06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4

Resubmissions

27-06-2023 07:03

230627-hvhq6aec5z 1

01-03-2022 12:10

220301-pb3esabeen 1

Sharing

Copy URL

Twitter E-mail

General

Target

06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4
Size

70KB
MD5

b0770094c3c64250167b55e4db850c04
SHA1

6abbc3003c7aa69ce79cbbcd2e3210b07f21d202
SHA256

06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4
SHA512

52deca3660ccc44d4f9c49d381765d854a6fcbf8f4d0c23325e5392d035696dbd712370f91213bbb2bdf35ae383dab22238506ca51c3d38c711d1c61a694ddd8
SSDEEP

1536:4RM1VWgS1lYpKCNTzc8jt4riPJdBnH2dXDGZ8W8tGVxJ:4hgUup7NQiP9H2dz08dsVxJ

Score

1^/10

Malware Config

Signatures

Files

06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4
.exe windows x64

6150c5c5e078c5bf23006689a41058cd

Code Sign

38:7c:94:76:e2:83:20:26:45:94:84:63:17:d4:65:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-06-2011 00:00

Not After

27-06-2014 23:59

Subject

CN=Anhua Xinda (Beijing) Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Anhua Xinda (Beijing) Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:cb:54:48:9a:05:56:59:4a:28:f5:f1:41:0c:c6:4d:74:a1:c1:82
Signer

Actual PE Digest

68:cb:54:48:9a:05:56:59:4a:28:f5:f1:41:0c:c6:4d:74:a1:c1:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcsncmp
IoAllocateMdl
_stricmp
sprintf
RtlLengthRequiredSid
_strnicmp
ExAllocatePoolWithTag
vsprintf
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlAnsiStringToUnicodeString
NtWriteFile
RtlCreateAcl
PsLookupProcessByProcessId
NtQuerySystemInformation
_wcsnicmp
ZwReadFile
RtlSetDaclSecurityDescriptor
KeInitializeApc
IoDeleteDevice
NtFsControlFile
KeInsertQueueApc
MmGetSystemRoutineAddress
IoCreateFile
atoi
_snprintf
ZwQuerySystemInformation
KeReleaseSpinLock
RtlAddAccessAllowedAce
RtlImageDirectoryEntryToData
KeDetachProcess
ZwOpenFile
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
PsTerminateSystemThread
ZwFreeVirtualMemory
KeQueryTimeIncrement
ObReferenceObjectByHandle
KeWaitForSingleObject
KeAttachProcess
PsGetVersion
PsThreadType
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
ZwTerminateProcess
ZwQueryInformationFile
KeWaitForMultipleObjects
ZwWriteFile
NtReadFile
PsLookupThreadByThreadId
RtlLengthSid
RtlCreateSecurityDescriptor
ZwAllocateVirtualMemory
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
RtlUnicodeStringToInteger
MmIsAddressValid
ZwDeviceIoControlFile
IofCompleteRequest
ZwClose
MmMapLockedPagesSpecifyCache
KeDelayExecutionThread
MmUserProbeAddress
MmBuildMdlForNonPagedPool
memchr
ZwWaitForSingleObject
RtlInitUnicodeString

ndis.sys

NdisAllocateMemoryWithTag
NdisAllocateNetBufferAndNetBufferList
NdisMSendNetBufferListsComplete
NdisReturnNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeMemory
NdisMIndicateStatus
NdisFreeMdl
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisSendNetBufferLists

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

6150c5c5e078c5bf23006689a41058cd

Code Sign

38:7c:94:76:e2:83:20:26:45:94:84:63:17:d4:65:40Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

68:cb:54:48:9a:05:56:59:4a:28:f5:f1:41:0c:c6:4d:74:a1:c1:82Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 73KB

.pdata Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 944B

38:7c:94:76:e2:83:20:26:45:94:84:63:17:d4:65:40
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

68:cb:54:48:9a:05:56:59:4a:28:f5:f1:41:0c:c6:4d:74:a1:c1:82
Signer

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 73KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 944B