Malicious_63b10c3c58b90e8ecf8917a3a285ec5168f0d29d7908ca6471114c3d998db744[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_63b10c3c58b90e8ecf8917a3a285ec5168f0d29d7908ca6471114c3d998db744.exe
Size

62KB
MD5

86c02a460e46382a6fcdfebac95982be
SHA1

795c6ec001b71a39e0ccb21eb654dc4908d89472
SHA256

63b10c3c58b90e8ecf8917a3a285ec5168f0d29d7908ca6471114c3d998db744
SHA512

02a4025c1517ecbbd0a18a91ac4f4455c4e75ae29abddc2e5736e5c7d8ddb196f4b20f0325e723caba238ce0a9ea7f33f743c0b2b2a70b584c21485cde4e459d
SSDEEP

768:oZPuEV25nexXnEIewmptU9Hj+e7Uvyy1w/bT2A/2E+wkcYhprRoLjAIl0mrAftDB:agRze2yy18bTD5v9r3HulgaKE

Score

1^/10

Malware Config

Signatures

Files

Malicious_63b10c3c58b90e8ecf8917a3a285ec5168f0d29d7908ca6471114c3d998db744.exe
.exe windows x64

61a4a9db0b79b8febed328a96ec3cc1b

Code Sign

73:7b:86:3d:0f:20:39:8b:46:cc:ce:4d:82:56:e6:d1
Certificate

Issuer

CN=WDKTestCert alibe\,132683991348720001

Not Before

17/06/2021, 10:25

Not After

17/06/2031, 00:00

Subject

CN=WDKTestCert alibe\,132683991348720001

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

6a:d1:23:6e:df:72:96:e0:d6:16:25:49:b8:18:f9:ef:e1:c4:0b:0d
Signer

Actual PE Digest

6a:d1:23:6e:df:72:96:e0:d6:16:25:49:b8:18:f9:ef:e1:c4:0b:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlUnicodeStringToInteger
RtlInitAnsiString
DbgPrintEx
RtlGetVersion
KeInitializeGuardedMutex
ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlInitializeGenericTableAvl
RtlCompareString
PsSetCreateProcessNotifyRoutine
RtlImageNtHeader
IofCompleteRequest
RtlInitUnicodeString
KeDelayExecutionThread
ProbeForRead
IoGetCurrentProcess
ObfDereferenceObject
KeStackAttachProcess
KeUnstackDetachProcess
PsIsThreadTerminating
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
PsGetProcessWow64Process
PsIsProtectedProcess
ZwProtectVirtualMemory
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlAppendUnicodeToString
RtlFreeUnicodeString
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
PsWrapApcWow64Thread
ObReferenceObjectByHandle
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
PsGetCurrentThreadId
PsGetProcessId
PsLookupThreadByThreadId
ZwWaitForSingleObject
ZwQuerySystemInformation
ZwQueryInformationThread
PsGetProcessPeb
PsGetThreadTeb
PsGetCurrentProcessWow64Process
KeTestAlertThread
KeInitializeApc
KeInsertQueueApc
__C_specific_handler
PsThreadType
RtlCopyUnicodeString
KeResetEvent
ZwWriteFile
RtlRandomEx
RtlCreateUnicodeString
RtlDowncaseUnicodeString
ZwCreateEvent
ZwDeleteFile
ZwQueryInformationProcess
_vsnwprintf
ExEventObjectType
KeAcquireGuardedMutex
KeReleaseGuardedMutex
MmGetSystemRoutineAddress
RtlCaptureContext
KeCapturePersistentThreadState
ProbeForWrite
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
ObCloseHandle
ZwOpenFile
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlIsGenericTableEmptyAvl
PsGetCurrentProcessId
ZwQueryVirtualMemory
MmHighestUserAddress
MmCopyVirtualMemory
ExEnumHandleTable
ExfUnblockPushLock
RtlCompareUnicodeStrings

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61a4a9db0b79b8febed328a96ec3cc1b

Code Sign

73:7b:86:3d:0f:20:39:8b:46:cc:ce:4d:82:56:e6:d1Certificate

Extended Key Usages

Key Usages

6a:d1:23:6e:df:72:96:e0:d6:16:25:49:b8:18:f9:ef:e1:c4:0b:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

PAGE Size: 38KB - Virtual size: 38KB

INIT Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 20B

73:7b:86:3d:0f:20:39:8b:46:cc:ce:4d:82:56:e6:d1
Certificate

6a:d1:23:6e:df:72:96:e0:d6:16:25:49:b8:18:f9:ef:e1:c4:0b:0d
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

PAGE
Size: 38KB - Virtual size: 38KB

INIT
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 20B