8bef06598b67c1edbbf42399a19c8a8aa61d12466e873d70e9e26a10ba54d308[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8bef06598b67c1edbbf42399a19c8a8aa61d12466e873d70e9e26a10ba54d308.exe
Size

3.2MB
MD5

8fc4963f1db976a01204922f66e8a77a
SHA1

926cba350b7a76176a8ff603a89debdd80576a9a
SHA256

8bef06598b67c1edbbf42399a19c8a8aa61d12466e873d70e9e26a10ba54d308
SHA512

da65ed7f67d3f2e2ef5ecb936d976a7eb2f0462a2716be562d9fb52d75ea2da4e1e22b1b76e5a7b8e384c6d1e532e7cb3032ab6ab3ef79a7d4cbcbc46c63a2cf
SSDEEP

49152:sO+795nBiou57vQHwupfn8twXn1X9qSTHkAAtKoVPYqw3R8mYEvbZocyS9U9fnsL:/+div57vQHwg8eXFL1mK6U3YEzAg

Score

N/A

Malware Config

Signatures

Files

8bef06598b67c1edbbf42399a19c8a8aa61d12466e873d70e9e26a10ba54d308.exe
.exe windows x64

ae7dda8bf49d06c904ca0069438ee5d9

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:ea:56:d3:bc:5d:94:c4:f1:b2:50:fd:66:9e:d4:bd:66:fa:da:42:32:47:89:80:bd:0c:ff:12:e5:2c:a5:dc
Signer

Actual PE Digest

d5:ea:56:d3:bc:5d:94:c4:f1:b2:50:fd:66:9e:d4:bd:66:fa:da:42:32:47:89:80:bd:0c:ff:12:e5:2c:a5:dc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ObQueryNameString
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

fltmgr.sys

FltUnregisterFilter

netio.sys

WskRegister

wdfldr.sys

WdfVersionBind

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: - Virtual size: 19B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Vba0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Vba1
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vba2
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae7dda8bf49d06c904ca0069438ee5d9

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

d5:ea:56:d3:bc:5d:94:c4:f1:b2:50:fd:66:9e:d4:bd:66:fa:da:42:32:47:89:80:bd:0c:ff:12:e5:2c:a5:dcSigner

Signature Validations

Verification

09/09/2022, 12:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

fltmgr.sys

netio.sys

wdfldr.sys

hal

Sections

.text Size: - Virtual size: 223KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 16KB

.pdata Size: - Virtual size: 4KB

PAGE Size: - Virtual size: 19B

INIT Size: - Virtual size: 3KB

.Vba0 Size: - Virtual size: 1.8MB

.Vba1 Size: 512B - Virtual size: 8B

.Vba2 Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 512B - Virtual size: 176B

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

d5:ea:56:d3:bc:5d:94:c4:f1:b2:50:fd:66:9e:d4:bd:66:fa:da:42:32:47:89:80:bd:0c:ff:12:e5:2c:a5:dc
Signer

09/09/2022, 12:57
Valid: false

.text
Size: - Virtual size: 223KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 16KB

.pdata
Size: - Virtual size: 4KB

PAGE
Size: - Virtual size: 19B

INIT
Size: - Virtual size: 3KB

.Vba0
Size: - Virtual size: 1.8MB

.Vba1
Size: 512B - Virtual size: 8B

.Vba2
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 512B - Virtual size: 176B