daa3c67a6a4c05740dc8c159422cac347e94623e0443be2fd28a1e62781ab6ca

Sharing

Copy URL Twitter E-mail

General

Target

daa3c67a6a4c05740dc8c159422cac347e94623e0443be2fd28a1e62781ab6ca
Size

14KB
MD5

4eb80414c984ab16dfd47fd491ea10d3
SHA1

a7e84fcc94124b42c94e1297d0b7ad5f73823ca1
SHA256

daa3c67a6a4c05740dc8c159422cac347e94623e0443be2fd28a1e62781ab6ca
SHA512

7a49b5aaabed286e7c7883bd0420f876c23becd119cf5b6862fe3f7a86009fbee5725a2fb9ef517de1347ea39686e5a397171ad033b69b34344a9e4273cb061f
SSDEEP

384:GeqmXswLuGIIs5KNgKdpglOXjLB0GFi4QnatlX9ufa:omNCGLs5KNgKESHBY6Lca

Score

N/A

Malware Config

Signatures

Files

daa3c67a6a4c05740dc8c159422cac347e94623e0443be2fd28a1e62781ab6ca
.exe windows x86

ea6dafdfecde0223e6b812296cd2492f

Code Sign

04:87
Certificate

Issuer

CN=ca.mts.com.ua,OU=IT,O=MTS-UA,L=Kiev,ST=UA,C=UA,1.2.840.113549.1.9.1=#0c12696e666f736563406d74732e636f6d2e7561

Not Before

17/05/2010, 12:16

Not After

17/05/2011, 12:16

Subject

CN=SSM,OU=dealers.mts.com.ua,O=MTS-UA,L=Kiev,ST=UA,C=UA,1.2.840.113549.1.9.1=#0c146e696368766f6c6f644073736d2e6e65742e7561

36:81:d7:ba:76:95:58:2a:29:21:86:4d:96:6c:7d:d9:30:a5:a3:48
Signer

Actual PE Digest

36:81:d7:ba:76:95:58:2a:29:21:86:4d:96:6c:7d:d9:30:a5:a3:48

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SSM,OU=dealers.mts.com.ua,O=MTS-UA,L=Kiev,ST=UA,C=UA,1.2.840.113549.1.9.1=#0c146e696368766f6c6f644073736d2e6e65742e7561

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgBreakPoint
ExAllocatePool
ExAllocatePoolWithTag
ExFreePool
KdDisableDebugger
KdEnableDebugger
KeBugCheckEx
KeWaitForMultipleObjects
KeWaitForSingleObject
MmGetSystemRoutineAddress
MmMapIoSpace
MmUnmapIoSpace
memmove
KeServiceDescriptorTable
DbgPrint

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 410B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea6dafdfecde0223e6b812296cd2492f

Code Sign

04:87Certificate

36:81:d7:ba:76:95:58:2a:29:21:86:4d:96:6c:7d:d9:30:a5:a3:48Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 64B - Virtual size: 64B

.data Size: 256B - Virtual size: 228B

INIT Size: 416B - Virtual size: 410B

.rsrc Size: 576B - Virtual size: 560B

.reloc Size: 896B - Virtual size: 894B

04:87
Certificate

36:81:d7:ba:76:95:58:2a:29:21:86:4d:96:6c:7d:d9:30:a5:a3:48
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 64B - Virtual size: 64B

.data
Size: 256B - Virtual size: 228B

INIT
Size: 416B - Virtual size: 410B

.rsrc
Size: 576B - Virtual size: 560B

.reloc
Size: 896B - Virtual size: 894B