ubuntu-12[.]04-desktop-i386-tomoyo-1[.]8[.]4-20150506[.]iso

Sharing

Copy URL Twitter E-mail

General

Target

ubuntu-12.04-desktop-i386-tomoyo-1.8.4-20150506.iso
Size

33.9MB
MD5

e8ef6ef91a2ed4e4d0926a40d85e83d5
SHA1

04e52dd2845ad7fd050f3592f0a44d013c75886d
SHA256

9f71312d840a7e408cb8a2d447f6688206db7272a60e448ab753e75b301b5a2d
SHA512

26f4479a5a62d7c84b1a7934d6d1afb1ed696b289551b737c767daf85198b29239479eef1100940adc7b0c27fdf58db77c8dc9ee30fe9953ea177ecbbfb640aa
SSDEEP

786432:7qgrZ2vRSrSwEC8AKLYMQeNz2yHq+Ch+dPVg/EPmZS1A3fmQSvC:GgV+S2wEC8AKLYMVHumgtZS+v2C

Score

1^/10

Malware Config

Signatures

Files

ubuntu-12.04-desktop-i386-tomoyo-1.8.4-20150506.iso
.iso

Password: infected
out.iso
.iso

Password: infected
.disk/casper-uuid-ccs
.disk/cd_type
.disk/info
.disk/release_notes_url
README.diskdefines
[BOOT]/Boot-NoEmul.img
autorun.inf
boot/grub/loopback.cfg
casper/filesystem.manifest
casper/filesystem.manifest-remove
casper/filesystem.size
casper/filesystem.squashfs
dists/precise/Release
dists/precise/Release.gpg
dists/precise/main/binary-i386/Packages.gz
.gz

Password: infected
Packages
dists/precise/main/binary-i386/Release
dists/precise/restricted/binary-i386/Packages.gz
.gz

Password: infected
Packages
dists/precise/restricted/binary-i386/Release
install/README.sbm
install/mt86plus
install/sbm.bin
isolinux/boot.cat
isolinux/isolinux.bin
md5sum.txt
pics/blue-lowerleft.png
.png

Password: infected
pics/blue-lowerright.png
.png

Password: infected
pics/blue-upperleft.png
.png

Password: infected
pics/blue-upperright.png
.png

Password: infected
pics/debian.jpg
.jpg

Password: infected
pics/logo-50.jpg
.jpg
pics/red-lowerleft.png
.png
pics/red-lowerright.png
.png
pics/red-upperleft.png
.png
pics/red-upperright.png
.png
pool/main/b/b43-fwcutter/b43-fwcutter_015-9_i386.deb
pool/main/d/dkms/dkms_2.2.0.3-1ubuntu3_all.deb
pool/main/f/fakeroot/fakeroot_1.18.2-1_i386.deb
pool/main/l/lupin/lupin-support_0.51_i386.deb
pool/main/libg/libglade2/libglade2-0_2.6.4-1ubuntu1_i386.deb
pool/main/m/mouseemu/mouseemu_0.16-0ubuntu7_i386.deb
pool/main/n/ndisgtk/ndisgtk_0.8.5-1_i386.deb
pool/main/n/ndiswrapper/ndiswrapper-common_1.57-1ubuntu1_all.deb
pool/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.57-1ubuntu1_i386.deb
pool/main/p/patch/patch_2.6.1-3_i386.deb
pool/main/p/pygtk/python-glade2_2.24.0-3_i386.deb
pool/main/s/setserial/setserial_2.17-46_i386.deb
pool/main/u/ubiquity-slideshow-ubuntu/oem-config-slideshow-ubuntu_58_all.deb
pool/main/u/ubiquity/oem-config-gtk_2.10.16_all.deb
pool/main/u/ubiquity/oem-config_2.10.16_all.deb
pool/main/u/user-setup/user-setup_1.42ubuntu3_all.deb
pool/main/w/wvdial/wvdial_1.61-4build1_i386.deb
pool/main/w/wvstreams/libuniconf4.6_4.6.1-2build1_i386.deb
pool/main/w/wvstreams/libwvstreams4.6-base_4.6.1-2build1_i386.deb
pool/main/w/wvstreams/libwvstreams4.6-extras_4.6.1-2build1_i386.deb
pool/restricted/b/bcmwl/bcmwl-kernel-source_5.100.82.38+bdcom-0ubuntu6_i386.deb
pool/restricted/s/sl-modem/sl-modem-daemon_2.9.11~20110321-6_i386.deb
preseed/cli.seed
preseed/ltsp.seed
preseed/ubuntu.seed
wubi.exe
.exe windows:4 windows x86 arch:x86

04492ac8c01e7951d89d8d7b66d0b668

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:1a:dc:37:64:e2:ff:7b:05:81:4f:7a:05:d1:2f:5b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/10/2010, 00:00

Not After

06/10/2012, 23:59

Subject

CN=Canonical UK Ltd.,OU=IS,O=Canonical UK Ltd.,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

92:44:2f:23:8d:01:01:89:59:70:33:06:05:16:a6:6b:7a:e0:32:af
Signer

Actual PE Digest

92:44:2f:23:8d:01:01:89:59:70:33:06:05:16:a6:6b:7a:e0:32:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcessId
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
OpenProcess
RemoveDirectoryA
SetFileAttributesA
SetUnhandledExceptionFilter
Sleep

msvcrt

_chdir
_fstat
_getcwd
_mkdir
__getmainargs
__p___argc
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
fclose
fopen
fread
free
fseek
fwrite
malloc
memcmp
memcpy
memset
signal
sprintf
strcpy
strncpy

user32

MessageBoxA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

04492ac8c01e7951d89d8d7b66d0b668

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

6f:1a:dc:37:64:e2:ff:7b:05:81:4f:7a:05:d1:2f:5bCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

92:44:2f:23:8d:01:01:89:59:70:33:06:05:16:a6:6b:7a:e0:32:afSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 36B

.rdata Size: 512B - Virtual size: 240B

.bss Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 41KB - Virtual size: 41KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

6f:1a:dc:37:64:e2:ff:7b:05:81:4f:7a:05:d1:2f:5b
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

92:44:2f:23:8d:01:01:89:59:70:33:06:05:16:a6:6b:7a:e0:32:af
Signer

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 240B

.bss
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 41KB - Virtual size: 41KB