92aae618fe0cd91bc181deb2f31517bebc0084d7b69fd0e28215167b6c8151f2

Sharing

Copy URL Twitter E-mail

General

Target

92aae618fe0cd91bc181deb2f31517bebc0084d7b69fd0e28215167b6c8151f2
Size

17KB
MD5

51b7b3b8f3d536b995f0ff526ad895b6
SHA1

61204bb7606b2982e6f56b9f3881dab31d21a7bb
SHA256

92aae618fe0cd91bc181deb2f31517bebc0084d7b69fd0e28215167b6c8151f2
SHA512

e4af8700c87e2c1ffd27776b34c35d4acf73ea9c1849c12ff558ea4e8a83b78a6934f8bf8a0473caeb95ef54572065699b0f34218a0fafac1ceea69984f12499
SSDEEP

384:zfioHOM8Hgc9uKYH93TZ9cFa/P4lX3kDA/cOd4ZXVZUvBw:bzHT8HL9uFH93TZ9oa/P4h38A/cOP5w

Score

1^/10

Malware Config

Signatures

Files

92aae618fe0cd91bc181deb2f31517bebc0084d7b69fd0e28215167b6c8151f2
.sys windows:10 windows x64

fae0012428b99a2afa225ebdfe3287d1

Code Sign

38:a0:08:1b:77:dd:22:ab:41:64:b3:3c:c4:e3:7f:56
Certificate

Issuer

CN=WDKTestCert Administrator\,133391427827019175

Not Before

14/09/2023, 05:26

Not After

14/09/2033, 00:00

Subject

CN=WDKTestCert Administrator\,133391427827019175

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

3a:c3:eb:80:88:5b:23:2a:6e:2f:50:95:c1:0f:14:ae:5f:24:c6:e2
Signer

Actual PE Digest

3a:c3:eb:80:88:5b:23:2a:6e:2f:50:95:c1:0f:14:ae:5f:24:c6:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePool
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoGetCurrentProcess
ObfDereferenceObject
MmGetPhysicalAddress
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwQueryVirtualMemory
MmCopyVirtualMemory
MmMarkPhysicalMemoryAsBad
__C_specific_handler
strstr
RtlInitUnicodeString
ExFreePoolWithTag
ZwClose
KeBugCheck
ObOpenObjectByPointer
ZwSetSystemInformation
ObReferenceObjectByName
ZwQuerySystemInformation
IoDriverObjectType
MmGetSystemRoutineAddress
DbgPrintEx
RtlGetVersion
ExAllocatePoolWithTag
RtlCaptureContext
PsGetProcessSectionBaseAddress
KeCapturePersistentThreadState
MmUserProbeAddress
_stricmp
RtlEqualUnicodeString
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlImageNtHeader

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fae0012428b99a2afa225ebdfe3287d1

Code Sign

38:a0:08:1b:77:dd:22:ab:41:64:b3:3c:c4:e3:7f:56Certificate

Extended Key Usages

Key Usages

3a:c3:eb:80:88:5b:23:2a:6e:2f:50:95:c1:0f:14:ae:5f:24:c6:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 48KB

.pdata Size: 512B - Virtual size: 408B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

38:a0:08:1b:77:dd:22:ab:41:64:b3:3c:c4:e3:7f:56
Certificate

3a:c3:eb:80:88:5b:23:2a:6e:2f:50:95:c1:0f:14:ae:5f:24:c6:e2
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 48KB

.pdata
Size: 512B - Virtual size: 408B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B