C:\projects\colorful-console\src\Colorful.Console\obj\Debug\net461\Colorful.Console.pdb
Static task
static1
1 signatures
General
-
Target
ghost.rar
-
Size
521KB
-
MD5
1477ac7b0865079b361df94db4824745
-
SHA1
211a5ca88e52d748ee0f19476fcafc7c99d294bc
-
SHA256
7c58dd1905cbac99494d8b43040de32b88112b407a6f6f56233f02d70ada2262
-
SHA512
478abab924b59325f5428d7532d5bfd943661cd61dc5c007b94970ccc445c07a6f27091666df1c3b252f228ffa5a53742ba75bd782733bf060f29fa2d0521e25
-
SSDEEP
12288:Str+2LOxYatAwd69M+i0XMgnD530vpzYphLDollw3PK:cC+OxXIg08gnD53epzchwlw3PK
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/ZLzbTgo (1)/Colorful.Console.dll unpack001/ZLzbTgo (1)/SuperSimpleTcp.dll unpack001/ZLzbTgo (1)/artic.bin unpack001/ZLzbTgo (1)/artic.exe
Files
-
ghost.rar.rar
-
ZLzbTgo (1)/Colorful.Console.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ZLzbTgo (1)/SuperSimpleTcp.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Code\Misc\SuperSimpleTcp-3.0\src\SuperSimpleTcp\obj\Release\net461\SuperSimpleTcp.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ZLzbTgo (1)/System.Diagnostics.DiagnosticSource.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/09/2016, 17:58Not After07/09/2018, 17:58SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before18/08/2016, 20:17Not After02/11/2017, 20:17SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d6:fb:4d:67:72:14:08:d2:75:46:a0:06:cb:be:f9:d3:5f:db:20:bd:97:db:cd:de:3c:cd:a0:78:2f:b1:93:7fSigner
Actual PE Digestd6:fb:4d:67:72:14:08:d2:75:46:a0:06:cb:be:f9:d3:5f:db:20:bd:97:db:cd:de:3c:cd:a0:78:2f:b1:93:7fDigest Algorithmsha256PE Digest Matchestruebc:c6:7a:ba:4c:c6:19:72:95:75:c0:52:c5:b2:9c:4b:5f:0f:69:2eSigner
Actual PE Digestbc:c6:7a:ba:4c:c6:19:72:95:75:c0:52:c5:b2:9c:4b:5f:0f:69:2eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\A\_work\39\s\bin\obj\AnyOS.AnyCPU.Release\System.Diagnostics.DiagnosticSource\System.Diagnostics.DiagnosticSource.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ZLzbTgo (1)/artic.bin.exe windows:6 windows x64 arch:x64
7f5c7a565ac8edf3f2052703d39aa2ef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\arisune\Desktop\BobHCSGOInjector-master (2)\BobHCSGOInjector-master\x64\Release\BobHCSGOInjector.pdb
Imports
kernel32
LoadLibraryA
GetProcAddress
ReadProcessMemory
WaitForSingleObject
VirtualAllocEx
GetConsoleWindow
OpenProcess
VirtualFreeEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CreateRemoteThread
WriteProcessMemory
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleW
GetCurrentThreadId
RtlCaptureContext
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
user32
ShowWindow
GetWindowThreadProcessId
MessageBoxA
FindWindowA
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
vcruntime140
memset
__C_specific_handler
_CxxThrowException
__current_exception_context
__std_exception_destroy
memcpy
__current_exception
__std_exception_copy
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___argv
terminate
_c_exit
_invalid_parameter_noinfo
exit
_cexit
_errno
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_set_app_type
_seh_filter_exe
_exit
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
api-ms-win-crt-string-l1-1-0
strcpy_s
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
_callnewh
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 540B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ZLzbTgo (1)/artic.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.p54 Size: - Virtual size: 281KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
..I, Size: 556KB - Virtual size: 556KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ