8ec12dcfcfe4d8c5c4dc81868e2856b07dcbac7e9da5270530e813b9710a041c

Sharing

Copy URL Twitter E-mail

General

Target

8ec12dcfcfe4d8c5c4dc81868e2856b07dcbac7e9da5270530e813b9710a041c
Size

122KB
MD5

7225f4428450a82579387e058be6b3e9
SHA1

5583354e66230f9c395b715b61762f7c02ed0c33
SHA256

8ec12dcfcfe4d8c5c4dc81868e2856b07dcbac7e9da5270530e813b9710a041c
SHA512

f19642dc81aa194a62f59efff9f636cd9771dc61e59b7582cb6ce69c9e3a34301c386859c2a9d6259542e53d697120e6f8894bdd6ad31081e069d66950b11175
SSDEEP

3072:2EwMNxeAYmeknd3eYAUwgaGYN64CJLUt6Jzrcmbp:/wMNxeAYmeE3qmk84CJF4mp

Score

N/A

Malware Config

Signatures

Files

8ec12dcfcfe4d8c5c4dc81868e2856b07dcbac7e9da5270530e813b9710a041c
.exe windows x86

6e6124224313a4d35fbb80f307c0269f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:0b:6c:41:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2006, 02:41

Not After

07/11/2007, 02:51

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0d:2f:0b:13:4e:5b:d5:cd:28:07:b1:9e:4b:fd:4f:f2:e2:3d:0e:de
Signer

Actual PE Digest

0d:2f:0b:13:4e:5b:d5:cd:28:07:b1:9e:4b:fd:4f:f2:e2:3d:0e:de

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoFreeWorkItem
ZwClose
RtlQueryRegistryValues
ZwCreateKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ZwOpenKey
IoFreeIrp
IoFreeMdl
RtlCompareMemory
IoStopTimer
EtwWrite
IoGetDriverObjectExtension
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeQueryTimeIncrement
KeQuerySystemTime
_allmul
IoQueueWorkItem
IoAllocateWorkItem
IoReuseIrp
IofCallDriver
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoAllocateMdl
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
KeInitializeMutex
IoAllocateIrp
IoStartTimer
IoInitializeTimer
KeLeaveCriticalRegion
KeSetEvent
KeEnterCriticalRegion
_vsnprintf
IoGetIoPriorityHint
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IofCompleteRequest
DbgPrintEx
EtwUnregister
_allshl
_alldiv
IoGetPagingIoPriority
IoCallDriverStackSafe
IoStartNextPacket
MmUnlockPages
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeReleaseMutex
KeGetCurrentThread
KeSetTimerEx
KeTickCount
IoGetDeviceProperty
EtwRegister
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
IoStartPacket
IoSetHardErrorOrVerifyDevice
memmove
IoDeleteDevice
IoCreateDevice
RtlInitString
ObReferenceObjectByPointer
IoInvalidateDeviceRelations
MmProbeAndLockPages
KefReleaseSpinLockFromDpcLevel
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
_alldvrm
IoDetachDevice
ZwSetValueKey
KeInitializeDpc
KeInitializeTimer
ObfReferenceObject
KeBugCheck
KeDelayExecutionThread
RtlDeleteRegistryValue
_vsnwprintf
RtlTimeToTimeFields
InterlockedPopEntrySList
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
InterlockedPushEntrySList
MmUnmapLockedPages
ExVerifySuite
IoBuildPartialMdl
KeCancelTimer
_aulldiv
KeSetTimer
strncmp
RtlWriteRegistryValue
IoReadPartitionTableEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoGetDeviceObjectPointer
IoBuildSynchronousFsdRequest
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlInitAnsiString
IoGetConfigurationInformation
IoAttachDeviceToDeviceStack
RtlUnwind
memset
memcpy
ExAllocatePoolWithTag
IoReportTargetDeviceChangeAsynchronous
IoInitializeIrp
ExFreePoolWithTag

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Exports

Exports

ClassAcquireChildLock
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassBuildRequest
ClassCheckMediaState
ClassClaimDevice
ClassCleanupMediaChangeDetection
ClassCompleteRequest
ClassCreateDeviceObject
ClassDebugPrint
ClassDeleteSrbLookasideList
ClassDeviceControl
ClassDisableMediaChangeDetection
ClassEnableMediaChangeDetection
ClassFindModePage
ClassForwardIrpSynchronous
ClassGetDescriptor
ClassGetDeviceParameter
ClassGetDriverExtension
ClassGetFsContext
ClassGetVpb
ClassInitialize
ClassInitializeEx
ClassInitializeMediaChangeDetection
ClassInitializeSrbLookasideList
ClassInitializeTestUnitPolling
ClassInternalIoControl
ClassInterpretSenseInfo
ClassInvalidateBusRelations
ClassIoComplete
ClassIoCompleteAssociated
ClassMarkChildMissing
ClassMarkChildrenMissing
ClassModeSense
ClassNotifyFailurePredicted
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassReleaseChildLock
ClassReleaseQueue
ClassReleaseRemoveLock
ClassRemoveDevice
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassSendDeviceIoControlSynchronous
ClassSendIrpSynchronous
ClassSendNotification
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendStartUnit
ClassSetDeviceParameter
ClassSetFailurePredictionPoll
ClassSetMediaChangeState
ClassSignalCompletion
ClassSpinDownPowerHandler
ClassSplitRequest
ClassStopUnitPowerHandler
ClassUpdateInformationInRegistry
ClassWmiCompleteRequest
ClassWmiFireEvent
DllUnload

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e6124224313a4d35fbb80f307c0269f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

61:0b:6c:41:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

0d:2f:0b:13:4e:5b:d5:cd:28:07:b1:9e:4b:fd:4f:f2:e2:3d:0e:deSigner

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

PAGE Size: 26KB - Virtual size: 26KB

.edata Size: 2KB - Virtual size: 2KB

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 6KB - Virtual size: 5KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

61:0b:6c:41:00:00:00:00:00:05
Certificate

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

0d:2f:0b:13:4e:5b:d5:cd:28:07:b1:9e:4b:fd:4f:f2:e2:3d:0e:de
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

PAGE
Size: 26KB - Virtual size: 26KB

.edata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 6KB - Virtual size: 5KB