MDDB01_2023-03-13_07_42_30[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDDB01_2023-03-13_07_42_30.zip
Size

20KB
MD5

33e232c2e858dfd24ca98bc45b50f2f1
SHA1

b0e89f01364f1e642860d508390432023e6ec135
SHA256

af6a9728052f1f779bf12313d75decb9f133c9b25ff06eb9fc84b4461079716b
SHA512

f76f2f396955668cd01ea842e4687886b2476a81ca6b36cfa176381c5bcb8b7d967906d35ec24bef677436249668d8b521b83940b9a859a54a08385858ea3bb0
SSDEEP

384:NSGrKGBwW5170vnW2WSuXrirsvXvnp1QnwFjtwv0+eqw3Y:N3r6KxMdOUc/UwFjk4Y

Score

1^/10

Malware Config

Signatures

Files

MDDB01_2023-03-13_07_42_30.zip
.zip

Password: Malware123!!
Device/HarddiskVolume4/USERS/jharrison/AppData/Local/Temp/RarSFX0/plugins/plugindata/kprocesshacker2_x64.sys
.exe windows x64

Password: Malware123!!

821d74031d3f625bcbd0df08b70f1e77

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/11/2015, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1
Signer

Actual PE Digest

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

30/05/2015, 08:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
ProbeForWrite
ZwQuerySystemInformation
ZwQueryValueKey
ZwClose
IofCompleteRequest
PsGetCurrentProcessId
IoCreateDevice
SePrivilegeCheck
ZwOpenKey
ProbeForRead
RtlGetVersion
RtlCompareMemory
MmGetSystemRoutineAddress
PsProcessType
ObOpenObjectByName
ZwQueryObject
RtlEqualUnicodeString
KeUnstackDetachProcess
ExEnumHandleTable
ObQueryNameString
IoFileObjectType
IoDriverObjectType
IoGetCurrentProcess
ObReferenceObjectByHandle
ObCloseHandle
PsInitialSystemProcess
ObSetHandleAttributes
ZwQueryInformationProcess
ObfDereferenceObject
ExAllocatePoolWithQuotaTag
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
ExAcquireRundownProtection
PsLookupProcessByProcessId
PsJobType
PsReferencePrimaryToken
SeTokenObjectType
ExReleaseRundownProtection
ZwSetInformationProcess
PsGetProcessJob
PsLookupProcessThreadByCid
ZwTerminateProcess
PsDereferencePrimaryToken
IoThreadToProcess
RtlWalkFrameChain
KeInitializeApc
KeSetEvent
KeInsertQueueApc
KeInitializeEvent
PsSetContextThread
PsGetThreadWin32Thread
ZwSetInformationThread
KeWaitForSingleObject
PsThreadType
PsAssignImpersonationToken
PsGetContextThread
PsLookupThreadByThreadId
MmUnmapLockedPages
ExRaiseStatus
MmHighestUserAddress
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmUnlockPages
MmIsAddressValid
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Malware123!!

Password: Malware123!!

821d74031d3f625bcbd0df08b70f1e77

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1Signer

Signature Validations

Verification

30/05/2015, 08:42 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 832B

.pdata Size: 1024B - Virtual size: 636B

PAGE Size: 15KB - Virtual size: 15KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 760B

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1
Signer

30/05/2015, 08:42
Valid: false

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 832B

.pdata
Size: 1024B - Virtual size: 636B

PAGE
Size: 15KB - Virtual size: 15KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 760B