aow_drv_x64_ev[.]sys

Sharing

Copy URL

Twitter E-mail

General

Target

aow_drv_x64_ev.sys
Size

1.4MB
MD5

48ae5a2940fdcd90f8751c82ef5d00a9
SHA1

21d8721887dd68553955570a70cb532e037820be
SHA256

a5588758f0db59789ec7f226bf2f7fc84d762aafbb0a59d28fce7ade12fc2d87
SHA512

7f89c063feb74dd44e73ee22e260a6e75f80a2b2ba1cdfed388723107912116999e618600d3884418bbd6008eff8226e28b1fcc1f6b0ad3f08227c326cae8e90
SSDEEP

12288:znp8nqimx0wlujawtoq9xq86iAGSWzc+2JkAKXBfnjzMVq3EWEyThAu9ral:Tp8nMluWwt9x/6rGSkXBfWq3tEyThpal

Score

1^/10

Malware Config

Signatures

Files

aow_drv_x64_ev.sys
.exe windows x64

a41f51783d1c81a3b368129aa268d0f2

Code Sign

0c:1b:b3:43:f6:86:63:ce:2f:2f:47:2d:af:a7:9a:15
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-06-2020 00:00

Not After

09-08-2023 12:00

Subject

SERIALNUMBER=9144030071526726XG,CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:58:e7:c5:89:c0:68:dc:a7:27:00:00:00:00:00:58
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5
Signer

Actual PE Digest

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

11-05-2023 10:06
Valid: true

Chain 1

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5
Signer

Actual PE Digest

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=9144030071526726XG,CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

25-04-2023 09:18
Valid: true

Chain 1

SERIALNUMBER=9144030071526726XG,CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlTimeToSecondsSince1970
ZwReadFile
RtlInitUnicodeString
swprintf
ZwSetInformationFile
KeDelayExecutionThread
ZwWaitForSingleObject
ZwCreateFile
ZwQueryDirectoryFile
PsGetCurrentThreadId
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
ObfDereferenceObject
IoQueryFileDosDeviceName
DbgPrint
PsCreateSystemThread
ZwConnectPort
ZwCreateEvent
ExReleaseFastMutex
ExAcquireFastMutex
KeInitializeEvent
LpcPortObjectType
LpcRequestPort
ZwSetEvent
ZwCreateSection
ZwFsControlFile
ZwCancelIoFile
ZwWaitForMultipleObjects
RtlUnicodeStringToAnsiString
ZwSetValueKey
ZwQueryValueKey
RtlxUnicodeStringToAnsiSize
NlsMbOemCodePageTag
ZwOpenKey
_stricmp
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
KeWaitForSingleObject
KeSetEvent
IoCreateFile
IoFreeMdl
IoAllocateMdl
RtlAnsiStringToUnicodeString
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExSystemTimeToLocalTime
PsTerminateSystemThread
_vsnprintf
ExQueryDepthSList
RtlTimeToTimeFields
PsThreadType
ExInterlockedRemoveHeadList
PsGetCurrentProcessId
KeWaitForMultipleObjects
ExDeleteNPagedLookasideList
PsGetProcessPeb
PsLookupProcessByProcessId
ExGetPreviousMode
ZwQuerySystemInformation
KeUnstackDetachProcess
IoGetCurrentProcess
ExAllocatePoolWithTag
ZwQueryInformationProcess
PsGetProcessId
KeStackAttachProcess
ProbeForRead
ObOpenObjectByPointer
MmSectionObjectType
_wcsicmp
IoThreadToProcess
PsProcessType
PsGetProcessImageFileName
KeInitializeApc
KeInsertQueueApc
PsGetThreadId
ZwTerminateProcess
ZwQueryInformationThread
PsLookupThreadByThreadId
RtlxAnsiStringToUnicodeSize
MmProbeAndLockPages
isspace
_wcsnicmp
isdigit
isupper
RtlGetVersion
MmUserProbeAddress
ExAcquireResourceExclusiveLite
strncmp
KeLeaveCriticalRegion
strstr
ZwMapViewOfSection
KeEnterCriticalRegion
MmMapViewInSystemSpace
strncpy
ZwUnmapViewOfSection
ExAcquireResourceSharedLite
ExReleaseResourceLite
MmUnmapViewInSystemSpace
ExDeleteResourceLite
ExInitializeResourceLite
KeInitializeMutex
MmFreeMappingAddress
KeReleaseMutex
MmMapLockedPagesWithReservedMapping
MmAllocateMappingAddress
MmUnmapReservedMapping
MmUnlockPages
strchr
MmGetSystemRoutineAddress
atoi
_snprintf
ZwFreeVirtualMemory
ZwSetInformationThread
RtlRandom
ZwAllocateVirtualMemory
ZwSetTimer
ZwCreateTimer
ZwCancelTimer
sprintf
RtlSetBits
RtlInitializeBitMap
ExEventObjectType
MmUnmapLockedPages
IoDeleteSymbolicLink
PsRemoveCreateThreadNotifyRoutine
PsIsSystemThread
IoDeleteDevice
PsSetCreateThreadNotifyRoutine
MmHighestUserAddress
KeDetachProcess
MmMapLockedPagesSpecifyCache
ZwSetInformationProcess
KeAttachProcess
IoCreateSymbolicLink
IoCreateDevice
ExSetTimerResolution
strrchr
ZwOpenEvent
PsSetContextThread
PsGetContextThread
_itoa
ProbeForWrite
ZwYieldExecution
qsort
RtlSecondsSince1970ToTime
__C_specific_handler

hal

KeQueryPerformanceCounter

Sections

.text
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a41f51783d1c81a3b368129aa268d0f2

Code Sign

0c:1b:b3:43:f6:86:63:ce:2f:2f:47:2d:af:a7:9a:15Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:00:58:e7:c5:89:c0:68:dc:a7:27:00:00:00:00:00:58Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5Signer

Signature Validations

Verification

11-05-2023 10:06 Valid: true

Chain 1

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5Signer

Signature Validations

Verification

25-04-2023 09:18 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 750KB - Virtual size: 750KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 21KB - Virtual size: 32KB

.pdata Size: 43KB - Virtual size: 42KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 17KB - Virtual size: 17KB

.tvm0 Size: 412KB - Virtual size: 412KB

0c:1b:b3:43:f6:86:63:ce:2f:2f:47:2d:af:a7:9a:15
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:00:58:e7:c5:89:c0:68:dc:a7:27:00:00:00:00:00:58
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5
Signer

11-05-2023 10:06
Valid: true

cc:af:16:49:e4:c4:a8:80:82:54:52:73:27:8d:ae:51:dd:07:2a:e8:ea:ae:44:35:14:4e:9a:ed:5e:59:95:a5
Signer

25-04-2023 09:18
Valid: true

.text
Size: 750KB - Virtual size: 750KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 21KB - Virtual size: 32KB

.pdata
Size: 43KB - Virtual size: 42KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 17KB - Virtual size: 17KB

.tvm0
Size: 412KB - Virtual size: 412KB