General

Malware Config

Signatures

Files

• S$0larDfdeg34!.zip

  .zip

  Password: 6868

• S$olaBma/Language.pimx
• S$olaBma/Main.ini
• S$olaBma/Packaged/Main.ini

  .xml
• S$olaBma/Packaged/Resource.dll
• S$olaBma/Packaged/Utils.dll

  .xml
• S$olaBma/S0Lar$B.exe

  .exe windows:5 windows x86 arch:x86

  Password: 6868

  be41bf7b8cc010b614bd36bbca606973

  
  

  Code Sign

  0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  13-01-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  06:2e:e3:fd:7c:dc:52:09:7c:1d:a6:af:a8:7c:74:5e

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  04-05-2023 00:00

  Not After

  06-05-2026 23:59

  Subject

  CN=TeamViewer Germany GmbH,O=TeamViewer Germany GmbH,L=Göppingen,ST=Baden-Württemberg,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  b5:fb:17:3e:f6:7f:c9:a6:e5:7f:8b:ef:dd:48:0a:36:76:2e:5b:df:45:15:fe:97:53:49:81:f1:58:4b:63:30

  Signer

  Actual PE Digest

  b5:fb:17:3e:f6:7f:c9:a6:e5:7f:8b:ef:dd:48:0a:36:76:2e:5b:df:45:15:fe:97:53:49:81:f1:58:4b:63:30

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  lstrcpynA

  CloseHandle

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  lstrlenA

  MulDiv

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrlenW

  user32

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 415KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 516KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/Ana
• $TEMP/Beans
• $TEMP/Conventional
• $TEMP/Cross
• $TEMP/Expanded
• $TEMP/Gold
• $TEMP/Got
• $TEMP/Jeffrey
• $TEMP/Jewel
• $TEMP/Labels
• $TEMP/Madness
• $TEMP/Mexico
• $TEMP/Mg
• $TEMP/Mitchell
• $TEMP/Nc
• $TEMP/Nt
• $TEMP/Observer
• $TEMP/Operators
• $TEMP/Orders
• $TEMP/Pittsburgh
• $TEMP/Playing
• $TEMP/Pond
• $TEMP/Recipes
• $TEMP/Si
• $TEMP/Southampton
• $TEMP/Teddy
• $TEMP/Violation
• $TEMP/Walnut
• S$olaBma/Updates/Addition.dll
• S$olaBma/Updates/Autoupdater.ini
• S$olaBma/Updates/Cracker.dll
• S$olaBma/Updates/DebugPPF.tmp
• S$olaBma/Updates/DebugPPT.tmp
• S$olaBma/Updates/Helper.dll
• S$olaBma/Updates/Management.log
• S$olaBma/Updates/Resource.dll
• S$olaBma/Updates/main.ini
• S$olaBma/plugins/admin/admin.go
• S$olaBma/plugins/admin/controller/Update.go
• S$olaBma/plugins/admin/controller/api_create.go
• S$olaBma/plugins/admin/controller/api_detail.go

  .js
• S$olaBma/plugins/admin/controller/api_list.go
• S$olaBma/plugins/admin/controller/api_update.go
• S$olaBma/plugins/admin/controller/auth.go
• S$olaBma/plugins/admin/controller/common.go
• S$olaBma/plugins/admin/controller/common_test.go
• S$olaBma/plugins/admin/controller/delete.go
• S$olaBma/plugins/admin/controller/detail.go

  .js
• S$olaBma/plugins/admin/controller/edit.go

  .js
• S$olaBma/plugins/admin/controller/handler.go
• S$olaBma/plugins/admin/controller/install.go
• S$olaBma/plugins/admin/controller/menu.go
• S$olaBma/plugins/admin/controller/new.go

  .js
• S$olaBma/plugins/admin/controller/operation.go
• S$olaBma/plugins/admin/controller/plugins.go
• S$olaBma/plugins/admin/controller/plugins_tmpl.go

  .js
• S$olaBma/plugins/admin/controller/show.go

  .js
• S$olaBma/plugins/admin/controller/system.go
• S$olaBma/plugins/admin/data/mysql/admin.sql
• S$olaBma/plugins/admin/data/sqlite/admin.db
• S$olaBma/plugins/admin/models/base.go
• S$olaBma/plugins/admin/models/menu.go
• S$olaBma/plugins/admin/models/operation_log.go
• S$olaBma/plugins/admin/models/permission.go
• S$olaBma/plugins/admin/models/role.go
• S$olaBma/plugins/admin/models/site.go

  .js
• S$olaBma/plugins/admin/models/user.go

  .js
• S$olaBma/plugins/admin/modules/captcha/captcha.go
• S$olaBma/plugins/admin/modules/constant/constant.go
• S$olaBma/plugins/admin/modules/form/form.go

  .js
• S$olaBma/plugins/admin/modules/guard/delete.go
• S$olaBma/plugins/admin/modules/guard/edit.go
• S$olaBma/plugins/admin/modules/guard/export.go
• S$olaBma/plugins/admin/modules/guard/guard.go
• S$olaBma/plugins/admin/modules/guard/menu_delete.go
• S$olaBma/plugins/admin/modules/guard/menu_edit.go
• S$olaBma/plugins/admin/modules/guard/menu_new.go
• S$olaBma/plugins/admin/modules/guard/new.go
• S$olaBma/plugins/admin/modules/guard/server_login.go
• S$olaBma/plugins/admin/modules/guard/update.go
• S$olaBma/plugins/admin/modules/helper.go
• S$olaBma/plugins/admin/modules/helper_test.go
• S$olaBma/plugins/admin/modules/paginator/paginator.go
• S$olaBma/plugins/admin/modules/paginator/paginator_test.go
• S$olaBma/plugins/admin/modules/parameter/parameter.go

  .js
• S$olaBma/plugins/admin/modules/parameter/parameter_test.go
• S$olaBma/plugins/admin/modules/response/response.go

  .js
• S$olaBma/plugins/admin/modules/table/config.go
• S$olaBma/plugins/admin/modules/table/default.go

  .js
• S$olaBma/plugins/admin/modules/table/default_test.go
• S$olaBma/plugins/admin/modules/table/generators.go

  .js
• S$olaBma/plugins/admin/modules/table/table.go
• S$olaBma/plugins/admin/modules/table/tmpl.go

  .js
• S$olaBma/plugins/admin/modules/table/tmpl/choose_table_ajax.tmpl

  .js
• S$olaBma/plugins/admin/modules/table/tmpl/generator.tmpl

  .js
• S$olaBma/plugins/admin/modules/tools/generator.go

  .js
• S$olaBma/plugins/admin/modules/tools/template.go
• S$olaBma/plugins/admin/router.go
• S$olaBma/plugins/example/controller.go
• S$olaBma/plugins/example/example.go
• S$olaBma/plugins/example/go_plugin/Makefile
• S$olaBma/plugins/example/go_plugin/main.go
• S$olaBma/plugins/example/router.go
• S$olaBma/plugins/plugins.go

  .js
• S$olaBma/plugins/plugins_test.go
• S$olaBma/template/chartjs/assets.go
• S$olaBma/template/chartjs/assets/chart.min.js

  .js
• S$olaBma/template/chartjs/assets_list.go

  .js
• S$olaBma/template/chartjs/bar.go
• S$olaBma/template/chartjs/chart.go
• S$olaBma/template/chartjs/chartjs.tmpl
• S$olaBma/template/chartjs/line.go
• S$olaBma/template/chartjs/pie.go
• S$olaBma/template/chartjs/radar.go
• S$olaBma/template/chartjs/template.go

  .js
• S$olaBma/template/color/color.go
• S$olaBma/template/components/alert.go
• S$olaBma/template/components/base.go
• S$olaBma/template/components/box.go
• S$olaBma/template/components/button.go
• S$olaBma/template/components/col.go
• S$olaBma/template/components/composer.go

  .js
• S$olaBma/template/components/form.go
• S$olaBma/template/components/image.go
• S$olaBma/template/components/label.go
• S$olaBma/template/components/link.go
• S$olaBma/template/components/paninator.go
• S$olaBma/template/components/popup.go
• S$olaBma/template/components/product.go
• S$olaBma/template/components/row.go
• S$olaBma/template/components/table.go
• S$olaBma/template/components/tabs.go
• S$olaBma/template/components/tree.go
• S$olaBma/template/components/treeview.go
• S$olaBma/template/icon/icon.go
• S$olaBma/template/installation/Makefile
• S$olaBma/template/installation/assets.go
• S$olaBma/template/installation/assets/installation/dist/all.min.css
• S$olaBma/template/installation/assets/installation/dist/all.min.js

  .js
• S$olaBma/template/installation/assets/installation/dist/respond.min.js

  .js
• S$olaBma/template/installation/assets/src/css/font-awesome.min.css
• S$olaBma/template/installation/assets/src/css/main.css
• S$olaBma/template/installation/assets/src/css/noscript.css
• S$olaBma/template/installation/assets/src/fonts/FontAwesome.otf
• S$olaBma/template/installation/assets/src/fonts/fontawesome-webfont.eot
• S$olaBma/template/installation/assets/src/fonts/fontawesome-webfont.svg

  .xml
• S$olaBma/template/installation/assets/src/fonts/fontawesome-webfont.ttf
• S$olaBma/template/installation/assets/src/fonts/fontawesome-webfont.woff
• S$olaBma/template/installation/assets/src/fonts/fontawesome-webfont.woff2
• S$olaBma/template/installation/assets/src/js/jquery.min.js

  .js
• S$olaBma/template/installation/assets/src/js/main.js

  .js
• S$olaBma/template/installation/assets/src/js/skel.min.js

  .js
• S$olaBma/template/installation/assets_list.go

  .js
• S$olaBma/template/installation/installation.go

  .js
• S$olaBma/template/installation/installation.tmpl
• S$olaBma/template/installation/template.go

  .js
• S$olaBma/template/login/Makefile
• S$olaBma/template/login/assets.go
• S$olaBma/template/login/assets/src/css/0_font.css
• S$olaBma/template/login/assets/src/css/1_bootstrap.min.css
• S$olaBma/template/login/assets/src/css/2_animate.css
• S$olaBma/template/login/assets/src/css/3_style.css
• S$olaBma/template/login/assets/src/js/combine/1_jquery.min.js

  .js
• S$olaBma/template/login/assets/src/js/combine/2_bootstrap.min.js

  .js
• S$olaBma/template/login/assets/src/js/combine/3_particles.js

  .js
• S$olaBma/template/login/assets/src/js/combine/4_main.js
• S$olaBma/template/login/assets/src/js/respond.min.js

  .js
• S$olaBma/template/login/assets_list.go

  .js
• S$olaBma/template/login/login.go

  .js
• S$olaBma/template/login/login.tmpl
• S$olaBma/template/login/template.go
• S$olaBma/template/template.go

  .js
• S$olaBma/template/template_test.go
• S$olaBma/template/types/action/ajax.go

  .js
• S$olaBma/template/types/action/base.go
• S$olaBma/template/types/action/event.go
• S$olaBma/template/types/action/fieldfilter.go

  .js
• S$olaBma/template/types/action/file_upload.go

  .js
• S$olaBma/template/types/action/jump.go
• S$olaBma/template/types/action/jump_selectbox.go
• S$olaBma/template/types/action/popup.go

  .js
• S$olaBma/template/types/button.go

  .js
• S$olaBma/template/types/components.go

  .js
• S$olaBma/template/types/display.go

  .js
• S$olaBma/template/types/display/base.go
• S$olaBma/template/types/display/bool.go
• S$olaBma/template/types/display/carousel.go
• S$olaBma/template/types/display/copy.go

  .js
• S$olaBma/template/types/display/date.go
• S$olaBma/template/types/display/dot.go
• S$olaBma/template/types/display/downloadable.go
• S$olaBma/template/types/display/filesize.go
• S$olaBma/template/types/display/icon.go
• S$olaBma/template/types/display/image.go
• S$olaBma/template/types/display/label.go
• S$olaBma/template/types/display/link.go
• S$olaBma/template/types/display/loading.go
• S$olaBma/template/types/display/progressbar.go
• S$olaBma/template/types/display/qrcode.go
• S$olaBma/template/types/display_test.go
• S$olaBma/template/types/form.go

  .js
• S$olaBma/template/types/form/form.go
• S$olaBma/template/types/form/form_test.go
• S$olaBma/template/types/form/select/select.go

  .ps1
• S$olaBma/template/types/form_test.go
• S$olaBma/template/types/info.go

  .js
• S$olaBma/template/types/info_test.go
• S$olaBma/template/types/operators.go
• S$olaBma/template/types/page.go

  .js
• S$olaBma/template/types/select.go
• S$olaBma/template/types/size.go

  .js
• S$olaBma/template/types/table/table.go
• S$olaBma/template/types/tmpl.go

  .js
• S$olaBma/template/types/tmpls/choose.tmpl
• S$olaBma/template/types/tmpls/choose_ajax.tmpl

  .js
• S$olaBma/template/types/tmpls/choose_custom.tmpl
• S$olaBma/template/types/tmpls/choose_disable.tmpl
• S$olaBma/template/types/tmpls/choose_hide.tmpl

  .js
• S$olaBma/template/types/tmpls/choose_map.tmpl
• S$olaBma/template/types/tmpls/choose_show.tmpl

  .js