3468a78195bb3471f4962276944b85fb12abe27acddf8865d8442fa43287c979[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3468a78195bb3471f4962276944b85fb12abe27acddf8865d8442fa43287c979.exe
Size

2.2MB
MD5

6aaac8b971ee8f76d3eaa1a648a328e0
SHA1

6d9a2836b724365e390873b4951d2f4af608d804
SHA256

3468a78195bb3471f4962276944b85fb12abe27acddf8865d8442fa43287c979
SHA512

93e046fa89c1fa0ad947a71213a1f8ba3494984ff7e30920c210694d136a6fc7ad0df75f9b8f17e18be844b94ce0ecb9b433e64bd724c026a89ea5662518c1af
SSDEEP

49152:MI+ZowmdLgT36YjVG4av+boGDx6F5Z8mXdtsaGgNz1n3HCap98ioFr8:MnqNLiVjVFhxt6FYMzdiap9h

Score

N/A

Malware Config

Signatures

Files

3468a78195bb3471f4962276944b85fb12abe27acddf8865d8442fa43287c979.exe
.exe windows x64

53b7928f0f9f719c20703aadfe11ee22

Code Sign

11:ea:9b:47:ed:c5:35:77:34:0f:a1:4e:14:7e:91:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/02/2010, 00:00

Not After

22/02/2012, 23:59

Subject

CN=Xtreaming Technology Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Xtreaming Technology Inc.,L=Taichung,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:1d:dd:8d:d5:9b:68:7a:6e:9c:23:88:62:17:18:c6:02:31:81:79
Signer

Actual PE Digest

93:1d:dd:8d:d5:9b:68:7a:6e:9c:23:88:62:17:18:c6:02:31:81:79

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Xtreaming Technology Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Xtreaming Technology Inc.,L=Taichung,ST=Taiwan,C=TW

23/09/2022, 10:23
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoFileObjectType
PsCreateSystemThread
IoRegisterBootDriverReinitialization
PsTerminateSystemThread
_vsnwprintf
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
RtlWriteRegistryValue
PsThreadType
ObfReferenceObject
ObfDereferenceObject
IoCreateDevice
ZwOpenFile
RtlCreateRegistryKey
RtlRandomEx
_vsnprintf
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExDeletePagedLookasideList
ExQueryDepthSList
ExInitializePagedLookasideList
ExDeleteNPagedLookasideList
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeEnterCriticalRegion
ExReleaseResourceLite
ExDeleteResourceLite
ExInitializeResourceLite
IoGetLowerDeviceObject
ZwQuerySymbolicLinkObject
IoVolumeDeviceToDosName
RtlGetVersion
ZwQuerySystemInformation
ZwOpenSymbolicLinkObject
IoGetDeviceObjectPointer
ExSystemTimeToLocalTime
ZwQueryValueKey
KeQueryTimeIncrement
RtlTimeToTimeFields
ZwDeviceIoControlFile
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
KeSetEvent
KeInitializeEvent
RtlInitString
KeWaitForSingleObject
RtlEqualString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
MmAllocatePagesForMdl
IoRegisterShutdownNotification
MmMapLockedPagesSpecifyCache
MmFreePagesFromMdl
KeClearEvent
SeCreateAccessState
IoGetRelatedDeviceObject
IoGetFileObjectGenericMapping
ObCreateObject
IoCreateFile
IoFreeIrp
IoAllocateIrp
IofCallDriver
MmHighestUserAddress
KeBugCheckEx
RtlEqualUnicodeString
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoReuseIrp
KeResetEvent
KeReadStateEvent
KeInitializeMutex
IoFreeMdl
KeReleaseMutex
IoCancelIrp
KeDelayExecutionThread
ZwCreateFile
IoGetDeviceAttachmentBaseRef
MmProbeAndLockPages
MmUnlockPages
KeWaitForMultipleObjects
IoAllocateMdl
_wcsicmp
ZwUnloadKey
ZwCreateKey
NtBuildNumber
_wcsnicmp
ZwReadFile
ExGetPreviousMode
ZwSetValueKey
ZwSaveKey
_wcslwr
ZwOpenDirectoryObject
ZwSetInformationFile
wcsrchr
ExAllocatePool
IoGetCurrentProcess
ZwQueryDirectoryObject
ZwFlushKey
ZwDeleteFile
ZwLoadKey
MmIsAddressValid
ZwWriteFile
ExFreePoolWithTag
ZwCreateEvent
RtlFreeUnicodeString
ExAllocatePoolWithTag
__C_specific_handler
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53b7928f0f9f719c20703aadfe11ee22

Code Sign

11:ea:9b:47:ed:c5:35:77:34:0f:a1:4e:14:7e:91:32Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

93:1d:dd:8d:d5:9b:68:7a:6e:9c:23:88:62:17:18:c6:02:31:81:79Signer

Signature Validations

Verification

23/09/2022, 10:23 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

fltmgr.sys

hal

Sections

.text Size: - Virtual size: 81KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 23KB

.pdata Size: - Virtual size: 2KB

INIT Size: - Virtual size: 3KB

.data0 Size: - Virtual size: 2.4MB

.data1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 12B

11:ea:9b:47:ed:c5:35:77:34:0f:a1:4e:14:7e:91:32
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

93:1d:dd:8d:d5:9b:68:7a:6e:9c:23:88:62:17:18:c6:02:31:81:79
Signer

23/09/2022, 10:23
Valid: false

.text
Size: - Virtual size: 81KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 23KB

.pdata
Size: - Virtual size: 2KB

INIT
Size: - Virtual size: 3KB

.data0
Size: - Virtual size: 2.4MB

.data1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 12B