545d5122d27057af25762804d4cb72a0a01f0e8dc4013972e32a67fe3835f5d7

Sharing

Copy URL

Twitter E-mail

General

Target

545d5122d27057af25762804d4cb72a0a01f0e8dc4013972e32a67fe3835f5d7
Size

11KB
MD5

854a71304fae46160e5c76c77093e865
SHA1

469134324339667666fdca22788ea70aff56fec7
SHA256

545d5122d27057af25762804d4cb72a0a01f0e8dc4013972e32a67fe3835f5d7
SHA512

3570f26dc74cef5c25cff7df68f62edcb58a7a2462a9ca0d8a35e76fbd70fef0426ef5018304574de623e34a76fdaa4a56272497e49959c0f3770433ded9c09f
SSDEEP

192:/ffD0w2kc1jFws19i/rYcZ0Uh/uTsIs4WW4stJ:/ffDcd5Sr5HtOWkJ

Score

1^/10

Malware Config

Signatures

Files

545d5122d27057af25762804d4cb72a0a01f0e8dc4013972e32a67fe3835f5d7
.exe windows x64

311f1749787654f407c6cfec0b5fadaf

Code Sign

16:55:97:1b:7b:34:6a:b2:4e:b7:eb:5c:01:48:41:a3
Certificate

Issuer

CN=WDKTestCert Admin\,133356200779550492

Not Before

04-08-2023 10:54

Not After

04-08-2033 00:00

Subject

CN=WDKTestCert Admin\,133356200779550492

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

2d:b9:31:fc:6c:cc:6f:8d:a2:12:90:2f:5b:0f:62:21:e6:71:c7:21
Signer

Actual PE Digest

2d:b9:31:fc:6c:cc:6f:8d:a2:12:90:2f:5b:0f:62:21:e6:71:c7:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcsstr
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ZwQuerySystemInformation
strcmp
ZwClose
RtlInitUnicodeString
RtlDeleteRegistryValue
RtlAppendUnicodeToString
ObReferenceObjectByHandle
ZwOpenFile
ZwOpenKey
ZwDeleteKey
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
KeBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

311f1749787654f407c6cfec0b5fadaf

Code Sign

16:55:97:1b:7b:34:6a:b2:4e:b7:eb:5c:01:48:41:a3Certificate

Extended Key Usages

Key Usages

2d:b9:31:fc:6c:cc:6f:8d:a2:12:90:2f:5b:0f:62:21:e6:71:c7:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 112B

.pdata Size: 512B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 20B

16:55:97:1b:7b:34:6a:b2:4e:b7:eb:5c:01:48:41:a3
Certificate

2d:b9:31:fc:6c:cc:6f:8d:a2:12:90:2f:5b:0f:62:21:e6:71:c7:21
Signer

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 112B

.pdata
Size: 512B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 20B