4e203158e34ac228a9d26fcd36ec8483fd9fd93ec5ff9472bfc324c7f74bd38e

Sharing

Copy URL

Twitter E-mail

General

Target

4e203158e34ac228a9d26fcd36ec8483fd9fd93ec5ff9472bfc324c7f74bd38e
Size

15KB
MD5

291a873ba20de6adcf965e74f5469c4d
SHA1

7256fe2251ca066a11190ac93cafed27dee5b8c3
SHA256

4e203158e34ac228a9d26fcd36ec8483fd9fd93ec5ff9472bfc324c7f74bd38e
SHA512

66ca109e44e78375d8d6268a7cccf150a7da138886d534cd04afc939c342b79aae2d081273cec32aebc10a035ab7f1c5725addc3b39de45180e59c06a6ff6843
SSDEEP

192:Y6v5PUi0zBZhmd1D5eF6yYcHC03IT4eUWnsNXraBs6V+vOukjtlAur9ZCspE+TMT:Y2PUvzBzu1D5+6y5bHe1B/huMUHeMDf

Score

1^/10

Malware Config

Signatures

Files

4e203158e34ac228a9d26fcd36ec8483fd9fd93ec5ff9472bfc324c7f74bd38e
.exe windows x64

02a46c25d8c5c0594f44adfd47447344

Code Sign

65:08:69:73:2d:03:e2:7a:4f:d4:94:dc:51:84:58:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31-12-2013 00:00

Not After

31-12-2014 23:59

Subject

CN=YI ZENG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Individual Developer,O=No Organization Affiliation,L=Pingchang,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:0c:93:98:f3:f3:ff:3e:f0:d4:b6:4d:20:e1:49:a4:a1:7b:ef:99
Signer

Actual PE Digest

ed:0c:93:98:f3:f3:ff:3e:f0:d4:b6:4d:20:e1:49:a4:a1:7b:ef:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

atoi
RtlInitUnicodeString
ExAllocatePool
ExFreePoolWithTag
IoGetCurrentProcess
KeStackAttachProcess
KeUnstackDetachProcess
ObReferenceObjectByName
IoDriverObjectType
KeDelayExecutionThread
ExInitializePushLock
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
RtlGetVersion
ExAcquirePushLockExclusiveEx
ExReleasePushLockExclusiveEx
ZwClose
MmIsAddressValid
PsSetCreateProcessNotifyRoutineEx
PsGetProcessId
ZwTerminateProcess
ZwOpenProcess
__C_specific_handler

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02a46c25d8c5c0594f44adfd47447344

Code Sign

65:08:69:73:2d:03:e2:7a:4f:d4:94:dc:51:84:58:87Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ed:0c:93:98:f3:f3:ff:3e:f0:d4:b6:4d:20:e1:49:a4:a1:7b:ef:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 15KB

.pdata Size: 512B - Virtual size: 288B

INIT Size: 1024B - Virtual size: 842B

.reloc Size: 512B - Virtual size: 36B

65:08:69:73:2d:03:e2:7a:4f:d4:94:dc:51:84:58:87
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ed:0c:93:98:f3:f3:ff:3e:f0:d4:b6:4d:20:e1:49:a4:a1:7b:ef:99
Signer

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 15KB

.pdata
Size: 512B - Virtual size: 288B

INIT
Size: 1024B - Virtual size: 842B

.reloc
Size: 512B - Virtual size: 36B