4ebf0529349f58146134b93c88cebbd4a1072d02928a75b03c848d5fc015e804

Sharing

Copy URL

Twitter E-mail

General

Target

4ebf0529349f58146134b93c88cebbd4a1072d02928a75b03c848d5fc015e804
Size

17KB
MD5

fd16bd1ab7c469d5ee850121f03ed837
SHA1

4bec4589e6248f84d3088a2b5820de7e3cde2493
SHA256

4ebf0529349f58146134b93c88cebbd4a1072d02928a75b03c848d5fc015e804
SHA512

4fe7c6ecea9686ab04cb0a20777f82ec2686514732e96270846ffd704c17951a138377603959ac3a619c87bd2de4d2ac165385049af25bf618baf38d38534227
SSDEEP

384:ItnY2xfxwg9sh0sJvpdKEIJ2m4DpW5ARXyeuP0JWS:6qQsh0sZHKZT4Ej0JWS

Score

1^/10

Malware Config

Signatures

Files

4ebf0529349f58146134b93c88cebbd4a1072d02928a75b03c848d5fc015e804
.exe windows x64

dc817bad3fb928c9c0fb18598162453b

Code Sign

16:55:97:1b:7b:34:6a:b2:4e:b7:eb:5c:01:48:41:a3
Certificate

Issuer

CN=WDKTestCert Admin\,133356200779550492

Not Before

04/08/2023, 10:54

Not After

04/08/2033, 00:00

Subject

CN=WDKTestCert Admin\,133356200779550492

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

7d:18:7a:a6:ab:91:bd:c3:a2:06:9b:ce:1a:1e:4e:d3:f9:bb:8c:cf
Signer

Actual PE Digest

7d:18:7a:a6:ab:91:bd:c3:a2:06:9b:ce:1a:1e:4e:d3:f9:bb:8c:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcsstr
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ZwQuerySystemInformation
strcmp
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwClose
_stricmp
RtlInitAnsiString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
MmGetSystemRoutineAddress
strstr
_strupr
IoGetCurrentProcess
MmIsAddressValid
MmCopyVirtualMemory
RtlInitString
RtlDeleteRegistryValue
RtlAppendUnicodeToString
MmMapIoSpace
MmUnmapIoSpace
MmAllocateContiguousMemory
ObReferenceObjectByHandle
ZwOpenFile
ZwOpenKey
ZwDeleteKey
RtlCompareString
MmGetPhysicalAddress
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
KeBugCheckEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc817bad3fb928c9c0fb18598162453b

Code Sign

16:55:97:1b:7b:34:6a:b2:4e:b7:eb:5c:01:48:41:a3Certificate

Extended Key Usages

Key Usages

7d:18:7a:a6:ab:91:bd:c3:a2:06:9b:ce:1a:1e:4e:d3:f9:bb:8c:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 112B

.pdata Size: 512B - Virtual size: 336B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

16:55:97:1b:7b:34:6a:b2:4e:b7:eb:5c:01:48:41:a3
Certificate

7d:18:7a:a6:ab:91:bd:c3:a2:06:9b:ce:1a:1e:4e:d3:f9:bb:8c:cf
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 112B

.pdata
Size: 512B - Virtual size: 336B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B