79049cb5accdb04d686769f238b9eab026f89db0c67c3ed07b2f2cc9785c8ff5

Sharing

Copy URL Twitter E-mail

General

Target

79049cb5accdb04d686769f238b9eab026f89db0c67c3ed07b2f2cc9785c8ff5
Size

19KB
MD5

e50fd46e7d7a09fa4a0f602aeff40b2d
SHA1

dc9cf647cd03c95a2f762d6c83582e8bd63dd12c
SHA256

79049cb5accdb04d686769f238b9eab026f89db0c67c3ed07b2f2cc9785c8ff5
SHA512

c0483b1926766da5d0ae7779ca7ea253b140c230ea98d517aad8ae785115712a6b43d5f248dc9334dbac6d2af82f0ff4d25b7560bcd040fa2d59e5f98939debb
SSDEEP

384:N6QVN8OiN5OHf8baG4s7rCGtVCqYZcrCGgTCFdGxOKvFx6NzvLBzXAyM:N/zTXHBKrCGtVrYZcrCGgTgdGxOKdx6E

Score

1^/10

Malware Config

Signatures

Files

79049cb5accdb04d686769f238b9eab026f89db0c67c3ed07b2f2cc9785c8ff5
.exe windows x64

a7deb5c4a9e8592b40d272c0723c2498

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

Issuer

CN=WDKTestCert Z\,132847468180283541

Not Before

23/12/2021, 15:26

Not After

23/12/2031, 00:00

Subject

CN=WDKTestCert Z\,132847468180283541

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

ac:56:3e:4b:8a:c3:80:59:3d:e0:1e:ff:62:0f:5c:6b:57:90:d3:21
Signer

Actual PE Digest

ac:56:3e:4b:8a:c3:80:59:3d:e0:1e:ff:62:0f:5c:6b:57:90:d3:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
ZwClose
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
KeWaitForSingleObject
ObReferenceObjectByHandle
PsGetProcessExitStatus
PsThreadType
RtlGetVersion
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ExFreePoolWithTag
DbgPrint
ExAllocatePool
RtlCopyUnicodeString
DbgPrintEx
MmGetSystemRoutineAddress
MmIsAddressValid
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7deb5c4a9e8592b40d272c0723c2498

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6eCertificate

Extended Key Usages

Key Usages

ac:56:3e:4b:8a:c3:80:59:3d:e0:1e:ff:62:0f:5c:6b:57:90:d3:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 512B - Virtual size: 360B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

ac:56:3e:4b:8a:c3:80:59:3d:e0:1e:ff:62:0f:5c:6b:57:90:d3:21
Signer

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 512B - Virtual size: 360B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B