83061a28bbceae839c2baa3cdc0bbae549be30b3f21c6cdfdd4f19e3e1cac759

Sharing

Copy URL

Twitter E-mail

General

Target

83061a28bbceae839c2baa3cdc0bbae549be30b3f21c6cdfdd4f19e3e1cac759
Size

19KB
MD5

820a5d78a1f9ccef7e41064976758c30
SHA1

6e23f24e9d81b65d9700fdc8c80fc9fd218c33f5
SHA256

83061a28bbceae839c2baa3cdc0bbae549be30b3f21c6cdfdd4f19e3e1cac759
SHA512

e07666b633bf850b7e1acc34c17eaf22b8576955ef995dac1afd2507b65a79638b178f8896ce835b29e7146fac98d3fd0c88c37b4dbe9abaa9b6bc68efe41e57
SSDEEP

384:fnZtsOiN5cf8baG4s7rCGtVCqYZcrCGgTCFdGxOKvFx6Nz/k+By:PPDrBKrCGtVrYZcrCGgTgdGxOKdx6Nz+

Score

1^/10

Malware Config

Signatures

Files

83061a28bbceae839c2baa3cdc0bbae549be30b3f21c6cdfdd4f19e3e1cac759
.exe windows x64

6accae0321ddfa9e61fb1415d280f782

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

Issuer

CN=WDKTestCert Z\,132847468180283541

Not Before

23/12/2021, 15:26

Not After

23/12/2031, 00:00

Subject

CN=WDKTestCert Z\,132847468180283541

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

ca:0e:d9:83:8c:e8:97:75:1e:24:05:2a:5f:b6:2e:aa:4a:04:3c:51
Signer

Actual PE Digest

ca:0e:d9:83:8c:e8:97:75:1e:24:05:2a:5f:b6:2e:aa:4a:04:3c:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
MmIsAddressValid
DbgPrint
KeWaitForSingleObject
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
IoDeleteDevice
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsThreadType
RtlGetVersion
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ExAllocatePool
ExFreePoolWithTag
RtlCopyUnicodeString
DbgPrintEx
MmGetSystemRoutineAddress
PsGetProcessExitStatus
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6accae0321ddfa9e61fb1415d280f782

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6eCertificate

Extended Key Usages

Key Usages

ca:0e:d9:83:8c:e8:97:75:1e:24:05:2a:5f:b6:2e:aa:4a:04:3c:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 512B - Virtual size: 360B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

ca:0e:d9:83:8c:e8:97:75:1e:24:05:2a:5f:b6:2e:aa:4a:04:3c:51
Signer

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 512B - Virtual size: 360B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B