlenW
GetModuleFileNameW
GetUserDefaultLangID
WriteFile
GetCurrentProcess
FindNextFileW
GetCommandLineW
EnterCriticalSection
FindFirstVolumeW
FindFirstFileExW
GetLogicalDrives
MoveFileW
OutputDebugStringW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapAlloc
QueryPerformanceCounter
lstrcatW
HeapFree
HeapReAlloc
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwind
RaiseException
WriteConsoleW

user32

DefWindowProcW
GetCursorPos
CreateWindowExW
RegisterClassW
MessageBoxW

advapi32

AdjustTokenPrivileges
CryptReleaseContext
OpenThreadToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
ControlService
EnumDependentServicesW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
EnumServicesStatusW
QueryServiceStatusEx
LookupPrivilegeValueW
CreateServiceW
RegCloseKey
CryptAcquireContextW
CloseServiceHandle
RegQueryValueExA
CryptGenRandom
OpenSCManagerW
RegSetValueExW
OpenProcessToken
StartServiceW
RegOpenKeyExA
RegOpenKeyExW
GetTokenInformation

shell32

CommandLineToArgvW
ShellExecuteW

bcrypt

BCryptGenRandom

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

wnsprintfA
StrCmpNIW
StrCmpNW
StrStrIW
PathFileExistsW
SHDeleteKeyW
UrlUnescapeA
UrlEscapeA
wnsprintfW

iphlpapi

GetIpNetTable

ws2_32

inet_ntoa

wininet

InternetQueryOptionW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
HttpSendRequestW
InternetCrackUrlW
InternetReadFile
InternetQueryDataAvailable

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3e5b7ad3e91d565bb8a53fbec96c9f8dcb6d4c7664452841dc39000aefa5ad8d
.iso
out.iso
.iso
CFDI8320e9890-a437239bd3233-b454ac564f37713533.pdf.lnk
.lnk
CFDI8320e9890-a437239bd3233-b454ac564f37713533/CFDI8320e9890-a437239bd3233-b454ac564f37713533.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

;x|
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI8320e9890-a437239bd3233-b454ac564f37713533/CFDI8320e9890-a437239bd3233-b454ac564f37713533.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12B4-2D5F-87D4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:08

Not After

26-07-2019 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

Actual PE Digest

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb

Digest Algorithm

sha256

PE Digest Matches

true

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

Actual PE Digest

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CFDI8320e9890-a437239bd3233-b454ac564f37713533/CFDI8320e9890-a437239bd3233-b454ac564f37713533.exe.config
.xml
CFDI8320e9890-a437239bd3233-b454ac564f37713533/CFDI8320e9890-a437239bd3233-b454ac564f37713533.pdf
.pdf
- http://rosys.com.mx
898d57eaf64673a18e958c983036392540b02f3b903d979d60090a767062f859
.iso
out.iso
.iso
Vesak.lnk
.lnk
Vesak.pdf
.pdf
java-rmi.exe
.exe windows:6 windows x64 arch:x64

f53274be29838ade881227180f507b96

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:7b:e5:fc:f8:a4:b4:c9:df:9a:6f:38:58:f8:a2:ab:4d:85:41:06:02:da:9c:67:4e:bb:cb:54:08:80:84:fa
Signer

Actual PE Digest

11:7b:e5:fc:f8:a4:b4:c9:df:9a:6f:38:58:f8:a2:ab:4d:85:41:06:02:da:9c:67:4e:bb:cb:54:08:80:84:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\8-2-build-windows-x64-cygwin-sans-NAS\jdk8u391\514\build\windows-x64\jdk\objs\java-rmi_objs\java-rmi.pdb

Imports

jli

JLI_GetStdArgc
JLI_CmdToArgs
JLI_Launch
JLI_MemAlloc
JLI_GetStdArgs

kernel32

RtlCaptureContext
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlVirtualUnwind
RtlLookupFunctionEntry
GetModuleHandleW

vcruntime140

memset
__current_exception_context
__C_specific_handler
__current_exception
memcpy

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

__p___argv
_crt_atexit
_seh_filter_exe
_set_app_type
__p___argc
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jli.dll
.dll windows:6 windows x64 arch:x64

ac376a74d92692595d3c32fde7150034

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

ShowWindow

Exports

Exports

JLI_CmdToArgs
JLI_GetStdArgc
JLI_GetStdArgs
JLI_Launch
JLI_MemAlloc

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 863KB - Virtual size: 867KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8e62ab99c72f89f7d2b4a1e40ef1a9ee729f2ab171ce675b643e77c36e477f0e
.iso
90765a1bd6fa8712ea1414b737c4fed172f129993203e3504b4c55db27dc0aac
.iso
b86667e9bfbaf6580110d41c52ff14aa6286932d2002bdfb2662a7ae3e247e88
.iso
bb7e53eed72e41a99c2245e2f108c982f0bad939b707d917ba19db74682102d6
.iso
d6629a9b618ede05e9e75a2cebfb69bc7b1a34fe00a42ff60d88828a307c0d08
.iso

Sharing

General

Malware Config

Signatures

Files

Password: infected

29525f792856afcbe668712dc050a52b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

bcrypt

netapi32

shlwapi

iphlpapi

ws2_32

wininet

Sections

.text Size: 267KB - Virtual size: 266KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 6KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 13KB - Virtual size: 13KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

;x| Size: 478KB - Virtual size: 477KB

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 814B

Size: 512B - Virtual size: 144B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bcCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bbSigner

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 223KB - Virtual size: 222KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

f53274be29838ade881227180f507b96

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

.text
Size: 267KB - Virtual size: 266KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 6KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 13KB - Virtual size: 13KB

;x|
Size: 478KB - Virtual size: 477KB

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 814B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:bc:0b:2e:1a:7b:8a:b1:c7:91:00:00:00:00:00:bc
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

85:38:16:c6:79:c2:31:7a:50:f1:a5:92:3a:ff:f9:f8:18:ac:09:89:c6:b4:03:0b:8f:ce:c4:36:12:dc:56:bb
Signer

09:8e:ff:57:d0:d7:dd:ca:b8:47:05:14:67:27:5f:a4:f8:8e:45:ce
Signer

.text
Size: 223KB - Virtual size: 222KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

11:7b:e5:fc:f8:a4:b4:c9:df:9a:6f:38:58:f8:a2:ab:4d:85:41:06:02:da:9c:67:4e:bb:cb:54:08:80:84:fa
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 232B

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 56B

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 863KB - Virtual size: 867KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 3KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 218KB - Virtual size: 218KB