General

Malware Config

Signatures

Files

• Loader-InstallerS(1).zip

  .zip

  Password: 1

• 3.0/Microsoft.Management.OData.dll

  .dll windows:4 windows x86 arch:x86

  Password: 1

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 131KB - Virtual size: 131KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Loader-InstallerS.exe

  .exe windows:6 windows x64 arch:x64

  Password: 1

  08dc1963c7b0df61dc0c8a7b0f216c97

  
  

  Code Sign

  76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  18-03-2020 00:00

  Not After

  18-03-2045 00:00

  Subject

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:6b:55:f4:2e:ba:5f:b8:33:8d:e1:c8

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  09-09-2022 07:45

  Not After

  09-09-2025 07:45

  Subject

  SERIALNUMBER=81967985,CN=Surfshark B.V.,O=Surfshark B.V.,STREET=Kabelweg 57,L=Amsterdam,ST=Noord-Holland,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:3c:0a:0a:1a:60:54:d6:4f:9e:87:19:96:0e:fc:5f:b5:01:a5:cd:d8:95:61:da:77:97:df:57:fe:a5:07:ef

  Signer

  Actual PE Digest

  1d:3c:0a:0a:1a:60:54:d6:4f:9e:87:19:96:0e:fc:5f:b5:01:a5:cd:d8:95:61:da:77:97:df:57:fe:a5:07:ef

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  AddVectoredContinueHandler

  AddVectoredExceptionHandler

  AreFileApisANSI

  CloseHandle

  CreateEventA

  CreateFileA

  CreateFileMappingA

  CreateFileMappingW

  CreateFileW

  CreateIoCompletionPort

  CreateMutexW

  CreateThread

  CreateWaitableTimerA

  CreateWaitableTimerExW

  DeleteCriticalSection

  DeleteFileA

  DeleteFileW

  DuplicateHandle

  EnterCriticalSection

  ExitProcess

  FlushFileBuffers

  FlushViewOfFile

  FormatMessageA

  FormatMessageW

  FreeEnvironmentStringsW

  FreeLibrary

  GetConsoleMode

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetDiskFreeSpaceA

  GetDiskFreeSpaceW

  GetEnvironmentStringsW

  GetErrorMode

  GetFileAttributesA

  GetFileAttributesExW

  GetFileAttributesW

  GetFileSize

  GetFullPathNameA

  GetFullPathNameW

  GetLastError

  GetProcAddress

  GetProcessAffinityMask

  GetProcessHeap

  GetQueuedCompletionStatusEx

  GetStartupInfoA

  GetStdHandle

  GetSystemDirectoryA

  GetSystemInfo

  GetSystemTime

  GetSystemTimeAsFileTime

  GetTempPathA

  GetTempPathW

  GetThreadContext

  GetTickCount

  GetVersionExA

  GetVersionExW

  HeapAlloc

  HeapCompact

  HeapCreate

  HeapDestroy

  HeapFree

  HeapReAlloc

  HeapSize

  HeapValidate

  InitializeCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExW

  LoadLibraryW

  LocalFree

  LockFile

  LockFileEx

  MapViewOfFile

  MultiByteToWideChar

  OutputDebugStringA

  OutputDebugStringW

  PostQueuedCompletionStatus

  QueryPerformanceCounter

  RaiseFailFastException

  ReadFile

  ResumeThread

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetConsoleCtrlHandler

  SetEndOfFile

  SetErrorMode

  SetEvent

  SetFilePointer

  SetProcessPriorityBoost

  SetThreadContext

  SetThreadPriority

  SetUnhandledExceptionFilter

  SetWaitableTimer

  Sleep

  SuspendThread

  SwitchToThread

  SystemTimeToFileTime

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TryEnterCriticalSection

  UnhandledExceptionFilter

  UnlockFile

  UnlockFileEx

  UnmapViewOfFile

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForSingleObject

  WaitForSingleObjectEx

  WerGetFlags

  WerSetFlags

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  __C_specific_handler

  msvcrt

  __getmainargs

  __initenv

  __iob_func

  __lconv_init

  __set_app_type

  __setusermatherr

  _acmdln

  _amsg_exit

  _beginthread

  _beginthreadex

  _cexit

  _endthreadex

  _errno

  _fmode

  _initterm

  _localtime64

  _onexit

  abort

  calloc

  exit

  fprintf

  free

  fwrite

  malloc

  memchr

  memcmp

  memcpy

  memmove

  memset

  qsort

  realloc

  signal

  strchr

  strcmp

  strcspn

  strlen

  strncmp

  strrchr

  strspn

  vfprintf

  Exports

  Exports

  _cgo_dummy_export

  authorizerTrampoline

  callbackTrampoline

  commitHookTrampoline

  compareTrampoline

  doneTrampoline

  preUpdateHookTrampoline

  rollbackHookTrampoline

  stepTrampoline

  updateHookTrampoline

  Sections

  .text

  Size: 23.4MB - Virtual size: 23.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 27.9MB - Virtual size: 27.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 652KB - Virtual size: 651KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 27KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 729KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 345B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 372KB - Virtual size: 372KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Management.OData.dll

  .dll windows:4 windows x86 arch:x86

  Password: 1

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 131KB - Virtual size: 131KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Read it to me.txt
• System.Management.Automation.dll

  .dll windows:4 windows x86 arch:x86

  Password: 1

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2023 19:51

  Not After

  16-10-2024 19:51

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0c:52:4c:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  06-07-2010 20:40

  Not After

  06-07-2025 20:50

  Subject

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:2f:de:64:e8:37:e4:28:6d:c8:51:31:2c:e0:52:88:8d:ea:f0:30:46:a3:c6:fd:91:55:d8:11:5e:d4:49:10

  Signer

  Actual PE Digest

  2e:2f:de:64:e8:37:e4:28:6d:c8:51:31:2c:e0:52:88:8d:ea:f0:30:46:a3:c6:fd:91:55:d8:11:5e:d4:49:10

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• srmlib.dll

  .dll windows:4 windows x86 arch:x86

  Password: 1

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2023 19:51

  Not After

  16-10-2024 19:51

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0c:52:4c:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  06-07-2010 20:40

  Not After

  06-07-2025 20:50

  Subject

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  16:6b:df:2f:2e:b6:1d:8a:d5:97:d0:c5:7b:9a:8a:6c:5b:f7:d3:5e:d3:a2:35:c8:4b:a7:4e:ad:76:6e:b6:d1

  Signer

  Actual PE Digest

  16:6b:df:2f:2e:b6:1d:8a:d5:97:d0:c5:7b:9a:8a:6c:5b:f7:d3:5e:d3:a2:35:c8:4b:a7:4e:ad:76:6e:b6:d1

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 76KB - Virtual size: 72KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• wabimp.dll

  .dll windows:10 windows x86 arch:x86

  Password: 1

  18e335b02063fa318512c131b85e788b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  wabimp.pdb

  Imports

  msvcrt

  _except_handler4_common

  _initterm

  memcpy

  free

  _amsg_exit

  _XcptFilter

  rand

  srand

  _vsnwprintf

  _vsnprintf

  malloc

  memset

  kernel32

  QueryPerformanceCounter

  GetCurrentThreadId

  UnhandledExceptionFilter

  GetCurrentProcessId

  WriteFile

  SetFilePointer

  LocalAlloc

  CreateFileW

  GetLocaleInfoA

  MultiByteToWideChar

  GetLastError

  CloseHandle

  LocalFree

  WideCharToMultiByte

  ReadFile

  LocalReAlloc

  GetFileAttributesW

  FormatMessageW

  lstrcmpiW

  lstrcmpiA

  LoadLibraryA

  FreeLibrary

  GetTickCount

  ExpandEnvironmentStringsA

  GetFileAttributesA

  DisableThreadLibraryCalls

  Sleep

  TerminateProcess

  SetUnhandledExceptionFilter

  GetCurrentProcess

  GetSystemTimeAsFileTime

  user32

  SendMessageA

  CharNextW

  GetWindowLongA

  SetDlgItemTextW

  SetWindowLongA

  EndDialog

  SendMessageW

  ScreenToClient

  GetClientRect

  GetMessagePos

  DialogBoxParamA

  GetWindowTextW

  SetPropW

  IsDlgButtonChecked

  GetPropW

  MessageBoxW

  GetDlgItem

  CheckDlgButton

  GetParent

  EnableWindow

  CharNextA

  DialogBoxParamW

  PostMessageA

  LoadStringW

  advapi32

  RegQueryValueExA

  RegCloseKey

  RegOpenKeyExA

  shell32

  SHGetPathFromIDListW

  SHBrowseForFolderW

  comctl32

  ImageList_LoadImageA

  ord17

  PropertySheetA

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  shlwapi

  PathRemoveFileSpecA

  PathAddExtensionW

  PathAppendW

  PathAppendA

  SHCreateStreamOnFileEx

  PathRemoveBackslashW

  PathIsDirectoryW

  PathRemoveFileSpecW

  api-ms-win-core-com-l1-1-0

  CoTaskMemFree

  Exports

  Exports

  CSVExport

  CSVImport

  LDIFImport

  VCFExport

  VCFImport

  WABImport

  Sections

  .text

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ