agenttesla | aa513eb219b94e91924ea001aa94250477792f505f9fe24ef18e2352320e9bdd

Sharing

Copy URL Twitter E-mail

Reason

office: non-rc4 encrypted document not supported

Reason

office: non-rc4 encrypted document not supported

Reason

office: non-rc4 encrypted document not supported

General

Target

aa513eb219b94e91924ea001aa94250477792f505f9fe24ef18e2352320e9bdd
Size

10.9MB
MD5

751c30f46dd960bc9ff88fafce337a56
SHA1

4ad28d2a5ea26de9637ff54a5f7a454faacc9984
SHA256

aa513eb219b94e91924ea001aa94250477792f505f9fe24ef18e2352320e9bdd
SHA512

05422a97e126b536ec50775c86a574efa5c4f2f070bd48634846cfa897fc96d1cfb2b25179a0b164d66279572ca60bcf6858af3bee0bd4227f29d62a5f4139d0
SSDEEP

196608:S9YBd3mixVEoxX8gLdvgNTTSaO3DwU2kp5JjN67YISrnPkJGRojAVCo5PEDf:uY73mSQgxQN7U/p5z67ps3lv5Pof

Score

10^/10

sora upx agenttesla mirai

Malware Config

Extracted

Family

agenttesla

https://api.telegram.org/bot6570006455:AAFCghQPj4tY9k8tF4ahsDcV52ZU-i5TnG0/

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Signatures

Agenttesla family
agenttesla
Mirai family
mirai

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/73509c1b558d425ef6cddc8782eab81424b7659bca65aa9b374ac8e77c0f97d8.elf	upx
static1/unpack001/bbd2029a9e857bc11908908924afe736c98bace171abe0a70953d625d0702679.elf	upx
static1/unpack001/c25d05f03dc41af923f97e2849e74a1ed851a4089366d3bdf21e52350cddf519.elf	upx
static1/unpack001/e1d23ffb2da528db228e4198e98b65997d43d761fafc5074d22887548813c336.elf	upx
static1/unpack001/e257d0b2a8d6fa8dab677cc0e0c426016f25c905a18ce1bb1db045bce5d5c480.elf	upx
static1/unpack001/ee0961714435d961e68dc470f1a618941190e63e969022984e3149b263b38c93.elf	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10da9edb338bab3ff8e7102e2a7cabdce67005ac8635ac42383cca30a7b9458a.exe
unpack001/1ab3ec9401912cfc5ff446a0e2ce4e2510799d014e573f6d75cd32f6367818ab.exe
unpack001/3728c8a6317343917bec149dfc9595aee41b0134c67b7dec826b8cb64c335258.exe
unpack001/5f811c57872e95387829dbd3addf6e27bbf3bcbcc388354ea19d41ed1b5bd8de.exe
unpack001/960a287cacdeeb38a29b06b0a73f6f150be8064fd414b9e050eed13c03cbe917.exe
unpack006/$PLUGINSDIR/System.dll
unpack001/f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/144f9703da32715ba152a1aa7a621ac05caae239ab2e833a77f6f2f122949a1a.exe	nsis_installer_1
static1/unpack001/144f9703da32715ba152a1aa7a621ac05caae239ab2e833a77f6f2f122949a1a.exe	nsis_installer_2
static1/unpack001/960a287cacdeeb38a29b06b0a73f6f150be8064fd414b9e050eed13c03cbe917.exe	nsis_installer_1
static1/unpack001/960a287cacdeeb38a29b06b0a73f6f150be8064fd414b9e050eed13c03cbe917.exe	nsis_installer_2

Files

aa513eb219b94e91924ea001aa94250477792f505f9fe24ef18e2352320e9bdd
.zip

Password: infected
0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8.js
.js
10da9edb338bab3ff8e7102e2a7cabdce67005ac8635ac42383cca30a7b9458a.exe
.exe windows:6 windows x64 arch:x64

8f0b011d57f560864c19d21985cc2bcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
EventWrite
EventRegister
EventEnabled
AdjustTokenPrivileges
LookupPrivilegeValueW

bcrypt

BCryptDecrypt
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptGenRandom
BCryptEncrypt

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
CloseThreadpoolIo
SetLastError
SetThreadErrorMode
GetLastError
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryExW
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
InitializeCriticalSection
InitializeConditionVariable
WaitForMultipleObjectsEx
GetFileAttributesExW
GetVolumeInformationW
ReplaceFileW
GetFullPathNameW
GetLongPathNameW
WideCharToMultiByte
GetCPInfo
LocalAlloc
GetConsoleOutputCP
WriteFile
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CopyFileExW
CreateDirectoryW
CreateFileW
DeleteFileW
DeleteVolumeMountPointW
CreateSymbolicLinkW
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileExW
FreeLibrary
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetLogicalDrives
GetOverlappedResult
MoveFileExW
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFileInformationByHandle
DuplicateHandle
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
CloseHandle
SetEvent
CreateEventExW
FormatMessageW
CreateProcessA
GetConsoleWindow
LoadLibraryA
FreeConsole
AllocConsole
ResumeThread
ExitProcess
GetCurrentProcessId
FlushProcessWriteBuffers
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
CreateThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetEnvironmentVariableW
ResetEvent
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateGuid
CoWaitForMultipleHandles
CoGetApartmentType

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

modf
pow
ceil
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
strcpy_s
strcmp

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
_seh_filter_exe
_set_app_type
abort
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
144f9703da32715ba152a1aa7a621ac05caae239ab2e833a77f6f2f122949a1a.exe
.exe windows:4 windows x86 arch:x86

ea4e67a31ace1a72683a99b80cf37830

Code Sign

20:c0:c0:35:95:97:22:5f:62:d7:ba:0c:e5:1d:20:6d:dd:b3:b2:e7
Certificate

Issuer

CN=Vrvlehistoriernes,OU=Yawps Gaskromatografiske\ ,O=Vrvlehistoriernes,L=Cruzy-le-Châtel,ST=Bourgogne-Franche-Comté,C=FR,1.2.840.113549.1.9.1=#0c1c466169746862726561636831383740466f72746e64696e672e43616c

Not Before

19/12/2023, 02:03

Not After

18/12/2026, 02:03

Subject

CN=Vrvlehistoriernes,OU=Yawps Gaskromatografiske\ ,O=Vrvlehistoriernes,L=Cruzy-le-Châtel,ST=Bourgogne-Franche-Comté,C=FR,1.2.840.113549.1.9.1=#0c1c466169746862726561636831383740466f72746e64696e672e43616c

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:5f:c1:5a:4e:04:11:90:d5:df:9b:e4:30:5d:66:e3:ee:52:c1:e3:cd:f5:75:73:c6:ae:9e:78:0f:3e:28:be
Signer

Actual PE Digest

ba:5f:c1:5a:4e:04:11:90:d5:df:9b:e4:30:5d:66:e3:ee:52:c1:e3:cd:f5:75:73:c6:ae:9e:78:0f:3e:28:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
GetTempFileNameA
RemoveDirectoryA
WriteFile
CreateDirectoryA
GetLastError
CreateProcessA
GlobalLock
GlobalUnlock
CreateThread
lstrcpynA
SetErrorMode
GetDiskFreeSpaceA
lstrlenA
GetCommandLineA
GetVersion
GetWindowsDirectoryA
SetEnvironmentVariableA
GetTempPathA
CopyFileA
GetCurrentProcess
ExitProcess
GetModuleFileNameA
GetFileSize
ReadFile
GetTickCount
Sleep
CreateFileA
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Centauress/Reinferring.sce
Eksperimenterende/Judits.dru
Eksperimenterende/Maalekassen.bra
Eksperimenterende/catery.und
Eksperimenterende/iberic.gen
Eksperimenterende/metroscirrhus.arc
Eksperimenterende/nonsympathisers.mod
Eksperimenterende/scrotocele.ele
Eksperimenterende/sylespidse.pre
Eksperimenterende/ungdomsbilleder.til
Eksperimenterende/ungyve.pan
Eksperimenterende/unwhistled.enc
Eksperimenterende/usolidest.txt
Refunderes.For46
1ab3ec9401912cfc5ff446a0e2ce4e2510799d014e573f6d75cd32f6367818ab.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1f4c382dee3a98bd6b3bbbf875f7c49d2127a8cea7e1e2feff2d20ff27dd4799.vbs
.vbs
3728c8a6317343917bec149dfc9595aee41b0134c67b7dec826b8cb64c335258.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
37add2beff07df8c4ddede7a113df8e88d66f8ebf58ec8ffac558ee5470da019.ps1
.ps1
38548c1514f116627aee038db39c9639b6e8785f8aca2b6bad6c271f6edb2148.js
.js
3b63992623c8bef3b4fc4b470a0a2d768972b1cbd3cf36c932f5e900715860c5.zip
.zip
wells_fargo_statement.lnk
.lnk
3b672a1db47d46f3a8d50d569b684697b7cb0e076050cac81f2bcdb36b3a72cd.lnk
.lnk
516d1244b7015790f642294f22af0cdb7f5f15dd78a66be05132c199f99c0c26.elf
.elf linux
5913da48fc0d4ebca6645a34254cb3a8a594841cd0b31b4e728b329b3a165498.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa
Signer

Actual PE Digest

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa

Digest Algorithm

sha256

PE Digest Matches

false

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3
Signer

Actual PE Digest

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 750KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5f811c57872e95387829dbd3addf6e27bbf3bcbcc388354ea19d41ed1b5bd8de.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 672KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5fd0b822ad94a9e187de405ff667ad2316117ffb3cd8acee566c4f5224eb326b.doc
.rtf .doc
625b751ea587200e24930d0c7520f417a2f35a378b4ab1cd8499d086ba3178dc.vbs
.vbs
64995ce4492b8b088995a2bc636f2b55c329c052033a3ead6f763cbc04db27f8.zip
.zip
SOA MAY.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa
Signer

Actual PE Digest

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa

Digest Algorithm

sha256

PE Digest Matches

false

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3
Signer

Actual PE Digest

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 750KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6544160c09533bf974617c885e02e9adb7fda0493b99075246dc7a133d465181.xlsx
.xlam .xlsx office2007
65b6444b68899b31fc234e57dd0d5de5b285cb8dfe4168ba0f503e4dd8935327.bat
.bat .js
688f17adcf6064bcb67f3c5e93309d368e1420f064355802b1af0f9529f060f5.elf
.elf linux sparc
6a11cb9c4db81414db9d8684458604ce419a33ec5af79fe597919023a5e302d2.ps1
.ps1
6cf4b59fb3750b110333a597f0fdb49dd46b9736caaa1afaea337ebb84828388.vbs
.vbs
71bfeeb8ef35de17f04b4d6d1b101a28d687341049957f1569f8b147cdc18639.vbs
.vbs
73509c1b558d425ef6cddc8782eab81424b7659bca65aa9b374ac8e77c0f97d8.elf
.elf linux arm
75a66a2a3125b00b6e86e6e681aa46a906c1d51862663d70f76f089edbc66789.lzh
.lzh
PI_03_6_24.vbs
.vbs
79bbecde8d73ddd3713c5d6f32802462017bb4e641bde27e033af623acf71cc0.xlsx
.xlam .xlsx office2007
88d940bc7a8a820cef944cfb77998b1f59694c86a8644f54788be04ae7fd1bb4.js
.js
89f6a3e0a694c061bdf9286c3fea4223dc25ce92f5e44caac37803af104a92dc.xls
.xls windows office2003
8b0e0980e676bba6b7be8e303bf181fe30963e17af40aba4cf039985f40f355a.vbs
.vbs
960a287cacdeeb38a29b06b0a73f6f150be8064fd414b9e050eed13c03cbe917.exe
.exe windows:5 windows x86 arch:x86

e871f39e81b4aa977737b07cee050825

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteExA
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderLocation

ole32

OleUninitialize
IIDFromString
OleInitialize
CoTaskMemFree
CoCreateInstance

comctl32

ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

user32

SystemParametersInfoA
LoadCursorA
SetClassLongA
GetWindowLongA
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuA
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
CreateWindowExA
GetClassInfoA
RegisterClassA
DispatchMessageA
GetMessagePos
CharNextA
ExitWindowsEx
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
LoadImageA
FindWindowExA
SetWindowLongA
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutA
SendMessageA
wsprintfA
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextA
DefWindowProcA
PeekMessageA
SetDlgItemTextA
MessageBoxIndirectA
CharPrevA
CallWindowProcA
GetDlgItemTextA
GetSysColor

gdi32

SetBkMode
CreateBrushIndirect
GetDeviceCaps
SelectObject
DeleteObject
SetBkColor
SetTextColor
CreateFontIndirectA

kernel32

WriteFile
GetTempFileNameA
GetLastError
WaitForSingleObject
ReadFile
CreateFileA
CreateDirectoryA
lstrcpynA
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceA
CopyFileA
lstrlenA
GetVersionExA
GetWindowsDirectoryA
ExitProcess
GetExitCodeProcess
SetErrorMode
GetTempPathA
SetEnvironmentVariableA
GetCommandLineA
GetModuleFileNameA
GetTickCount
GetFileSize
MultiByteToWideChar
MoveFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpiA
lstrcmpA
MulDiv
GetShortPathNameA
GlobalFree
GlobalAlloc
LoadLibraryExA
GetModuleHandleA
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesA
GetFullPathNameA
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CompareFileTime
SearchPathA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
RemoveDirectoryA
CreateProcessA
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
lstrcpyA
lstrcatA
MoveFileExA
GetCurrentProcess

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

595a3fd71239f605bb02d7a5e48fd4df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynA
lstrcpyA
GetLastError
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Beslags/Roundtree123.txt
Beslags/ansigtsudtrykket.hne
Beslags/antitrochanter.adj
Beslags/bi.bar
Beslags/cavalierish.ise
Fragtskibene.Sta147
Freebies/Unexotic/nonabstractedness.tav
Freebies/Unexotic/outskipped.met
Freebies/Unexotic/prisregulering.for
Freebies/Unexotic/subtrude.std
Freebies/Unexotic/totalindtryks.pro
Freebies/Unexotic/trypetid.oxb
Freebies/Unexotic/vicegreves.kol
Freebies/kludders.und
Freebies/lnk.non
Freebies/missilformularers.lit
Guldure.une
Undemureness.Spd
996a54565f6b7dfe2c73d435247328e5baf31d5bfc0f56012122a720a8c168da.vbs
.vbs
b33d82ff1dd1151b74d4f6c71797cc6d2b1c5ca83c780ec95f89e7fd25c76e62.vbe
.vbe .vbs
bbd2029a9e857bc11908908924afe736c98bace171abe0a70953d625d0702679.elf
.elf linux x86
c25d05f03dc41af923f97e2849e74a1ed851a4089366d3bdf21e52350cddf519.elf
.elf linux mipsel
d38a865cf705592da17d1225b5ef147ffc1cf0b5c5df6fdba2561588649633cb.vbe
.vbe .vbs
db9151a29924eaa6b7fd1f9395d256285deb924445e26cf383ed84722debedef.vbs
.vbs
e1c9b3850958c21be6108aa28a28f7b8f059a0530db99c587fadef7801fa4319.vbs
.vbs
e1d23ffb2da528db228e4198e98b65997d43d761fafc5074d22887548813c336.elf
.elf linux ppc
e257d0b2a8d6fa8dab677cc0e0c426016f25c905a18ce1bb1db045bce5d5c480.elf
.elf linux mipsel
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15.vbs
.vbs
e3f883dc3b401f7232adb797186f47b2d037951afb8cae4f80db0f9cb532b59e.xls
.xls windows office2003
e6545959e088f63aba6282134b0bb87513653ad924654468a2425e53e3f072d2.xls
.xls windows office2003
e8507d61cf58c81a8bfaecc48a0fd3a5b6e3562d305260bf069bea37ee4f4246.vbs
.vbs
ea06432b0fe0200a91d19856ff8c0a24fc6bbb52c7ba49f6309555ac7d6797ea.vbs
.vbs
eda2c26b8e51b2a9cc200c833885adcda86fe52f723dea2d6474172919aba937.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fe:0c:15:70:95:c5:3d:4b:16:3b:0d:8c:7d:20:0d:01:48:44:66:8a:9d:2b:4e:28:69:d8:fd:63:25:9c:0f:43
Signer

Actual PE Digest

fe:0c:15:70:95:c5:3d:4b:16:3b:0d:8c:7d:20:0d:01:48:44:66:8a:9d:2b:4e:28:69:d8:fd:63:25:9c:0f:43

Digest Algorithm

sha256

PE Digest Matches

false

bf:ab:8f:a1:62:0f:d2:cf:f0:67:0f:ee:11:9a:9c:d7:72:3b:e7:81
Signer

Actual PE Digest

bf:ab:8f:a1:62:0f:d2:cf:f0:67:0f:ee:11:9a:9c:d7:72:3b:e7:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 752KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ee0961714435d961e68dc470f1a618941190e63e969022984e3149b263b38c93.elf
.elf linux arm
f51b71f0a8e071bc5eb02d58445839df004b9d9b0b7f68198591af3d942ea5f3.xlsx
.xls .xlsx windows office2003
f5a1fca85008da2247fafe3846709143d53d62ee6d6b156d94ee5d03414ae28f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f8e9f3b46f1a31296aaaea94742edc5ed396b4a5613912b8ca60c110a6807b50.zip
.zip
ORDER060424.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa
Signer

Actual PE Digest

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa

Digest Algorithm

sha256

PE Digest Matches

false

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3
Signer

Actual PE Digest

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 750KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Files

Password: infected

8f0b011d57f560864c19d21985cc2bcf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 421KB - Virtual size: 420KB

.managed Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 121KB - Virtual size: 177KB

.pdata Size: 99KB - Virtual size: 98KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 502KB - Virtual size: 501KB

.reloc Size: 58KB - Virtual size: 57KB

ea4e67a31ace1a72683a99b80cf37830

Code Sign

20:c0:c0:35:95:97:22:5f:62:d7:ba:0c:e5:1d:20:6d:dd:b3:b2:e7Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ba:5f:c1:5a:4e:04:11:90:d5:df:9b:e4:30:5d:66:e3:ee:52:c1:e3:cd:f5:75:73:c6:ae:9e:78:0f:3e:28:beSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 106KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 163KB - Virtual size: 162KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 24KB - Virtual size: 24KB

.rsrc Size: 55KB - Virtual size: 55KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 232KB - Virtual size: 231KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

.text
Size: 421KB - Virtual size: 420KB

.managed
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 121KB - Virtual size: 177KB

.pdata
Size: 99KB - Virtual size: 98KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 502KB - Virtual size: 501KB

.reloc
Size: 58KB - Virtual size: 57KB

20:c0:c0:35:95:97:22:5f:62:d7:ba:0c:e5:1d:20:6d:dd:b3:b2:e7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ba:5f:c1:5a:4e:04:11:90:d5:df:9b:e4:30:5d:66:e3:ee:52:c1:e3:cd:f5:75:73:c6:ae:9e:78:0f:3e:28:be
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 106KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 163KB - Virtual size: 162KB

.text
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 55KB - Virtual size: 55KB

.text
Size: 232KB - Virtual size: 231KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa
Signer

30:3b:3b:36:99:74:73:ca:3d:6d:0d:e3:c9:73:9a:07:75:e1:b1:e3
Signer

.text
Size: 750KB - Virtual size: 748KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 12B

.text
Size: 672KB - Virtual size: 668KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 12B

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

f3:5c:a8:4f:2f:fd:2f:1d:47:8e:4e:46:f6:4a:2c:9c:1e:0d:c6:c6:ce:96:f9:23:56:59:8b:88:e7:9b:2f:fa
Signer