NimBlackout-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

NimBlackout-main.zip
Size

716KB
MD5

4acd6ec02e19b76e90fecf8995bfcb4f
SHA1

968b6fa838df2c72881b80514ba61525b2e7ad60
SHA256

b0c774e9ccda7770ecbf2b5c76d95d7ffbcfa7a7acea13a2891ee713ed94f6c6
SHA512

5e4db5d8b2fecd3735346e1a45bb1c4d33fbf2406be0e34e6112c5ae5c8df1cb9faed3412593b6a5b62ffbd73a484e812d4d0d4bef6d7c52920cf01b76391d38
SSDEEP

12288:6S+H+QqRc16Tl2WF4urNbZyRlHQKPFMPW/Lmb1IhzeR5/UVk:6P+lc16B2WFDBARmHPW/LG1v5/0k

Score

1^/10

Malware Config

Signatures

Files

NimBlackout-main.zip
.zip
NimBlackout-main/Github_CrimsonKiller.gif
.gif
NimBlackout-main/README.md
NimBlackout-main/src/Blackout.sys
.exe windows x64

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2014, 07:01

Not After

04/02/2015, 15:04

Subject

CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek,O=GMEREK Systemy Komputerowe Przemyslaw Gmerek,L=Katowice,ST=Katowice,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

Actual PE Digest

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsProcessType
IoDeleteSymbolicLink
ExFreePoolWithTag
strncmp
_snwprintf
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
KeUnstackDetachProcess
KeDetachProcess
IoDriverObjectType
wcsrchr
ExAllocatePool
ZwClose
KeBugCheck
IofCompleteRequest
ObReferenceObjectByHandle
KeAttachProcess
PsGetVersion
PsThreadType
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByName
IoCreateDevice
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupThreadByThreadId
KeClearEvent
IoGetBaseFileSystemDeviceObject
IoBuildSynchronousFsdRequest
_wcsnicmp
ZwReadFile
wcsncpy
KeInitializeEvent
ZwSetInformationFile
strncpy
IoGetDeviceObjectPointer
NtClose
KeWaitForSingleObject
ZwDeleteFile
RtlCompareUnicodeString
ObfReferenceObject
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
IofCallDriver
wcschr
MmUnmapLockedPages
_stricmp
_strnicmp
RtlVolumeDeviceToDosName
ZwMapViewOfSection
MmGetSystemRoutineAddress
ZwQuerySystemInformation
KeReleaseSpinLock
ZwOpenThread
IoFreeMdl
KeDelayExecutionThread
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
IoGetCurrentProcess
MmProbeAndLockPages
ZwOpenProcess
MmUnlockPages
ZwQueryInformationProcess
ZwCreateSection
wcsncmp
ZwTerminateProcess
ZwQueryInformationThread
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
ZwQuerySymbolicLinkObject
KeSetEvent
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
IoFreeIrp
IoAllocateIrp
IoGetDeviceInterfaces
IoCreateNotificationEvent
ObQueryNameString
ZwWaitForSingleObject
ZwQueryDirectoryFile
KeResetEvent
KdDebuggerNotPresent
PsCreateSystemThread
PsTerminateSystemThread
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NimBlackout-main/src/NimBlackout.nim

Sharing

General

Malware Config

Signatures

Files

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4aCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7bSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 872B

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 872B