bd61c97c5dd447880e230ea8a5300099d5dd5a7e77d28e02e2d784a6d4743f59

Sharing

Copy URL Twitter E-mail

General

Target

bd61c97c5dd447880e230ea8a5300099d5dd5a7e77d28e02e2d784a6d4743f59
Size

50KB
MD5

59bcb4d6f67c6790b52967d94c1afb4b
SHA1

3ec00a398b7ee9c20d477a22dca0a71cc055d661
SHA256

bd61c97c5dd447880e230ea8a5300099d5dd5a7e77d28e02e2d784a6d4743f59
SHA512

9152ed7b6015859829bf9818ff6fe0ed9f7aa1b29a8fb1b169b872eff55b5339bd6ad4c082f87b93ba2f7484a3e34550e1e5b7bdca3076caec199459828b8610
SSDEEP

1536:ZbUMYRniyqC4h8gHlBxbM+sHuZYoz9Cc4W96isxh7NbALL1U:Z9YRniyqC4h8gFbbM2o7NbAn1U

Score

N/A

Malware Config

Signatures

Files

bd61c97c5dd447880e230ea8a5300099d5dd5a7e77d28e02e2d784a6d4743f59
.exe windows x64

c1d533e0b2832e62f26aec3d5e78dcc6

Code Sign

a5:94:1d:43:06:a2:4b:25:ab:db:99:a2:b2:53:17:ff:9c:80:76:45
Signer

Actual PE Digest

a5:94:1d:43:06:a2:4b:25:ab:db:99:a2:b2:53:17:ff:9c:80:76:45

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
ZwSetSystemInformation
ExAllocatePoolWithTag
MmGetPhysicalAddress
ExFreePoolWithTag
ExpInterlockedPopEntrySList
ExAcquireFastMutex
KeAcquireSpinLockRaiseToDpc
ExReleaseFastMutex
KeReleaseSpinLock
ExpInterlockedPushEntrySList
ExQueryDepthSList
ZwQuerySystemInformation
ExInitializeNPagedLookasideList
KeInitializeEvent
ExDeleteNPagedLookasideList
MmUnmapLockedPages
MmSizeOfMdl
MmMapIoSpace
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
MmUnmapIoSpace
MmFreePagesFromMdl
MmAllocatePagesForMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
KeEnterCriticalRegion
KeWaitForSingleObject
KeSetEvent
KeLeaveCriticalRegion
PsGetVersion
IoCreateDriver
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
IoDeleteDriver
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
KeBugCheckEx
__C_specific_handler

Exports

Exports

DllInitialize
DllUnload
DriverEntry
WinHvAllocateOverlayPages
WinHvAllocatePartitionSintIndex
WinHvAllocatePortId
WinHvAllocateSingleSintIndex
WinHvAssertVirtualInterrupt
WinHvCancelTimer
WinHvClearVirtualInterrupt
WinHvConfigureProfiler
WinHvConnectPort
WinHvCreateEventLogBuffer
WinHvCreatePartition
WinHvCreatePort
WinHvCreateTimer
WinHvCreateVp
WinHvDeleteEventLogBuffer
WinHvDeletePartition
WinHvDeletePort
WinHvDeleteTimer
WinHvDeleteVp
WinHvDepositMemory
WinHvDisconnectPort
WinHvFinalizeEventLogBufferGroup
WinHvFlushEventLogBuffer
WinHvFreeOverlayPages
WinHvFreePartitionSintIndex
WinHvFreePortId
WinHvFreeSingleSintIndex
WinHvGetCurrentVpIndex
WinHvGetLogicalProcessorRunTime
WinHvGetMemoryBalance
WinHvGetNextChildPartition
WinHvGetPartitionId
WinHvGetPartitionProperty
WinHvGetPortProperty
WinHvGetSintEventFlags
WinHvGetSintMessage
WinHvGetVpRegisters
WinHvInitializeEventLogBufferGroup
WinHvInstallIntercept
WinHvLookupPortId
WinHvLowMemoryPolicyAutoDeposit
WinHvLowMemoryPolicyReturnStatus
WinHvMapEventLogBuffer
WinHvMapGpaPages
WinHvMapSparseGpaPages
WinHvMapStatsPage
WinHvNtProcessorToVpIndex
WinHvOnInterrupt
WinHvPostMessage
WinHvQueryInterceptIrql
WinHvQueryReferenceCounter
WinHvReadGpa
WinHvReclaimInterruptVector
WinHvReleaseEventLogBuffer
WinHvReportPresentHypervisor
WinHvRestorePartitionState
WinHvSavePartitionState
WinHvSetAbsoluteTimer
WinHvSetEndOfMessage
WinHvSetEventLogCompletedNotificationRoutine
WinHvSetEventLogGroupSources
WinHvSetPartitionProperty
WinHvSetPortProperty
WinHvSetSint
WinHvSetSintOnCurrentProcessor
WinHvSetVpRegisters
WinHvSignalEvent
WinHvSupplyInterruptVector
WinHvTranslateVirtualAddress
WinHvUnmapEventLogBuffer
WinHvUnmapGpaPages
WinHvUnmapStatsPage
WinHvWithdrawAllMemory
WinHvWithdrawMemory
WinHvWriteGpa

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1d533e0b2832e62f26aec3d5e78dcc6

Code Sign

a5:94:1d:43:06:a2:4b:25:ab:db:99:a2:b2:53:17:ff:9c:80:76:45Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 16KB

.pdata Size: 2KB - Virtual size: 2KB

PAGE Size: 8KB - Virtual size: 7KB

.edata Size: 3KB - Virtual size: 2KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 84B

a5:94:1d:43:06:a2:4b:25:ab:db:99:a2:b2:53:17:ff:9c:80:76:45
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 16KB

.pdata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 8KB - Virtual size: 7KB

.edata
Size: 3KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 84B