Desktop[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.zip
Size

7.2MB
MD5

f07a13d08d3955db2ed1395dbeb750f5
SHA1

d1f0e600fc007ee5381674e4f1fa090607e0814b
SHA256

503b1aff23f00a7a668cc8213199a78ac5a66704f375f198b9d41514753cefc8
SHA512

972847ae6620d9702b4447e5765d700c18dd9fe6e42ed8e9d4547015c442a64b82657e5d29090da19187e7dc56c33fd0df2ffa1a70265317d62bfea51b408136
SSDEEP

196608:Q3f35VoPxurjsLURhw35ivcLhRyQrCz1977KyoK8:QQPwrjskwJi0L7pWz1972yo1

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/order.exe	upx
static1/unpack001/i no crysis dis shit	upx
static1/unpack001/omg its fucking CRYSIS	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack002/order.exe
unpack003/out.upx
unpack001/UGH CRYSIS RANSOm
unpack001/crususususussu crysis
unpack001/crysisisis
unpack001/encrypt da ct
unpack001/i no crysis dis shit
unpack004/out.upx
unpack001/im gonna cry sis
unpack001/omg its fucking CRYSIS
unpack005/out.upx
unpack001/why crysis go raas

Files

Desktop.zip
.zip
CRYSIS IS FUCK
.zip
order.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 696KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 310KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 641KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.newsect
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UGH CRYSIS RANSOm
.exe windows:5 windows x86 arch:x86

f86dec4a80961955a89e7ed62046cc0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\crysis\Release\PDB\payload.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
EnterCriticalSection
ReleaseMutex
CloseHandle

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
crususususussu crysis
.exe windows:6 windows x86 arch:x86

b87ba4ff4279296cffe9110b0750be77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BackupWrite
CreateWaitableTimerA
GetProfileIntA
IsSystemResumeAutomatic
CreateFileW
DecodePointer
VirtualFree
GetSystemTimeAdjustment
FlushFileBuffers
FindCloseChangeNotification
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateDirectoryA

user32

CreateCaret
DdeAbandonTransaction

advapi32

SystemFunction036
GetCurrentHwProfileA
LogonUserA
ImpersonateLoggedOnUser
GetSecurityDescriptorRMControl

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
crysisisis
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

_cgo_panic
_cgo_topofstack
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
crosscall2
doneTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

Size: 2.8MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rnryrfjo
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hnusagpg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
encrypt da ct
.exe windows:6 windows x86 arch:x86

c6a5269c02b217ccffd48187054da36f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
LoadLibraryExW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
UnhandledExceptionFilter
HeapReAlloc
GetModuleFileNameW
GetStdHandle
HeapSize
GetCommandLineA
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
ExitProcess
RtlUnwind
VirtualQuery
VirtualProtect
EncodePointer
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
LCMapStringW
CompareStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
WriteConsoleW
ReadConsoleW
GetUserDefaultUILanguage
GetDateFormatA
GetVolumeNameForVolumeMountPointA
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeMountPointA
GetComputerNameA
MoveFileExA
GetCompressedFileSizeW
CreateFileW
CreateFileA
EnumResourceLanguagesA
GetLogicalDriveStringsA
CreateEventA
lstrcpyA
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemInfo
GetCommState
CloseHandle
SetFilePointer
SetEndOfFile
DeviceIoControl
ReadFile
WriteFile
GetFileSize
WaitForSingleObject
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateThread
VirtualAlloc
GetVersion
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
GetVersionExA
FindResourceA
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryExA
LoadLibraryA
lstrlenA
lstrcmpiA
lstrcmpA
MulDiv
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
DebugBreak
SetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
DecodePointer
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetEnvironmentVariableA

user32

GetDesktopWindow
SetWindowLongA
GetWindowLongA
PtInRect
OffsetRect
InflateRect
SetRectEmpty
FrameRect
FillRect
GetClassNameA
GetWindowThreadProcessId
DrawEdge
DrawFrameControl
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
GetMessagePos
SendMessageA
PostMessageA
DefWindowProcA
PostQuitMessage
CallWindowProcA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
LoadStringA
LoadStringW
SystemParametersInfoA
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoA
wsprintfA
DefWindowProcW
RegisterClassA
PrintWindow
SetDlgItemTextA
CheckRadioButton
GetDialogBaseUnits
CallNextHookEx
GetWindow
SetWindowsHookExA
GetSysColorBrush
GetSysColor
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursor
MessageBeep
MessageBoxA
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
CheckMenuRadioItem
RegisterWindowMessageA
IsChild
DestroyWindow
GetCursorPos
SetRect
FindWindowA
EndPaint
BeginPaint
LoadIconA
DdeCreateStringHandleW
ShowWindow
MoveWindow
SetWindowPos
IsWindowVisible
DialogBoxParamA
EndDialog
ReleaseDC
GetWindowDC
UnregisterClassA
LoadBitmapA
LoadCursorA
GetDlgItem
GetDlgCtrlID
CharLowerA
CharNextA
SetFocus
GetActiveWindow
GetFocus
GetParent
UnhookWindowsHookEx
SetCursorPos
LoadImageA
GetDC
UpdateWindow
DrawTextA
SetMenuDefaultItem
SetMenuItemInfoA
GetMenuItemInfoA
TrackPopupMenuEx
DeleteMenu
RemoveMenu
ModifyMenuA
AppendMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetMenu
GetMenu
LoadMenuA
GetSystemMetrics
TranslateAcceleratorA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsA
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetKeyState

gdi32

AngleArc
BeginPath
CloseFigure
EndPath
GetTextMetricsA
MoveToEx
TextOutA
SetWindowExtEx
CreatePatternBrush
DeleteEnhMetaFile
CreateEnhMetaFileA
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
PatBlt
SelectObject
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectA
Polygon
SetViewportOrgEx
SetWindowOrgEx
CloseEnhMetaFile
SetPixelFormat
SetMapMode
SetDCPenColor
LineTo
FillRgn
Ellipse
CreateRectRgn
CreateDCA
CombineRgn
SetBrushOrgEx
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
StrokePath
GetCurrentObject
OffsetWindowOrgEx

winspool.drv

EnumPrintersA

comdlg32

ChooseFontA

advapi32

RegQueryValueExA
LsaClose
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
ImpersonateNamedPipeClient
RegSetValueExA
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

DragAcceptFiles

ole32

CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
CreateObjrefMoniker
StgCreateDocfile

oleaut32

OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

odbc32

ord9

shlwapi

wnsprintfA

comctl32

ord6
ord8
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_LoadImageA
ImageList_DrawIndirect
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
CreateToolbarEx

opengl32

wglMakeCurrent

ws2_32

WSACreateEvent
WSAGetLastError

netapi32

NetLocalGroupAddMember
NetUserAdd

avicap32

capGetDriverDescriptionA

msacm32

acmFormatTagDetailsA

winmm

mmioOpenA
mmioClose
mmioRead
mmioDescend
mmioAscend

iphlpapi

NotifyRouteChange

rpcrt4

UuidCreate
UuidToStringW

gdiplus

GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipDrawLineI
GdipCreatePen1

secur32

EnumerateSecurityPackagesA

setupapi

SetupDiGetClassDevsA

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i dunno i think its crysis ransom
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01-01-2014 07:00

Not After

30-05-2031 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:13:64:2d:8b:39:f9:90
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

18-01-2018 00:26

Not After

14-02-2019 20:53

Subject

CN=PC Scoreboards,O=PC Scoreboards,L=Chesterfield,ST=Missouri,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:bb:10:c3:47:4a:34:d1:fc:f9:d3:cb:ca:b1:84:5d:06:d1:3d:b9
Signer

Actual PE Digest

16:bb:10:c3:47:4a:34:d1:fc:f9:d3:cb:ca:b1:84:5d:06:d1:3d:b9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i no crysis dis shit
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
im gonna cry sis
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
omg its fucking CRYSIS
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Stop

Sections

UPX0
Size: - Virtual size: 560KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 371KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 241B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
why crysis go raas
.exe windows:6 windows x86 arch:x86

69089f97541f3d5e08b74d35eae71940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
OutputDebugStringW
CreateFileW
SetFilePointerEx
SetStdHandle
RtlUnwind
FlushFileBuffers
GetConsoleCP
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
RaiseException
HeapSize
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
CloseHandle
GetFileTime
GlobalMemoryStatusEx
GetFileType
LoadLibraryA
GetProcAddress
GetLastError
GetACP
GetCPInfo
GetOEMCP
IsValidCodePage
LoadLibraryExW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FileTimeToSystemTime
GetFileAttributesA
GlobalAlloc
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
GetFileSize
CreateFileA
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameW
GetProcessHeap
IsProcessorFeaturePresent
IsDebuggerPresent
SetConsoleMode
ReadConsoleInputA
ExitProcess
LCMapStringW
GetConsoleMode
SetConsoleCtrlHandler
ReadFile
GetSystemTimeAsFileTime
MultiByteToWideChar
GetCurrentThreadId
GetModuleHandleA
GetVersion
WriteFile
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
FlushConsoleInputBuffer
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
EncodePointer
DecodePointer
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
ExitThread
GetCommandLineA
VirtualQuery

user32

GetUserObjectInformationW
GetMenuItemInfoA
GetCursorPos
SetWindowPos
GetProcessWindowStation
GetDlgItem
CreateWindowExA
MessageBoxA
CreatePopupMenu
AppendMenuA
RemoveMenu
SystemParametersInfoA
CallWindowProcA
AdjustWindowRect
DestroyMenu
EndDeferWindowPos
SetWindowLongA
GetDC
SetScrollInfo
DefWindowProcA
ClientToScreen
DestroyWindow
GetSystemMenu
PostQuitMessage
SendDlgItemMessageA
TrackPopupMenu
FillRect
DrawTextA
GetSubMenu
LoadStringA
LoadMenuA
LoadIconA
GetClientRect
SetFocus
SendMessageA
GetIconInfo

gdi32

SetTextColor
DeleteDC
CreateFontIndirectA
SetTextJustification
BitBlt
TranslateCharsetInfo
GetTextExtentPoint32A
SetBkMode
SelectObject
CreateCompatibleDC
SetMapMode
RealizePalette
SelectPalette
TextOutA

comdlg32

GetOpenFileNameA

shell32

Shell_NotifyIconA

ole32

CreateStreamOnHGlobal

netapi32

NetWkstaSetInfo
NetWkstaUserGetInfo
NetWkstaTransportEnum
NetApiBufferFree
NetWkstaUserEnum
NetWkstaGetInfo

psapi

GetProcessMemoryInfo

winscard

SCardGetProviderIdW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

crypt32

CertVerifyCertificateChainPolicy
CertVerifyValidityNesting
CertVerifyRevocation
CertVerifySubjectCertificateContext
CertVerifyCTLUsage
CertVerifyTimeValidity

pdh

PdhVerifySQLDBA
PdhValidatePathA

gdiplus

GdipFree
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc

imm32

ImmGetDefaultIMEWnd

urlmon

CreateUriWithFragment
CreateUriFromMultiByteString

snmpapi

SnmpUtilIdsToA

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 696KB

UPX1 Size: 310KB - Virtual size: 312KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 641KB - Virtual size: 640KB

.data Size: 25KB - Virtual size: 25KB

.newsect Size: 512B - Virtual size: 4B

.rdata Size: 34KB - Virtual size: 33KB

.bss Size: - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 117KB - Virtual size: 117KB

/31 Size: 20KB - Virtual size: 19KB

/45 Size: 25KB - Virtual size: 25KB

/57 Size: 9KB - Virtual size: 9KB

/70 Size: 1KB - Virtual size: 1KB

/81 Size: 72KB - Virtual size: 72KB

/92 Size: 4KB - Virtual size: 3KB

f86dec4a80961955a89e7ed62046cc0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 42KB - Virtual size: 42KB

b87ba4ff4279296cffe9110b0750be77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Exports

Exports

Sections

Size: 2.8MB - Virtual size: 6.4MB

.rsrc Size: 6KB - Virtual size: 15KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 2.5MB

rnryrfjo Size: 1.6MB - Virtual size: 1.6MB

hnusagpg Size: 512B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 12KB

c6a5269c02b217ccffd48187054da36f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

UPX0
Size: - Virtual size: 696KB

UPX1
Size: 310KB - Virtual size: 312KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 641KB - Virtual size: 640KB

.data
Size: 25KB - Virtual size: 25KB

.newsect
Size: 512B - Virtual size: 4B

.rdata
Size: 34KB - Virtual size: 33KB

.bss
Size: - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 117KB - Virtual size: 117KB

/31
Size: 20KB - Virtual size: 19KB

/45
Size: 25KB - Virtual size: 25KB

/57
Size: 9KB - Virtual size: 9KB

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 72KB - Virtual size: 72KB

/92
Size: 4KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 42KB - Virtual size: 42KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 15KB

.idata
Size: 512B - Virtual size: 4KB

rnryrfjo
Size: 1.6MB - Virtual size: 1.6MB

hnusagpg
Size: 512B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 12KB

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 23KB

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 186KB - Virtual size: 186KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:e7:15
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

1b:13:64:2d:8b:39:f9:90
Certificate

16:bb:10:c3:47:4a:34:d1:fc:f9:d3:cb:ca:b1:84:5d:06:d1:3d:b9
Signer

.text
Size: 372KB - Virtual size: 372KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 596KB - Virtual size: 596KB

.rsrc
Size: 57KB - Virtual size: 60KB

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 11KB - Virtual size: 85KB

.rsrc
Size: 219KB - Virtual size: 218KB