aow_drv_x64_ev[.]sys

Sharing

Copy URL Twitter E-mail

General

Target

aow_drv_x64_ev.sys
Size

1.4MB
MD5

12e35d02e1095ab62db87ffe112e111c
SHA1

b0805bef06ef230e26b0a74943226469f1ce967c
SHA256

8467b0a1a6c1a0c6948b69f64a047cae68c44ed9c7790a98cb74d60078f1d022
SHA512

b46b6c8e6669de75d3d25f0a6d119d958aae0a1318f669d1bfac9ac54cf238606d3b870a97f6f0fec125c5218cea755ab6222163b8efce384bb880a11e83df59
SSDEEP

24576:gp83PlmHQQXzpS41QfL/iszEPipnlpUX6zC:483PlNQtSZfGcxPF

Score

1^/10

Malware Config

Signatures

Files

aow_drv_x64_ev.sys
.exe windows x64

a41f51783d1c81a3b368129aa268d0f2

Code Sign

0c:1b:b3:43:f6:86:63:ce:2f:2f:47:2d:af:a7:9a:15
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/06/2020, 00:00

Not After

09/08/2023, 12:00

Subject

SERIALNUMBER=9144030071526726XG,CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:58:e7:c5:89:c0:68:dc:a7:27:00:00:00:00:00:58
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2b
Signer

Actual PE Digest

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/03/2023, 18:59
Valid: false

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2b
Signer

Actual PE Digest

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=9144030071526726XG,CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

16/02/2023, 04:20
Valid: true

Chain 1

SERIALNUMBER=9144030071526726XG,CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlTimeToSecondsSince1970
ZwReadFile
RtlInitUnicodeString
swprintf
ZwSetInformationFile
KeDelayExecutionThread
ZwWaitForSingleObject
ZwCreateFile
ZwQueryDirectoryFile
PsGetCurrentThreadId
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
ObfDereferenceObject
IoQueryFileDosDeviceName
DbgPrint
PsCreateSystemThread
ZwConnectPort
ZwCreateEvent
ExReleaseFastMutex
ExAcquireFastMutex
KeInitializeEvent
LpcPortObjectType
LpcRequestPort
ZwSetEvent
ZwCreateSection
ZwFsControlFile
ZwCancelIoFile
ZwWaitForMultipleObjects
RtlUnicodeStringToAnsiString
ZwSetValueKey
ZwQueryValueKey
RtlxUnicodeStringToAnsiSize
NlsMbOemCodePageTag
ZwOpenKey
_stricmp
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
KeWaitForSingleObject
KeSetEvent
IoCreateFile
IoFreeMdl
IoAllocateMdl
RtlAnsiStringToUnicodeString
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExSystemTimeToLocalTime
PsTerminateSystemThread
_vsnprintf
ExQueryDepthSList
RtlTimeToTimeFields
PsThreadType
ExInterlockedRemoveHeadList
PsGetCurrentProcessId
KeWaitForMultipleObjects
ExDeleteNPagedLookasideList
PsGetProcessPeb
PsLookupProcessByProcessId
ExGetPreviousMode
ZwQuerySystemInformation
KeUnstackDetachProcess
IoGetCurrentProcess
ExAllocatePoolWithTag
ZwQueryInformationProcess
PsGetProcessId
KeStackAttachProcess
ProbeForRead
ObOpenObjectByPointer
MmSectionObjectType
_wcsicmp
IoThreadToProcess
PsProcessType
PsGetProcessImageFileName
KeInitializeApc
KeInsertQueueApc
PsGetThreadId
ZwTerminateProcess
ZwQueryInformationThread
PsLookupThreadByThreadId
RtlxAnsiStringToUnicodeSize
MmProbeAndLockPages
isspace
_wcsnicmp
isdigit
isupper
RtlGetVersion
MmUserProbeAddress
ExAcquireResourceExclusiveLite
strncmp
KeLeaveCriticalRegion
strstr
ZwMapViewOfSection
KeEnterCriticalRegion
MmMapViewInSystemSpace
strncpy
ZwUnmapViewOfSection
ExAcquireResourceSharedLite
ExReleaseResourceLite
MmUnmapViewInSystemSpace
ExDeleteResourceLite
ExInitializeResourceLite
KeInitializeMutex
MmFreeMappingAddress
KeReleaseMutex
MmMapLockedPagesWithReservedMapping
MmAllocateMappingAddress
MmUnmapReservedMapping
MmUnlockPages
strchr
MmGetSystemRoutineAddress
atoi
_snprintf
ZwFreeVirtualMemory
ZwSetInformationThread
RtlRandom
ZwAllocateVirtualMemory
ZwSetTimer
ZwCreateTimer
ZwCancelTimer
sprintf
RtlSetBits
RtlInitializeBitMap
ExEventObjectType
MmUnmapLockedPages
IoDeleteSymbolicLink
PsRemoveCreateThreadNotifyRoutine
PsIsSystemThread
IoDeleteDevice
PsSetCreateThreadNotifyRoutine
MmHighestUserAddress
KeDetachProcess
MmMapLockedPagesSpecifyCache
ZwSetInformationProcess
KeAttachProcess
IoCreateSymbolicLink
IoCreateDevice
ExSetTimerResolution
strrchr
ZwOpenEvent
PsSetContextThread
PsGetContextThread
_itoa
ProbeForWrite
ZwYieldExecution
qsort
RtlSecondsSince1970ToTime
__C_specific_handler

hal

KeQueryPerformanceCounter

Sections

.text
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a41f51783d1c81a3b368129aa268d0f2

Code Sign

0c:1b:b3:43:f6:86:63:ce:2f:2f:47:2d:af:a7:9a:15Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:00:58:e7:c5:89:c0:68:dc:a7:27:00:00:00:00:00:58Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2bSigner

Signature Validations

Verification

09/03/2023, 18:59 Valid: false

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2bSigner

Signature Validations

Verification

16/02/2023, 04:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 749KB - Virtual size: 749KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 21KB - Virtual size: 32KB

.pdata Size: 43KB - Virtual size: 42KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 17KB - Virtual size: 17KB

.tvm0 Size: 412KB - Virtual size: 412KB

0c:1b:b3:43:f6:86:63:ce:2f:2f:47:2d:af:a7:9a:15
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:00:58:e7:c5:89:c0:68:dc:a7:27:00:00:00:00:00:58
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2b
Signer

09/03/2023, 18:59
Valid: false

9f:82:5f:c9:9c:49:3f:39:b8:f5:75:0e:58:8f:98:9a:0b:c5:df:90:11:60:12:52:e0:d7:3d:1e:cb:d7:da:2b
Signer

16/02/2023, 04:20
Valid: true

.text
Size: 749KB - Virtual size: 749KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 21KB - Virtual size: 32KB

.pdata
Size: 43KB - Virtual size: 42KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 17KB - Virtual size: 17KB

.tvm0
Size: 412KB - Virtual size: 412KB