General

Malware Config

Signatures

Files

• b7688069d6b1b80fa2e88a343dc56c91d0d172da15c084aff592dfb038a6982a

  .exe windows x64

  3bf17df88af4d2fe330ec7e591dbed0b

  
  

  Code Sign

  77:76:92:40:d8:19:a3:f2:eb:2e:7f:8b:af:fe:cd:26

  Certificate

  Issuer

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Not Before

  18-07-2013 00:00

  Not After

  18-07-2014 23:59

  Subject

  CN=Huiping Zhong,OU=Individual Developer,O=No Organization Affiliation,L=Heyuan,ST=Guangdong,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageMicrosoftCommercialCodeSigning

  47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e

  Certificate

  Issuer

  CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:1f:b0:a4:00:00:00:00:00:1d

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-02-2011 19:31

  Not After

  22-02-2021 19:41

  Subject

  CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  77:69:3d:14:f0:d6:e5:ba:82:66:df:d8:c4:4b:92:85:be:85:81:5b

  Signer

  Actual PE Digest

  77:69:3d:14:f0:d6:e5:ba:82:66:df:d8:c4:4b:92:85:be:85:81:5b

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Huiping Zhong,OU=Individual Developer,O=No Organization Affiliation,L=Heyuan,ST=Guangdong,C=CN

  24-11-2022 14:54

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ntoskrnl.exe

  RtlInitUnicodeString

  ExAllocatePool

  NtQuerySystemInformation

  ExFreePoolWithTag

  IoAllocateMdl

  MmProbeAndLockPages

  MmMapLockedPagesSpecifyCache

  MmUnlockPages

  IoFreeMdl

  KeQueryActiveProcessors

  KeSetSystemAffinityThread

  KeRevertToUserAffinityThread

  DbgPrint

  hal

  KeQueryPerformanceCounter

  Sections

  .text

  Size: - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 204B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  INIT

  Size: - Virtual size: 878B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp2

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 160B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 632B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ