Unlock[All_Vession][.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Unlock[All_Vession].zip
Size

4.8MB
MD5

c090b95db45e18fcfd73282f49400387
SHA1

772c60bfbb22f9bad8bf631452a5c97cf6ac5990
SHA256

0473cd1ccbcbb1d706cf91122c6b5ec8e0227d5c4de39e5df56593bf3d467620
SHA512

60bfdd0c48a1940cb7944a0fefcdf76608658af76df14e3388404de6f21f87174345e24876f0ace28e84ce68fb0ce40b653b83ddfecfd43be958367c7c323973
SSDEEP

98304:7Sycn6m4oF36tcS/vWCNydLZQe447Qlrtn9yHgo6Pb+xPXDE9svh:bcjr3ge8S1z7QDn4go6P2PTeK

Score

N/A

Malware Config

Signatures

Files

Unlock[All_Vession].zip
.zip
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/BaseRegistration/BaseResource.Schema.mof
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/BaseRegistration/MSFT_DSCMetaConfiguration.mof
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/BaseRegistration/en-US/BaseResource.Schema.mfl
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/BaseRegistration/en-US/MSFT_DSCMetaConfiguration.mfl
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/Registration/MSFT_FileDirectoryConfiguration/MSFT_FileDirectoryConfiguration.Registration.mof
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/Registration/MSFT_FileDirectoryConfiguration/en-US/MSFT_FileDirectoryConfiguration.Registration.mfl
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/Schema/MSFT_FileDirectoryConfiguration/MSFT_FileDirectoryConfiguration.Schema.mof
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/Configuration/Schema/MSFT_FileDirectoryConfiguration/en-US/MSFT_FileDirectoryConfiguration.Schema.mfl
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/DscCore.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/ODBC.INI
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/ODBCINST.INI
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/PFRO.log
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/PSDSCFileDownloadManagerEvents.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/ServerStandard.xml
.xml
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/ServerWeb.xml
.xml
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.ApplicationModel.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Data.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Devices.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Foundation.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Globalization.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Graphics.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Management.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Media.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Networking.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Security.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Storage.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.System.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.UI.Xaml.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.UI.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/WinMetadata/Windows.Web.winmd
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/amd64_acpi.inf_31bf3856ad364e35_6.3.9600.18939_none_138212f0a1d1eae6/acpi.inf
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/amd64_acpi.inf_31bf3856ad364e35_6.3.9600.18939_none_138212f0a1d1eae6/acpi.sys
.exe windows x64

ff76db7a08b93ec7fbf02cef7f51f1e8

Code Sign

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:23

Not After

11/08/2018, 20:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:76:af:61:7c:8c:04:56:e0:50:9e:f4:81:ba:51:fc:52:9f:0f:72:50:92:39:4e:61:df:24:fc:7c:47:b0:70
Signer

Actual PE Digest

47:76:af:61:7c:8c:04:56:e0:50:9e:f4:81:ba:51:fc:52:9f:0f:72:50:92:39:4e:61:df:24:fc:7c:47:b0:70

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
PoRequestPowerIrp
ObfReferenceObject
ObfDereferenceObject
IofCallDriver
IoAllocateWorkItem
IoQueueWorkItem
IoFreeWorkItem
RtlCopyUnicodeString
KeInitializeSpinLock
KeInitializeEvent
ExInitializeResourceLite
ExInitializeNPagedLookasideList
IoRegisterBootDriverReinitialization
IoConnectInterruptEx
KeBugCheckEx
ZwPowerInformation
_vsnprintf
_vsnwprintf
KeSetEvent
RtlIoDecodeMemIoResource
RtlCmDecodeMemIoResource
RtlIsRangeAvailable
RtlFreeRangeList
RtlInitializeRangeList
RtlAddRange
RtlInvertRangeList
KeInsertQueueDpc
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
IoReserveDependency
IoResolveDependency
IoCreateDevice
IoAttachDeviceToDeviceStack
KeWaitForSingleObject
IoInvalidateDeviceRelations
IoRequestDeviceEject
IoGetAttachedDeviceReference
strstr
strnlen
EmClientRuleEvaluate
IoSetDevicePropertyData
IoInvalidateDeviceState
ObReferenceObjectByPointer
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
ExQueueWorkItem
IoReleaseCancelSpinLock
IoOpenDeviceRegistryKey
ZwSetValueKey
_strtoui64
IoBuildSynchronousFsdRequest
IoDuplicateDependency
IoSetDependency
ObfReferenceObjectWithTag
ObfDereferenceObjectWithTag
IoTestDependency
PoSetPowerState
PoCallDriver
IoAcquireCancelSpinLock
PoSetSystemWake
IoDetachDevice
SeSinglePrivilegeCheck
IoDeleteSymbolicLink
ExDeleteNPagedLookasideList
IoGetDeviceProperty
IoCreateSymbolicLink
IoDisconnectInterruptEx
HalPrivateDispatchTable
MmLockPagableDataSection
MmUnlockPagableImageSection
ExInterlockedRemoveHeadList
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
IoUnregisterPlugPlayNotification
ZwOpenFile
RtlCompareMemory
IoBuildDeviceIoControlRequest
IoRegisterPlugPlayNotification
KeClearEvent
wcsstr
PoFxNotifySurprisePowerOn
ZwQuerySystemInformation
RtlIntegerToUnicodeString
EmProviderRegister
RtlInitAnsiString
RtlAnsiStringToUnicodeString
IofCompleteRequest
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
KeQueryActiveProcessorCountEx
EmClientQueryRuleState
HalDispatchTable
ZwSetSystemInformation
RtlAnsiCharToUnicodeChar
ExCreateCallback
ExRegisterCallback
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoGetDevicePropertyData
_strupr
IoWMIOpenBlock
IoWMIQueryAllData
IoWMIExecuteMethod
RtlEqualUnicodeString
HeadlessDispatch
MmGetPhysicalAddress
PoShutdownBugCheck
MmMapIoSpace
KeSetImportanceDpc
IoQueueWorkItemEx
KeWaitForMultipleObjects
PsTerminateSystemThread
KfRaiseIrql
KeLowerIrql
KeProcessorGroupAffinity
KeSetSystemGroupAffinityThread
KeQueryTimeIncrement
KeRevertToUserGroupAffinityThread
ExAcquireFastMutex
ExReleaseFastMutex
RtlDeleteRange
RtlFindRange
IoGetDeviceNumaNode
KeStartDynamicProcessor
RtlIoEncodeMemIoResource
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
ZwEnumerateKey
RtlUnicodeStringToInteger
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
MmUnmapIoSpace
_stricmp
RtlFindLeastSignificantBit
IoCancelIrp
IoUnregisterPlugPlayNotificationEx
IoFreeIrp
IoWMIRegistrationControl
IoAllocateIrp
ZwCreateFile
IoFileObjectType
KeDelayExecutionThread
IoReuseIrp
IoSynchronousCallDriver
RtlCompareUnicodeString
IoReportInterruptInactive
IoReportInterruptActive
PoSetHiberRange
KeSetTimer
KeCancelTimer
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
EtwWrite
EtwEventEnabled
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KdEnableDebugger
ZwLoadDriver
KdDisableDebugger
ord3
ExAcquireSpinLockShared
ExReleaseSpinLockShared
ExTryQueueWorkItem
ExUnregisterCallback
ExNotifyCallback
ExInitializeRundownProtection
ExAcquireSpinLockExclusive
ExReleaseSpinLockExclusive
DbgPrintEx
ExWaitForRundownProtectionRelease
NtClose
ExAcquireRundownProtection
strncmp
strchr
strrchr
ExReleaseRundownProtection
ExSetTimer
KeQueryInterruptTimePrecise
InitSafeBootMode
RtlGetNextRange
RtlGetFirstRange
RtlQueryRegistryValuesEx
KeGetProcessorNumberFromIndex
KeRegisterProcessorChangeCallback
RtlCopyRangeList
KeQueryMaximumGroupCount
KeQueryGroupAffinity
KeGetProcessorIndexFromNumber
KeQueryMaximumProcessorCountEx
RtlInvertRangeListEx
_wcsicmp
RtlDeleteOwnersRanges
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
EtwRegister

hal

HalGetMessageRoutingInfo
HalConvertDeviceIdtToIrql
KeFlushWriteBuffer
HalGetProcessorIdByNtNumber
HalSetBusDataByOffset
HalGetBusDataByOffset
HalGetMemoryCachingRequirements
KdHvComPortInUse
KdComPortInUse
KeStallExecutionProcessor
KeQueryPerformanceCounter
HalGetInterruptTargetInformation

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Exports

Exports

DeRegisterOpRegionHandler
RegisterOpRegionHandler

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 512B - Virtual size: 58B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/amd64_acpipagr.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bcbaa4727b8b80b6/acpipagr.inf_loc
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/amd64_acpipagr.inf_31bf3856ad364e35_6.3.9600.16384_none_f5a27e69194bb29a/acpipagr.inf
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/amd64_acpipagr.inf_31bf3856ad364e35_6.3.9600.16384_none_f5a27e69194bb29a/acpipagr.sys
.exe windows x64

4be91eaa180fe01cb91646273a069b7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAcquirePushLockSharedEx
ExAcquirePushLockExclusiveEx
KeQueryActiveProcessorCountEx
EtwUnregister
ExReleasePushLockExclusiveEx
EtwEventEnabled
EtwWrite
RtlCopyUnicodeString
ZwPowerInformation
ExReleasePushLockSharedEx
ExFreePoolWithTag
EtwRegister
ExAllocatePoolWithTag

wdfldr.sys

WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionBindClass

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/amd64_acpipmi.inf.resources_31bf3856ad364e35_6.3.9600.16384_en-us_413d2129b67b6ee2/acpipmi.inf_loc
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/en-US/DscCoreR.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/en-US/PSDSCFileDownloadManagerEvents.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/About/setupact.log
Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession]/Unlock[All_Vession].exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 49KB - Virtual size: 49KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 5KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 130KB - Virtual size: 130KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 48KB - Virtual size: 48KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 165KB - Virtual size: 164KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 29KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 53KB - Virtual size: 52KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 48KB - Virtual size: 47KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 8KB - Virtual size: 7KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 118KB - Virtual size: 117KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 109KB - Virtual size: 109KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 64KB - Virtual size: 64KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 93KB - Virtual size: 93KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 19KB - Virtual size: 19KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 773KB - Virtual size: 772KB

.rsrc
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 130KB - Virtual size: 130KB

.text
Size: 48KB - Virtual size: 48KB

.text
Size: 165KB - Virtual size: 164KB

.text
Size: 29KB - Virtual size: 28KB

.text
Size: 53KB - Virtual size: 52KB

.text
Size: 48KB - Virtual size: 47KB

.text
Size: 8KB - Virtual size: 7KB

.text
Size: 118KB - Virtual size: 117KB

.text
Size: 109KB - Virtual size: 109KB

.text
Size: 64KB - Virtual size: 64KB

.text
Size: 93KB - Virtual size: 93KB

.text
Size: 19KB - Virtual size: 19KB

.text
Size: 773KB - Virtual size: 772KB

.text
Size: 170KB - Virtual size: 169KB

.text
Size: 91KB - Virtual size: 90KB

33:00:00:01:74:69:de:10:8b:37:65:a8:d7:00:00:00:00:01:74
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

47:76:af:61:7c:8c:04:56:e0:50:9e:f4:81:ba:51:fc:52:9f:0f:72:50:92:39:4e:61:df:24:fc:7c:47:b0:70
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 266KB - Virtual size: 266KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 17KB

.pdata
Size: 23KB - Virtual size: 23KB

PAGE
Size: 112KB - Virtual size: 112KB

.edata
Size: 512B - Virtual size: 119B

PAGEDATA
Size: 3KB - Virtual size: 2KB

PAGECONS
Size: 512B - Virtual size: 58B

INIT
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 804B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 216B