$RKLO4O6[.]crdownload[.]zip

Resubmissions

18-08-2023 20:11

230818-yypa4sfa7w 1

18-08-2023 20:11

230818-yyefxade28 1

Sharing

Copy URL

Twitter E-mail

General

Target

$RKLO4O6.crdownload.zip
Size

11KB
MD5

6b46cdb8e9a4e1364ff267b0afb3e89a
SHA1

8f7cea0c8adfe6b68fca61cc4b5b5ad1037d456f
SHA256

ce7361e0545143942a1408ea5070f53e292b04b44489d7371ddbc7a575339bfc
SHA512

eddf44f05ec02d8cb2e22f3452fe72521da8f9f9dfba31aee9a0e22c9e7b67b228a5c9ff42ac1e561b8dcd14756f9c172ca60b47a6191340123c3b23e73933be
SSDEEP

192:ouXDfHUuJBxVJlRoGcpM3ZHrrY8Bzq4zFQx/f7vObA35tLcvIGVWiu0JT:XfJBxNurM3ZLrY6ztzwnrObAptYvIof

Score

1^/10

Malware Config

Signatures

Files

$RKLO4O6.crdownload.zip
.zip
$RKLO4O6.crdownload
.exe windows x64

c7f08aed5725fe6a53a62ebe354ff135

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:00:eb:42:33:c0:87:6e:11:58:05:66:d4:47:35:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09-09-2011 00:00

Not After

08-09-2013 23:59

Subject

CN=Symantec Corporation,OU=IMG+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Symantec Corporation,L=Heathrow,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:aa:70:aa:c8:78:a3:89:c8:21:3a:5b:c0:df:83:0b:1d:5b:4e:04
Signer

Actual PE Digest

cb:aa:70:aa:c8:78:a3:89:c8:21:3a:5b:c0:df:83:0b:1d:5b:4e:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsGetVersion
strncmp
ZwOpenProcess
ExAcquireFastMutex
IoCreateSymbolicLink
PsLookupProcessByProcessId
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDevice
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
IoCreateNotificationEvent
MmGetSystemRoutineAddress
KeInitializeEvent
PsSetCreateProcessNotifyRoutine
ExAllocatePoolWithTag
IoGetCurrentProcess
KeClearEvent
ZwClose
IoDeleteSymbolicLink
IofCompleteRequest
ExFreePoolWithTag
KeBugCheckEx
DbgPrint
ExReleaseFastMutex

hal

KeQueryPerformanceCounter

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
checksums.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c7f08aed5725fe6a53a62ebe354ff135

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

7b:00:eb:42:33:c0:87:6e:11:58:05:66:d4:47:35:feCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cb:aa:70:aa:c8:78:a3:89:c8:21:3a:5b:c0:df:83:0b:1d:5b:4e:04Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 556B

.data Size: 512B - Virtual size: 404B

.pdata Size: 512B - Virtual size: 120B

INIT Size: 1024B - Virtual size: 980B

.rsrc Size: 1KB - Virtual size: 1KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

7b:00:eb:42:33:c0:87:6e:11:58:05:66:d4:47:35:fe
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cb:aa:70:aa:c8:78:a3:89:c8:21:3a:5b:c0:df:83:0b:1d:5b:4e:04
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 556B

.data
Size: 512B - Virtual size: 404B

.pdata
Size: 512B - Virtual size: 120B

INIT
Size: 1024B - Virtual size: 980B

.rsrc
Size: 1KB - Virtual size: 1KB