ee0f70f22a84aee711cce2d604f7d272[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ee0f70f22a84aee711cce2d604f7d272.bin
Size

57KB
MD5

ee0f70f22a84aee711cce2d604f7d272
SHA1

3cc96332fbb0f4ba9309957e6c71102e92ab85fa
SHA256

009d8d1594e9c8bc40a95590287f373776a62dad213963662da8c859a10ef3b4
SHA512

3b2632d76e4c8a99866293e1e6e9355489a9b1ff96d457cf3870c7135b708b0775a90d9f95779b5d29c1af7939bb66cc4c8a6bc479dd87238cf5d3efb3e5f83e
SSDEEP

768:Fbf+uGTFHiWu9fXtTiZ4rcUxPhxc/PuSOBCAOAKvMMDa:ouwu99TiZ4rcchm/PuSbhv5m

Score

1^/10

Malware Config

Signatures

Files

ee0f70f22a84aee711cce2d604f7d272.bin
.exe windows x64

140d0ecbd7e6b7b9c20a9b98ee78a822

Code Sign

29:f4:26:80:e6:53:cf:8f:af:d0:e9:35:55:3f:7e:86
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/11/2013, 00:00

Not After

06/01/2016, 23:59

Subject

CN=Wemade Entertainment co.\,Ltd,OU=IT Team,O=Wemade Entertainment co.\,Ltd,L=Guro-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:5e:09:bf:f7:4c:d3:18:6b:15:f4:0c:90:1a:34:7e:8e:d3:bf:99
Signer

Actual PE Digest

75:5e:09:bf:f7:4c:d3:18:6b:15:f4:0c:90:1a:34:7e:8e:d3:bf:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsCreateSystemThread
IoGetCurrentProcess
ZwClose
RtlFreeAnsiString
MmIsAddressValid
ObfDereferenceObject
DbgPrint
ExAllocatePoolWithTag
ExFreePoolWithTag
KeInitializeEvent
ZwSetValueKey
ZwQuerySystemInformation
ZwQueryValueKey
ExAllocatePool
KeWaitForSingleObject
RtlCompareUnicodeString
ZwOpenProcess
ZwTerminateProcess
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IoThreadToProcess
FsRtlIsNameInExpression
IoDriverObjectType
_vsnwprintf
RtlAssert
IoDeleteSymbolicLink
IoDeleteDevice
atoi
KeReleaseSpinLock
IoDetachDevice
KeUnstackDetachProcess
IoGetDeviceObjectPointer
IofCompleteRequest
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
PsGetCurrentProcessId
IoCreateDevice
KeStackAttachProcess
IofCallDriver
KeAcquireSpinLockRaiseToDpc
PsProcessType
PsThreadType
ExGetPreviousMode
RtlNtStatusToDosError
_strnicmp
RtlImageNtHeader
KeBugCheckEx
RtlGetVersion
wcsncat
RtlUnicodeStringToAnsiString
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsLookupProcessByProcessId
PsGetProcessImageFileName
_wcsicmp
_stricmp
__C_specific_handler

hal

KeQueryPerformanceCounter

fltmgr.sys

FltReleaseFileNameInformation
FltRegisterFilter
FltUnregisterFilter
FltGetFileNameInformation
FltEnumerateFilters
FltParseFileNameInformation

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

140d0ecbd7e6b7b9c20a9b98ee78a822

Code Sign

29:f4:26:80:e6:53:cf:8f:af:d0:e9:35:55:3f:7e:86Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

75:5e:09:bf:f7:4c:d3:18:6b:15:f4:0c:90:1a:34:7e:8e:d3:bf:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 512B - Virtual size: 84B

29:f4:26:80:e6:53:cf:8f:af:d0:e9:35:55:3f:7e:86
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

75:5e:09:bf:f7:4c:d3:18:6b:15:f4:0c:90:1a:34:7e:8e:d3:bf:99
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 84B