3658cd77785e6d76197624a77f40f0b9990fe15a39a8601492a9fb6bbc7a777e

Sharing

Copy URL Twitter E-mail

General

Target

3658cd77785e6d76197624a77f40f0b9990fe15a39a8601492a9fb6bbc7a777e
Size

22KB
MD5

3269d16816260019cababb8bb60f571b
SHA1

4c74b0b522fd0d797a30ef0fba1938c8045bda9d
SHA256

3658cd77785e6d76197624a77f40f0b9990fe15a39a8601492a9fb6bbc7a777e
SHA512

e3b987099556f9f4a13e609439de72ccebf37100eea94954e5d26726811951b3d64d69d992f95d3bb2730ea1d7576b8f38d9c4bc872e155afdd435d46c5c0765
SSDEEP

384:NzM0D7yhJuf5fA2dm5GHO+r8baG4s7rCGtVCqYZcrCGgTCFdGxOKvFx6NzurKvyT:NzZ+mV3DxKrCGtVrYZcrCGgTgdGxOKdN

Score

1^/10

Malware Config

Signatures

Files

3658cd77785e6d76197624a77f40f0b9990fe15a39a8601492a9fb6bbc7a777e
.exe windows x64

365bf5fa61bd51c980ae45a8248701a4

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

Issuer

CN=WDKTestCert Z\,132847468180283541

Not Before

23/12/2021, 15:26

Not After

23/12/2031, 00:00

Subject

CN=WDKTestCert Z\,132847468180283541

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

1a:a8:53:06:ce:71:7b:75:e8:a9:7d:59:e0:ad:8a:e7:bc:bd:fb:97
Signer

Actual PE Digest

1a:a8:53:06:ce:71:7b:75:e8:a9:7d:59:e0:ad:8a:e7:bc:bd:fb:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
ObfDereferenceObject
ZwClose
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalAddress
MmUnlockPages
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwProtectVirtualMemory
KeWaitForSingleObject
ObReferenceObjectByHandle
PsGetProcessExitStatus
PsThreadType
RtlGetVersion
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
__C_specific_handler
MmProbeAndLockPages
ExFreePoolWithTag
DbgPrint
ExAllocatePool
RtlCopyUnicodeString
DbgPrintEx
MmGetSystemRoutineAddress
MmIsAddressValid
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

365bf5fa61bd51c980ae45a8248701a4

Code Sign

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6eCertificate

Extended Key Usages

Key Usages

1a:a8:53:06:ce:71:7b:75:e8:a9:7d:59:e0:ad:8a:e7:bc:bd:fb:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 512B - Virtual size: 468B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

5c:c0:72:64:9a:41:f3:b3:4f:b1:ea:eb:0e:9b:4f:6e
Certificate

1a:a8:53:06:ce:71:7b:75:e8:a9:7d:59:e0:ad:8a:e7:bc:bd:fb:97
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 512B - Virtual size: 468B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B