a5f9e2c347a244fb366dd59d1a70f5ab[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a5f9e2c347a244fb366dd59d1a70f5ab.bin
Size

38KB
MD5

e2ba38e2a2d195e43af0ef07ff729b6d
SHA1

0be8dd623029596fb9e0b55f5d87d4c09dedbb97
SHA256

b0a8f9be92db8ed110791e9be52ae196f306a7c3db84182f2added8a2df5dc0e
SHA512

af91c9e976ad9d7897fadf4944e8ba8111305768649fa8ebfc3bd3bd99c21972a52f8d24897067e82d619f7d2e55184e0c3e2ae73d7471b98bbad1808f44ff0b
SSDEEP

768:8qEZly+u4xoP9dxjRZdKzhJJl58yee+90MI+tNUmCJ+ON:8ZZwP9rAzhJJl58yee+SZ///N

Score

1^/10

Malware Config

Signatures

Files

a5f9e2c347a244fb366dd59d1a70f5ab.bin
.zip

Password: infected
22a548eb8a637b40c6e9320e00d7645d0d64169db4ee780cc16399913ec66121.sys
.exe windows x64

Password: infected

c07c9b1f23e4e7dafa545d6409726bb5

Code Sign

7e:1c:b2:99:5a:c5:9d:98:46:22:9d:35:20:bf:fb:6e
Certificate

Issuer

CN=WDKTestCert Jakx\,133304498957027669

Not Before

05/06/2023, 14:44

Not After

05/06/2033, 00:00

Subject

CN=WDKTestCert Jakx\,133304498957027669

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

b5:fe:df:83:44:fd:53:30:21:e8:30:5c:31:40:7c:ce:02:a8:f8:cc:26:2c:89:4d:25:40:23:66:49:ec:bf:9d
Signer

Actual PE Digest

b5:fe:df:83:44:fd:53:30:21:e8:30:5c:31:40:7c:ce:02:a8:f8:cc:26:2c:89:4d:25:40:23:66:49:ec:bf:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdlEx
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
ExDeleteResourceLite
ObOpenObjectByPointer
ZwAllocateVirtualMemory
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
__C_specific_handler
KeQueryActiveProcessorCount
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
HalDispatchTable
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
swprintf_s
MmMapIoSpace
MmUnmapIoSpace
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
RtlUnwind
RtlAnsiCharToUnicodeChar
KeBugCheckEx
ExInitializeResourceLite
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePool
PsLookupProcessByProcessId
RtlInitUnicodeString

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c07c9b1f23e4e7dafa545d6409726bb5

Code Sign

7e:1c:b2:99:5a:c5:9d:98:46:22:9d:35:20:bf:fb:6eCertificate

Extended Key Usages

Key Usages

b5:fe:df:83:44:fd:53:30:21:e8:30:5c:31:40:7c:ce:02:a8:f8:cc:26:2c:89:4d:25:40:23:66:49:ec:bf:9dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 43KB

.pdata Size: 3KB - Virtual size: 2KB

INIT Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 56B

7e:1c:b2:99:5a:c5:9d:98:46:22:9d:35:20:bf:fb:6e
Certificate

b5:fe:df:83:44:fd:53:30:21:e8:30:5c:31:40:7c:ce:02:a8:f8:cc:26:2c:89:4d:25:40:23:66:49:ec:bf:9d
Signer

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 43KB

.pdata
Size: 3KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 56B