51ea2c9dbe070d949397b1cd7b794547279f40e417c8dd5d33ae4308f6e5f1e2

Sharing

Copy URL Twitter E-mail

General

Target

51ea2c9dbe070d949397b1cd7b794547279f40e417c8dd5d33ae4308f6e5f1e2
Size

22KB
MD5

c4fe33700c5b6c241e2f1c1965780858
SHA1

c37cd27b31f1b826e929ed76d7670c2f42d8e62f
SHA256

51ea2c9dbe070d949397b1cd7b794547279f40e417c8dd5d33ae4308f6e5f1e2
SHA512

87543d8d29d493a362c777c2ca22ed89cc14dc1847d01a376e2a07d572683a702998b8cc66ad81a7fe1717939916f1c9b95053530bf65bfef8b4ceaeeee23a63
SSDEEP

384:N1M0D7yhJuf5fA2dm5Gt2u+r8baG4s7rCGtVCqYZcrCGgTCFdGxOKvFx6NzurKGS:N1Z+mV352RKrCGtVrYZcrCGgTgdGxOKI

Score

1^/10

Malware Config

Signatures

Files

51ea2c9dbe070d949397b1cd7b794547279f40e417c8dd5d33ae4308f6e5f1e2
.exe windows x64

365bf5fa61bd51c980ae45a8248701a4

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

Issuer

CN=WDKTestCert Z\,132847468180283541

Not Before

23/12/2021, 15:26

Not After

23/12/2031, 00:00

Subject

CN=WDKTestCert Z\,132847468180283541

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

f1:30:e2:a7:68:46:3b:d4:61:af:18:25:0c:9e:4a:66:15:fe:d4:54
Signer

Actual PE Digest

f1:30:e2:a7:68:46:3b:d4:61:af:18:25:0c:9e:4a:66:15:fe:d4:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
ObfDereferenceObject
ZwClose
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalAddress
MmUnlockPages
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwProtectVirtualMemory
KeWaitForSingleObject
ObReferenceObjectByHandle
PsGetProcessExitStatus
PsThreadType
RtlGetVersion
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
__C_specific_handler
MmProbeAndLockPages
ExFreePoolWithTag
DbgPrint
ExAllocatePool
RtlCopyUnicodeString
DbgPrintEx
MmGetSystemRoutineAddress
MmIsAddressValid
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

365bf5fa61bd51c980ae45a8248701a4

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6eCertificate

Extended Key Usages

Key Usages

f1:30:e2:a7:68:46:3b:d4:61:af:18:25:0c:9e:4a:66:15:fe:d4:54Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 512B - Virtual size: 468B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

f1:30:e2:a7:68:46:3b:d4:61:af:18:25:0c:9e:4a:66:15:fe:d4:54
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 512B - Virtual size: 468B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B