fe74f7dc03f99b822bb66e86534822ff0dbecba093c0b72afb8b38a54da2585a

Sharing

Copy URL Twitter E-mail

General

Target

fe74f7dc03f99b822bb66e86534822ff0dbecba093c0b72afb8b38a54da2585a
Size

767KB
MD5

fd171ce636d31321bfc94f169c0a628a
SHA1

8d90157d5f8a4f26e07aabc1ff5763eb0f9dc2b2
SHA256

fe74f7dc03f99b822bb66e86534822ff0dbecba093c0b72afb8b38a54da2585a
SHA512

c6fa80ad8140d47fb5aca3745d7cb84dfb44a1e127e0556b94a2716bdce67cdddf31b25515d0e5d72a02fbbdae647aed9dff413d0b081964e3f26658ab2208f2
SSDEEP

12288:RGQ/K4OGJOmLtjNJWTOYH17tMU8D2pHD3RMtV1tgHFOjpPL:RGQ/K4OGJOmL9NJGOC1RMU8D2BDhMt/h

Score

N/A

Malware Config

Signatures

Files

fe74f7dc03f99b822bb66e86534822ff0dbecba093c0b72afb8b38a54da2585a
.exe windows x64

6bb7b0a5b8d326d31ed538c9cc5ed23b

Code Sign

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:05:dd:42:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/03/2012, 21:37

Not After

26/06/2013, 21:37

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0b:bb:d8:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/04/2012, 20:55

Not After

09/07/2013, 20:55

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:2d:20:8d:03:13:7f:28:e0:d0:6a:c1:67:19:33:75:ae:a0:db:bf:df:b6:38:66:f9:e6:91:7c:dd:5e:1d:e8
Signer

Actual PE Digest

2a:2d:20:8d:03:13:7f:28:e0:d0:6a:c1:67:19:33:75:ae:a0:db:bf:df:b6:38:66:f9:e6:91:7c:dd:5e:1d:e8

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

ce:2c:fe:99:b4:92:5e:7a:72:4f:6b:22:87:86:1f:b0:c8:cb:37:3c
Signer

Actual PE Digest

ce:2c:fe:99:b4:92:5e:7a:72:4f:6b:22:87:86:1f:b0:c8:cb:37:3c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26/07/2012, 04:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
IoAllocateDriverObjectExtension
RtlInitUnicodeString
IoDeleteDevice
RtlGetVersion
ZwDeleteValueKey
ZwSetValueKey
IoAllocateErrorLogEntry
ZwClose
ZwCreateKey
RtlCopyUnicodeString
IoCreateDevice
IoGetDriverObjectExtension
ZwDeleteKey
DbgPrint
ZwOpenKey
KeBugCheckEx
RtlAnsiCharToUnicodeChar
IoWriteErrorLogEntry
IofCompleteRequest
ExAllocatePoolWithTag
DbgBreakPoint
KeInitializeEvent
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
KeLowerIrql
KfRaiseIrql
_purecall
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoGetDmaAdapter
IoFreeMdl
IoGetAttachedDeviceReference
MmUnlockPages
ObfDereferenceObject
IoGetDeviceProperty
KeClearEvent
IoRegisterPlugPlayNotification
KeLeaveCriticalRegion
IoGetRelatedDeviceObject
KeSetEvent
KeEnterCriticalRegion
IoFileObjectType
ZwCreateFile
IoUnregisterPlugPlayNotification
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
RtlCompareMemory
ObfReferenceObject
IofCallDriver
KeFlushQueuedDpcs
IoReuseIrp
KeInitializeDpc
KeInsertQueueDpc
IoInvalidateDeviceState
IoCreateSymbolicLink
IoIs32bitProcess
IoRequestDeviceEject
IoWMIWriteEvent
RtlQueryRegistryValues
MmGetSystemRoutineAddress
WmiQueryTraceInformation
IoWMIRegistrationControl
strncmp
WmiTraceMessageVa
IoReleaseRemoveLockEx
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoDetachDevice
IoAcquireRemoveLockEx
IoSetCompletionRoutineEx
IoOpenDeviceRegistryKey
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
IoFreeWorkItem
IoAllocateWorkItem
IoQueueWorkItem
IoInvalidateDeviceRelations
KdDebuggerEnabled
KdDebuggerNotPresent
KeRemoveQueueDpc
KeInitializeTimer
KeSetTimerEx
KeCancelTimer
ExDeletePagedLookasideList
ExInitializePagedLookasideList
ExReleaseFastMutex
ExAcquireFastMutex
IoRegisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoUnregisterShutdownNotification
PoStartNextPowerIrp
IoWMIDeviceObjectToProviderId
MmMapLockedPagesSpecifyCache
IoAllocateMdl
MmUnmapLockedPages
MmSizeOfMdl
IoBuildPartialMdl
EtwRegister
EtwUnregister
EtwWrite
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
ZwQueryValueKey
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
MmProbeAndLockPages
KeAreApcsDisabled
MmBuǅ��emGorNonPagedPool
IoCancelIrpg��eSetTimer
�eSetTimer
KeInitializeTimerEx
IoRemdaseB`ocemRphoLockRtmBomp`reUnicodeString
RtmBomp`reUnicodeString
MmLockPagableDataSection
MmLockPagableSectionByHandle
MmUnlockPagableImageSection
MmIsDriverVerifying
KeAcquireSpinLockAtDpcLevel
KeDelayExecutionThread
KeReleaseSpinLockFromDpcLevel
IoGetStackLimits
PoCallDriver
PoSetPowerState
KeReadStateEvent
IoReleaseRemoveLockAndWaitEx
ExUnregisterCallback
PoRequestPowerIrp
ExRegisterCallback
ExCreateCallback
KeSynchronizeExecution
KeReleaseInterruptSpinLock
KeAcquireInterruptSpinLock
PoSetSystemWake
KeQueryTimeIncrement
PoGetSystemWake
ZwSetSecurityObject
IoDeviceObjectType
ObOpenObjectByPointer
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
wcschr
_wcsnicmp
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlCreateSecurityDescriptor
KeSetTargetProcessorDpc
KeQueryActiveProcessors
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeNumberProcessors
DbgPrintEx
PsCreateSystemThread
PsTerminateSystemThread
ZwQuerySystemInformation
KiBugCheckData
PsGetVersion
ExAllocatePoolWithQuotaTag
__C_specific_handler

wdfldr.sys

WdfLdrDiagnosticsValueByNameAsULONG
WdfRegisterLibrary

Sections

.text
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEWdfV
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bb7b0a5b8d326d31ed538c9cc5ed23b

Code Sign

61:05:19:96:00:00:00:00:00:1bCertificate

Extended Key Usages

61:05:dd:42:00:00:00:00:00:14Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

61:0b:bb:d8:00:00:00:00:00:05Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2a:2d:20:8d:03:13:7f:28:e0:d0:6a:c1:67:19:33:75:ae:a0:db:bf:df:b6:38:66:f9:e6:91:7c:dd:5e:1d:e8Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

ce:2c:fe:99:b4:92:5e:7a:72:4f:6b:22:87:86:1f:b0:c8:cb:37:3cSigner

Signature Validations

Verification

26/07/2012, 04:54 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 601KB - Virtual size: 600KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 9KB - Virtual size: 10KB

.pdata Size: 23KB - Virtual size: 22KB

PAGEWdfV Size: 26KB - Virtual size: 26KB

PAGE Size: 9KB - Virtual size: 8KB

INIT Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

61:05:19:96:00:00:00:00:00:1b
Certificate

61:05:dd:42:00:00:00:00:00:14
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

61:0b:bb:d8:00:00:00:00:00:05
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2a:2d:20:8d:03:13:7f:28:e0:d0:6a:c1:67:19:33:75:ae:a0:db:bf:df:b6:38:66:f9:e6:91:7c:dd:5e:1d:e8
Signer

01/12/2022, 14:34
Valid: false

ce:2c:fe:99:b4:92:5e:7a:72:4f:6b:22:87:86:1f:b0:c8:cb:37:3c
Signer

26/07/2012, 04:54
Valid: false

.text
Size: 601KB - Virtual size: 600KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 9KB - Virtual size: 10KB

.pdata
Size: 23KB - Virtual size: 22KB

PAGEWdfV
Size: 26KB - Virtual size: 26KB

PAGE
Size: 9KB - Virtual size: 8KB

INIT
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB