General

Malware Config

Signatures

Files

• 905ea903cc9cccce0c3a3e4eaa699f66.bin

  .zip

  Password: infected

• de52002c9566018c61b816f862325c681c756758e693c9d40b70670caf22a2c4.rar

  .rar

  Password: infected

• SMKT_COPY20240604.exe

  .exe windows:4 windows x86 arch:x86

  Password: infected

  f4639a0b3116c2cfc71144b88a929cfd

  
  

  Code Sign

  7f:8c:57:b7:41:1c:7a:5a:36:38:7f:a6:8f:f5:9b:2a:1f:14:2b:75

  Certificate

  Issuer

  CN=Gallstones,OU=Judicialises Detaljerigdom pakskken\ ,O=Gallstones,L=Frénouville,ST=Normandie,C=FR,1.2.840.113549.1.9.1=#0c1a53746f726c696e6965646540477269666c65726e65732e486578

  Not Before

  22-11-2023 02:27

  Not After

  21-11-2026 02:27

  Subject

  CN=Gallstones,OU=Judicialises Detaljerigdom pakskken\ ,O=Gallstones,L=Frénouville,ST=Normandie,C=FR,1.2.840.113549.1.9.1=#0c1a53746f726c696e6965646540477269666c65726e65732e486578

  7f:8c:57:b7:41:1c:7a:5a:36:38:7f:a6:8f:f5:9b:2a:1f:14:2b:75

  Certificate

  Issuer

  CN=Gallstones,OU=Judicialises Detaljerigdom pakskken\ ,O=Gallstones,L=Frénouville,ST=Normandie,C=FR,1.2.840.113549.1.9.1=#0c1a53746f726c696e6965646540477269666c65726e65732e486578

  Not Before

  22-11-2023 02:27

  Not After

  21-11-2026 02:27

  Subject

  CN=Gallstones,OU=Judicialises Detaljerigdom pakskken\ ,O=Gallstones,L=Frénouville,ST=Normandie,C=FR,1.2.840.113549.1.9.1=#0c1a53746f726c696e6965646540477269666c65726e65732e486578

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  6a:c0:ab:ab:3a:90:67:c3:97:7e:24:1f:32:32:52:ba:7d:1c:5c:d3:2e:67:29:25:b0:28:94:6f:b6:fd:b1:d9

  Signer

  Actual PE Digest

  6a:c0:ab:ab:3a:90:67:c3:97:7e:24:1f:32:32:52:ba:7d:1c:5c:d3:2e:67:29:25:b0:28:94:6f:b6:fd:b1:d9

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  ab:41:39:26:cb:65:b8:c9:bc:2a:b7:af:a4:94:bb:5a:1e:4b:4e:83

  Signer

  Actual PE Digest

  ab:41:39:26:cb:65:b8:c9:bc:2a:b7:af:a4:94:bb:5a:1e:4b:4e:83

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegEnumValueW

  RegEnumKeyW

  RegQueryValueExW

  RegSetValueExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  RegOpenKeyExW

  RegCreateKeyExW

  shell32

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetFileInfoW

  SHFileOperationW

  ShellExecuteExW

  ole32

  CoCreateInstance

  OleUninitialize

  OleInitialize

  IIDFromString

  CoTaskMemFree

  comctl32

  ImageList_Destroy

  ord17

  ImageList_AddMasked

  ImageList_Create

  user32

  MessageBoxIndirectW

  GetDlgItemTextW

  SetDlgItemTextW

  CreatePopupMenu

  AppendMenuW

  TrackPopupMenu

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  IsWindowVisible

  CallWindowProcW

  GetMessagePos

  CheckDlgButton

  LoadCursorW

  SetCursor

  GetSysColor

  SetWindowPos

  GetWindowLongW

  IsWindowEnabled

  SetClassLongW

  GetSystemMenu

  EnableMenuItem

  GetWindowRect

  ScreenToClient

  EndDialog

  RegisterClassW

  SystemParametersInfoW

  CharPrevW

  GetClassInfoW

  DialogBoxParamW

  CharNextW

  ExitWindowsEx

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  FindWindowExW

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  CharNextA

  wsprintfA

  DispatchMessageW

  CreateWindowExW

  PeekMessageW

  GetSystemMetrics

  gdi32

  GetDeviceCaps

  SetBkColor

  SelectObject

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  kernel32

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  RemoveDirectoryW

  CreateProcessW

  CreateDirectoryW

  GetLastError

  CreateThread

  GlobalLock

  GlobalUnlock

  GetDiskFreeSpaceW

  WideCharToMultiByte

  lstrcpynW

  lstrlenW

  SetErrorMode

  GetVersionExW

  GetCommandLineW

  GetTempPathW

  GetWindowsDirectoryW

  WriteFile

  CopyFileW

  ExitProcess

  GetCurrentProcess

  GetModuleFileNameW

  GetFileSize

  GetTickCount

  Sleep

  SetFileAttributesW

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  CloseHandle

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalFree

  GlobalAlloc

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrlenA

  MultiByteToWideChar

  ReadFile

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  MulDiv

  lstrcpyA

  MoveFileExW

  lstrcatW

  GetSystemDirectoryW

  GetProcAddress

  GetModuleHandleA

  GetExitCodeProcess

  WaitForSingleObject

  SetEnvironmentVariableW

  Sections

  .text

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 126KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 180KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 98KB - Virtual size: 98KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/System.dll

  .dll windows:4 windows x86 arch:x86

  Password: infected

  509a34b3a68a773e0afb4259e68f9f82

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GlobalAlloc

  GlobalFree

  GlobalSize

  lstrcpynW

  lstrcpyW

  GetProcAddress

  WideCharToMultiByte

  VirtualFree

  FreeLibrary

  lstrlenW

  LoadLibraryW

  GetModuleHandleW

  MultiByteToWideChar

  VirtualAlloc

  VirtualProtect

  GetLastError

  user32

  wsprintfW

  ole32

  StringFromGUID2

  CLSIDFromString

  Exports

  Exports

  Alloc

  Call

  Copy

  Free

  Get

  Int64Op

  Store

  StrAlloc

  Sections

  .text

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 867B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 120B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 662B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsExec.dll

  .dll windows:4 windows x86 arch:x86

  Password: infected

  68b7023f8923dd087549802f8fa631c3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  advapi32

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  IsTextUnicode

  user32

  CharNextExA

  CharNextW

  CharPrevW

  FindWindowExW

  wsprintfW

  SendMessageW

  kernel32

  GetCommandLineW

  lstrcpynW

  ExitProcess

  GetCurrentProcess

  GetModuleHandleA

  GetProcAddress

  Sleep

  TerminateProcess

  GlobalReAlloc

  MultiByteToWideChar

  IsDBCSLeadByteEx

  ReadFile

  PeekNamedPipe

  GetExitCodeProcess

  WaitForSingleObject

  GetTickCount

  lstrcpyW

  CreateProcessW

  GetStartupInfoW

  CreatePipe

  GetVersion

  DeleteFileW

  lstrcmpiW

  lstrlenW

  lstrcatW

  CloseHandle

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  CreateFileW

  CopyFileW

  GetTempFileNameW

  GlobalFree

  GlobalAlloc

  GetModuleFileNameW

  Exports

  Exports

  Exec

  ExecToLog

  ExecToStack

  Sections

  .text

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 420B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Acrook17.Ram59
• Begot.ami
• Bove.ska
• Disbosom.kli
• bnderkonerne/Samplingsfrekvenser.sal
• bnderkonerne/Throeing.non
• bnderkonerne/jobbere.aml
• bnderkonerne/widdling.txt