d0be95a797037ec5cb968e38803072c792d0b1adab931a23ce883f0a9c5e3b4f

Sharing

Copy URL Twitter E-mail

General

Target

d0be95a797037ec5cb968e38803072c792d0b1adab931a23ce883f0a9c5e3b4f
Size

17KB
MD5

02bfd6d1e4e0dc1b58cd8c2a860181e7
SHA1

fdc5f77f8bd8946b017bcf978092053b01ed725f
SHA256

d0be95a797037ec5cb968e38803072c792d0b1adab931a23ce883f0a9c5e3b4f
SHA512

a6872737ea3103baba5c3c1e5f416c9a2842a0b6b8d1146201ab41d2d14ec02bdc6d43ccfe62d93a3a962c8577e2eb9569f15dd2951d313e5b9c91695bb156e4
SSDEEP

384:ItnT2xfxwg9sh0sJvpdKEIJ2m4DpW5A5XyeuPcC+:fqQsh0sZHKZT4cjcC+

Score

1^/10

Malware Config

Signatures

Files

d0be95a797037ec5cb968e38803072c792d0b1adab931a23ce883f0a9c5e3b4f
.exe windows x64

dc817bad3fb928c9c0fb18598162453b

Code Sign

59:24:11:90:d0:b1:5e:a6:44:90:e9:ea:47:b7:19:68
Certificate

Issuer

CN=WDKTestCert Admin\,133364666609697410

Not Before

14/08/2023, 06:04

Not After

14/08/2033, 00:00

Subject

CN=WDKTestCert Admin\,133364666609697410

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

ec:a6:30:10:ba:d2:fe:99:c1:f0:fa:b6:f8:5a:fc:ac:5f:d3:5b:56
Signer

Actual PE Digest

ec:a6:30:10:ba:d2:fe:99:c1:f0:fa:b6:f8:5a:fc:ac:5f:d3:5b:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcsstr
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ZwQuerySystemInformation
strcmp
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwClose
_stricmp
RtlInitAnsiString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
MmGetSystemRoutineAddress
strstr
_strupr
IoGetCurrentProcess
MmIsAddressValid
MmCopyVirtualMemory
RtlInitString
RtlDeleteRegistryValue
RtlAppendUnicodeToString
MmMapIoSpace
MmUnmapIoSpace
MmAllocateContiguousMemory
ObReferenceObjectByHandle
ZwOpenFile
ZwOpenKey
ZwDeleteKey
RtlCompareString
MmGetPhysicalAddress
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
KeBugCheckEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc817bad3fb928c9c0fb18598162453b

Code Sign

59:24:11:90:d0:b1:5e:a6:44:90:e9:ea:47:b7:19:68Certificate

Extended Key Usages

Key Usages

ec:a6:30:10:ba:d2:fe:99:c1:f0:fa:b6:f8:5a:fc:ac:5f:d3:5b:56Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 112B

.pdata Size: 512B - Virtual size: 336B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

59:24:11:90:d0:b1:5e:a6:44:90:e9:ea:47:b7:19:68
Certificate

ec:a6:30:10:ba:d2:fe:99:c1:f0:fa:b6:f8:5a:fc:ac:5f:d3:5b:56
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 112B

.pdata
Size: 512B - Virtual size: 336B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B