dbf71ba0962907fb15f592fecdd99b63b486603d658ab3525c7f5984aa78eb02

Sharing

Copy URL Twitter E-mail

General

Target

dbf71ba0962907fb15f592fecdd99b63b486603d658ab3525c7f5984aa78eb02
Size

308KB
MD5

79d6bd8371fed2ee95defca40be1664b
SHA1

266de9b4ad0a7dc09480f1886474d11e79995aeb
SHA256

dbf71ba0962907fb15f592fecdd99b63b486603d658ab3525c7f5984aa78eb02
SHA512

72030cfd7b070b79b64e3f320abddcb250d48593842b806dfdc6b506aa867a85a9bc2035ecc2cdbbaa61a514db0222120c75ea969e46aa537c5e0ba30ea0f76a
SSDEEP

6144:Hmq9dHkUxNrWvlSBsGGNII0fj+hewYPm1UGy4gPDnQYY36Do2I9N6X:HHHk0Nr5BsGI0b+h3HtQPrQYAYoXA

Score

N/A

Malware Config

Signatures

Files

dbf71ba0962907fb15f592fecdd99b63b486603d658ab3525c7f5984aa78eb02
.exe windows x64

eea1d056a981e09894abc170c348176e

Code Sign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/05/2014, 00:00

Not After

16/05/2015, 23:59

Subject

CN=Beijing JoinHope Image Technology Ltd.,O=Beijing JoinHope Image Technology Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:28:6d:49:89:04:89:03:24:0a:e2:09:e6:3c:5b:93:52:27:37:c1
Signer

Actual PE Digest

ee:28:6d:49:89:04:89:03:24:0a:e2:09:e6:3c:5b:93:52:27:37:c1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing JoinHope Image Technology Ltd.,O=Beijing JoinHope Image Technology Ltd.,L=Beijing,ST=Beijing,C=CN

15/12/2022, 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmUnlockPages
IoFreeMdl
RtlCopyMemoryNonTemporal
KeLowerIrql
KfRaiseIrql
KeSetEvent
ProbeForRead
ProbeForWrite
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
ObReferenceObjectByHandle
ObfDereferenceObject
PsGetCurrentProcessId
__C_specific_handler
ExEventObjectType
RtlGetVersion
RtlCmDecodeMemIoResource
MmAllocateContiguousMemory
MmFreeContiguousMemory
IoGetDeviceProperty
MmGetPhysicalAddress
PsSetCreateProcessNotifyRoutine
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeFlushQueuedDpcs
KeInitializeEvent
KeInitializeTimer
KeCancelTimer
KeSetTimer
KeSetTimerEx
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
MmUnmapLockedPages
IoOpenDeviceRegistryKey
ExFreePoolWithTag
ZwSetValueKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
VerSetConditionMask
RtlVerifyVersionInfo
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoGetCurrentProcess
RtlEqualSid
SeQueryInformationToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
PsDereferenceImpersonationToken
PsReferenceImpersonationToken
MmHighestUserAddress
SeExports
KeWaitForSingleObject
PsCreateSystemThread
PsTerminateSystemThread
RtlIntegerToUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwQueryValueKey
_vsnprintf
KeBugCheckEx
IofCallDriver
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
ZwLoadDriver
ZwUnloadDriver
KeDelayExecutionThread
strncmp
ZwClose
ExAllocatePoolWithTag
DbgPrintEx
_stricmp
atoi
strchr
RtlRaiseException

hal

KeQueryPerformanceCounter

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mstv
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msts
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msti
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eea1d056a981e09894abc170c348176e

Code Sign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7cCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ee:28:6d:49:89:04:89:03:24:0a:e2:09:e6:3c:5b:93:52:27:37:c1Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 11KB - Virtual size: 14KB

.pdata Size: 8KB - Virtual size: 7KB

.mstv Size: 3KB - Virtual size: 2KB

.msts Size: 7KB - Virtual size: 6KB

.msti Size: 6KB - Virtual size: 6KB

text Size: 3KB - Virtual size: 2KB

data Size: 10KB - Virtual size: 9KB

PAGE Size: 15KB - Virtual size: 15KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 3KB - Virtual size: 3KB

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ee:28:6d:49:89:04:89:03:24:0a:e2:09:e6:3c:5b:93:52:27:37:c1
Signer

15/12/2022, 13:55
Valid: false

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 11KB - Virtual size: 14KB

.pdata
Size: 8KB - Virtual size: 7KB

.mstv
Size: 3KB - Virtual size: 2KB

.msts
Size: 7KB - Virtual size: 6KB

.msti
Size: 6KB - Virtual size: 6KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 10KB - Virtual size: 9KB

PAGE
Size: 15KB - Virtual size: 15KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 3KB - Virtual size: 3KB