75c5d01485f150b8c5696fd2864fac85f47951e9a50910a60a0ea039d8623b07

Sharing

Copy URL

Twitter E-mail

General

Target

75c5d01485f150b8c5696fd2864fac85f47951e9a50910a60a0ea039d8623b07
Size

155KB
MD5

0d9d6415513d7395868d462eec33e74a
SHA1

3178725f0d6cd4931e05cce3ae7219f84dd47b0f
SHA256

75c5d01485f150b8c5696fd2864fac85f47951e9a50910a60a0ea039d8623b07
SHA512

6f4839bbdaa33a809af44df91b0c4de85ad6e30105944200dbb0c56ae8f85de324a02253c3cbc5d0357f25034c634ef11f7f4cd292b79f1d06be9c8646c5adbe
SSDEEP

3072:J81H5CBtFFQn3qswngsTaH0wM9E6xGob/ptyra7GX5zujildhT5RL:+1HwBrICT7xBDyra7QpujyL

Score

N/A

Malware Config

Signatures

Files

75c5d01485f150b8c5696fd2864fac85f47951e9a50910a60a0ea039d8623b07
.exe windows x86

94b6a835f73ce800334f58e2e626d5f1

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

30/05/2012, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:6b:f4:0f:3a:97:c2:f5:0f:31:84:d5:6b:ba:3c:ff:ad:49:3f:91
Signer

Actual PE Digest

54:6b:f4:0f:3a:97:c2:f5:0f:31:84:d5:6b:ba:3c:ff:ad:49:3f:91

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

28/11/2022, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlAppendUnicodeStringToString
IofCompleteRequest
ZwOpenFile
_aulldiv
_allmul
IoFreeMdl
_aullshr
ZwClose
RtlInitUnicodeString
KeInitializeSpinLock
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
KeBugCheckEx
KeTickCount
_alldiv
KeQuerySystemTime
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisMDeregisterAdapterShutdownHandler
NdisMMapIoSpace
NdisMUnmapIoSpace
NdisInitializeReadWriteLock
NdisResetEvent
NdisSetEvent
NdisMSetPeriodicTimer
NdisWritePciSlotInformation
NdisReadPciSlotInformation
NdisMFreeSharedMemory
NdisMAllocateSharedMemory
NdisMDeregisterDevice
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBufferPool
NdisFreePacketPool
NdisFreePacket
NdisAllocateBufferPool
NdisMInitializeScatterGatherDma
NdisMDeregisterInterrupt
NdisMRegisterInterrupt
NdisAllocateMemoryWithTag
NdisSetTimer
NdisMSynchronizeWithInterrupt
NdisOpenConfiguration
NdisCloseConfiguration
NdisReadNetworkAddress
NdisInitializeWrapper
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisMRegisterDevice
NdisReadConfiguration
NdisSystemProcessorCount
NdisFreeMemory
NdisMQueryAdapterInstanceName
NdisInitializeEvent
NdisWaitEvent
NdisMCancelTimer
NdisMInitializeTimer
NdisMSleep
NdisGetRoutineAddress
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMQueryAdapterResources
NdisTerminateWrapper
NdisMRegisterMiniport
NdisGetVersion

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94b6a835f73ce800334f58e2e626d5f1

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1Certificate

Extended Key Usages

Key Usages

54:6b:f4:0f:3a:97:c2:f5:0f:31:84:d5:6b:ba:3c:ff:ad:49:3f:91Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 1024B - Virtual size: 764B

.data Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

05:82:58:57:16:70:ab:2b:1b:ac:50:67:9c:ec:49:a1
Certificate

54:6b:f4:0f:3a:97:c2:f5:0f:31:84:d5:6b:ba:3c:ff:ad:49:3f:91
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 1024B - Virtual size: 764B

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB