Airbus
Dietitians
Kettledrum
Overview
overview
10Static
static
3PO#053497.pdf.exe
windows7-x64
10PO#053497.pdf.exe
windows10-2004-x64
10$TEMP/29.opends60.dll
windows7-x64
1$TEMP/29.opends60.dll
windows10-2004-x64
1$TEMP/Ster...ap.dll
windows7-x64
1$TEMP/Ster...ap.dll
windows10-2004-x64
1$TEMP/WebN...mes.js
windows7-x64
3$TEMP/WebN...mes.js
windows10-2004-x64
3$TEMP/aspnetisapi.dll
windows7-x64
1$TEMP/aspnetisapi.dll
windows10-2004-x64
1$TEMP/autolayt.dll
windows7-x64
1$TEMP/autolayt.dll
windows10-2004-x64
1$TEMP/coyote.exe
windows7-x64
4$TEMP/coyote.exe
windows10-2004-x64
10$TEMP/cvtres.exe
windows7-x64
1$TEMP/cvtres.exe
windows10-2004-x64
1$TEMP/disco.exe
windows7-x64
1$TEMP/disco.exe
windows10-2004-x64
1$TEMP/emcmp.ko
ubuntu-22.04-amd64
$TEMP/ltv350qv.ko
ubuntu-24.04-amd64
$TEMP/sl-modem.py
windows7-x64
3$TEMP/sl-modem.py
windows10-2004-x64
3$TEMP/syst...er.vbs
windows7-x64
1$TEMP/syst...er.vbs
windows10-2004-x64
1$TEMP/vsslnui.dll
windows7-x64
1$TEMP/vsslnui.dll
windows10-2004-x64
1$TEMP/webb...35.pyc
windows7-x64
3$TEMP/webb...35.pyc
windows10-2004-x64
3Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
PO#053497.pdf.exe
Resource
win7-20240508-en
windows7-x64
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
PO#053497.pdf.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
16 signatures
150 seconds
Behavioral task
behavioral3
Sample
$TEMP/29.opends60.dll
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
$TEMP/29.opends60.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
$TEMP/SterletFiretrap.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
$TEMP/SterletFiretrap.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
$TEMP/WebNavigationFrames.js
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
$TEMP/WebNavigationFrames.js
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
$TEMP/aspnetisapi.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
$TEMP/aspnetisapi.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
$TEMP/autolayt.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral12
Sample
$TEMP/autolayt.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral13
Sample
$TEMP/coyote.exe
Resource
win7-20240611-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral14
Sample
$TEMP/coyote.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
14 signatures
150 seconds
Behavioral task
behavioral15
Sample
$TEMP/cvtres.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
$TEMP/cvtres.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
$TEMP/disco.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
$TEMP/disco.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
$TEMP/emcmp.ko
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
$TEMP/ltv350qv.ko
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
$TEMP/sl-modem.py
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral22
Sample
$TEMP/sl-modem.py
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral23
Sample
$TEMP/system-config-printer.vbs
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
$TEMP/system-config-printer.vbs
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
$TEMP/vsslnui.dll
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral26
Sample
$TEMP/vsslnui.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
$TEMP/webbrowser.cpython-35.pyc
Resource
win7-20240508-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral28
Sample
$TEMP/webbrowser.cpython-35.pyc
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
a8077adcaa2e0091662b2041130889f6_JaffaCakes118
-
Size
404KB
-
MD5
a8077adcaa2e0091662b2041130889f6
-
SHA1
5278abe96db440247d3df4752c06fb609c9878dd
-
SHA256
75b7bddef1a15ec5831eeb5abc12341bf4322456909906a81ffc62ef8d955d81
-
SHA512
9d9d64d3e7210770948e9d2c5bfdcb460b88f148426b034b9a6f3d6f0b355e9c237a832886ef79b70d381875a5fd8e2d651ad707e18c7076ec278f092cc573c3
-
SSDEEP
12288:l65f99I/Lknsr3FiStrHNW1UlERVWLFMenh:l+99ELknO3FiyNbCRVWL/h
Score
3/10
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/PO#053497.pdf.exe unpack002/$TEMP/SterletFiretrap.dll unpack002/$TEMP/aspnetisapi.dll unpack002/$TEMP/autolayt.dll unpack002/$TEMP/coyote.exe unpack002/$TEMP/disco.exe unpack002/$TEMP/vsslnui.dll
Files
-
a8077adcaa2e0091662b2041130889f6_JaffaCakes118.rar
-
PO#053497.pdf.exe.exe windows:4 windows x86 arch:x86
4ea4df5d94204fc550be1874e1b77ea7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
Sleep
GetTickCount
CreateFileW
GetFileSize
MoveFileW
SetFileAttributesW
GetModuleFileNameW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
WaitForSingleObject
GetCurrentProcess
CompareFileTime
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
lstrcpyW
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalAlloc
GetShortPathNameW
SearchPathW
lstrcmpiW
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
lstrcmpW
GetDiskFreeSpaceW
lstrlenW
lstrcpynW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
user32
GetSystemMenu
SetClassLongW
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfW
ScreenToClient
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
LoadImageW
SetTimer
SetWindowTextW
PostQuitMessage
ShowWindow
GetDlgItem
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow
gdi32
SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
advapi32
RegDeleteKeyW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
comctl32
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create
ole32
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 68KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 364KB - Virtual size: 364KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/274.5
-
$TEMP/29.opends60.dll
-
$TEMP/AsyncPictureBoxForm.jsl
-
$TEMP/Grammars.HxT.xml
-
$TEMP/Harmony
-
$TEMP/Local107627953addgroup2.gif.gif
-
$TEMP/SterletFiretrap.dll.dll windows:5 windows x86 arch:x86
31f8d7608ac28f8e2c4da2401fcb9a56
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
FileTimeToDosDateTime
FindFirstChangeNotificationA
UnlockFile
VirtualProtectEx
LoadLibraryA
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapFree
Sleep
HeapAlloc
VirtualFree
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
WideCharToMultiByte
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CloseHandle
Exports
Exports
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/WebDevWebServer.exe.xml
-
$TEMP/WebNavigationFrames.jsm.js
-
$TEMP/aspnetisapi.dll.dll windows:5 windows x86 arch:x86
920e7b5dde568d9493b3eee85fcde552
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
f:\binaries.x86ret\bin\i386\bbt\opt\aspnet_isapi.pdb
Imports
kernel32
LoadLibraryW
GetModuleFileNameW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
InterlockedCompareExchange
msvcr80
free
_decode_pointer
_initterm
_initterm_e
_encoded_null
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encode_pointer
_malloc_crt
_amsg_exit
webengine
InstallServices
RegisterAspNet
RegisterAspNetEx
UnregisterAspNet
AspNetTerminateExtension
AspNetGetExtensionVersion
AspNetHttpExtensionProc
Exports
Exports
GetExtensionVersion
HttpExtensionProc
InstallStateService
RegisterISAPI
RegisterISAPIEx
TerminateExtension
UnregisterISAPI
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/autolayt.dll.dll windows:5 windows x86 arch:x86
e0c75e651f6c97a0938a6233a5931725
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
f:\binaries.x86ret\bin\i386\VC7\VCPackages\autolayt.pdb
Imports
mfc80
ord2468
ord5403
ord310
ord578
ord781
ord5529
ord764
ord3997
ord4036
ord1489
ord299
ord6703
msvcr80
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
__CxxFrameHandler3
realloc
_ltoa_s
malloc
qsort
free
memmove
memset
memcpy
kernel32
GetUserDefaultLCID
lstrlenA
InterlockedExchange
GetModuleFileNameA
LoadLibraryExA
GetACP
GetLocaleInfoA
GetThreadLocale
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
GetVersionExA
user32
LoadStringA
Exports
Exports
AutoLayout
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/coyote.exe.exe windows:5 windows x86 arch:x86
b8848a4f4ce4477c977469ab423650aa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
GetModuleHandleA
WritePrivateProfileStringW
GetCommModemStatus
GetCurrentDirectoryW
SleepEx
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CloseHandle
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/cvtres.exe.exe windows:5 windows x86 arch:x86
acab46bf2f1f805110b896684dbe541f
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04-12-2003 00:00Not After03-12-2008 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10-01-1997 07:00Not After31-12-2020 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before23-05-2002 08:00Not After25-09-2011 08:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:05:87:58:00:03:00:00:00:5aCertificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-01-2005 23:20Not After05-04-2006 23:30SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
38:1c:48:34:30:8c:60:87:fe:08:13:c1:23:d2:0c:bf:a8:5f:38:8aSigner
Actual PE Digest38:1c:48:34:30:8c:60:87:fe:08:13:c1:23:d2:0c:bf:a8:5f:38:8aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
cvtres.pdb
Imports
msvcr80
_putwch
fputws
_cputws
vfwprintf
_vcwprintf
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
__winitenv
_initterm
_initterm_e
_configthreadlocale
fputwc
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__iob_func
fseek
ftell
fread
_fsopen
_wfsopen
setlocale
_wcsicmp
_wcsnicmp
_wmakepath
_wsplitpath
_tzset
_fcloseall
_time64
remove
_wremove
calloc
exit
memmove
_wfullpath
__CxxFrameHandler3
_wcsdup
sprintf
strncpy
_chsize
fclose
fwrite
_splitpath
_makepath
strncat
_ultow
memcpy
_fileno
_get_osfhandle
free
memset
strncat_s
atoi
strncpy_s
_itoa
__setusermatherr
atol
advapi32
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
kernel32
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
FindResourceA
LoadResource
GetFileType
GetConsoleMode
SetErrorMode
GetVersion
GetCPInfo
GetSystemTimeAsFileTime
GetModuleFileNameA
CreateFileMappingA
MapViewOfFileEx
CloseHandle
UnmapViewOfFile
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetSystemDefaultLangID
GetConsoleOutputCP
GetLocaleInfoA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
IsDebuggerPresent
Sections
.text Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/dhcpwins15.gif
-
$TEMP/disco.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
disco.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/dvvscmdsK.HxK.xml
-
$TEMP/elfi386.xdc
-
$TEMP/emcmp.ko.elf linux x64
-
$TEMP/ieexec.exe.xml
-
$TEMP/ltv350qv.ko.elf linux x64
-
$TEMP/nqroasn.gif.gif
-
$TEMP/oledw9FileList.HxF.xml
-
$TEMP/picturemate4.xml.xml
-
$TEMP/sl-modem.py
-
$TEMP/soft-structuregrey.jpg.jpg
-
$TEMP/system-config-printer.rtupdate.vbs
-
$TEMP/templatestar.png.png
-
$TEMP/url.amf
-
$TEMP/vsslnui.dll.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/webbrowser.cpython-35.pyc
-
$TEMP/x-sony-sr2.xml.xml
-
$TEMP/x-tex.xml.xml