dvgqhsjk[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

dvgqhsjk.rar
Size

80KB
MD5

f8cef28bb68ce76b1689ee50711a6ae7
SHA1

30620e64b170707ad953b8bfc2ac8eba56eb0b12
SHA256

25690efecedc71765e5ec7da46297d25dc8548e86be8802ec3f5547e9c9175c0
SHA512

344996f2b5fecb39f9494f07ca2e59cbddb091758a689f664d0163b9d9999f2521bf8693248473244f52b51c39d4862fe6394d73f02689fcaf66b9d8dbf72ba4
SSDEEP

1536:o8inpInt7k+vQhgAMgBc5LhMS12PSDw00xsE9CxJeBnwU8wkbLX7HguhEiVkCdZF:o8ipKtYgWgA451MSBKCxcBnvBk3bguqI

Score

1^/10

Malware Config

Signatures

Files

dvgqhsjk.rar
.rar
dvgqhsjk.dat
.sys windows:6 windows x64

fc1b86d45a412f86d259da3c1e80ee85

Code Sign

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/03/2018, 00:00

Not After

20/03/2019, 23:59

Subject

CN=AC777 LTD,O=AC777 LTD,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:48:a1:f4:5d:44:6e:35:41:4e:e7:4c:d0:af:c5:de:02:f1:67:37
Signer

Actual PE Digest

f7:48:a1:f4:5d:44:6e:35:41:4e:e7:4c:d0:af:c5:de:02:f1:67:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExQueueWorkItem
sprintf
ExAllocatePoolWithTag
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
ExReleaseFastMutex
IoRegisterShutdownNotification
RtlUpcaseUnicodeString
ExAcquireFastMutex
IoRegisterDriverReinitialization
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
swprintf
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
KeInitializeEvent
IoDetachDevice
RtlEqualUnicodeString
IoVolumeDeviceToDosName
KeDelayExecutionThread
RtlFreeUnicodeString
ObQueryNameString
IoGetDeviceObjectPointer
ZwQueryValueKey
ExAllocatePool
ZwClose
RtlAppendUnicodeStringToString
IofCompleteRequest
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
PsGetVersion
RtlCompareUnicodeString
CmRegisterCallback
ObfReferenceObject
IoCreateSymbolicLink
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
IoCreateDevice
IoRegisterFsRegistrationChange
IofCallDriver
ZwOpenKey
_wcsicmp
strncmp
PsGetProcessImageFileName
RtlUnicodeStringToAnsiString
ZwQuerySystemInformation
strncpy
IoGetCurrentProcess
DbgPrint
KeReleaseSpinLock
ExSystemTimeToLocalTime
RtlTimeToTimeFields
KeAcquireSpinLockRaiseToDpc
towlower
strchr
ZwEnumerateKey
IoGetRelatedDeviceObject
IoFreeMdl
ZwCreateFile
ObReferenceObjectByHandle
IoFreeIrp
MmProbeAndLockPages
IoAllocateIrp
IoAllocateMdl
isspace
strstr
isdigit
ZwReadFile
ZwSetInformationFile
ZwDeleteFile
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
ZwDeviceIoControlFile
toupper
ZwLoadDriver
PsCreateSystemThread
KeQueryTimeIncrement
IoCreateFile
IoFileObjectType
ZwCreateKey
ZwSetValueKey
ZwFlushKey
ZwDeleteKey
ZwQueryKey
NtQueryVolumeInformationFile
NtBuildNumber
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oycowrro.dat
.sys windows:6 windows x64

5f24780d2de64a1b7fdaf3a073f40387

Code Sign

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/03/2018, 00:00

Not After

20/03/2019, 23:59

Subject

CN=AC777 LTD,O=AC777 LTD,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:7f:85:19:8e:38:76:10:6d:0c:f5:18:f0:51:d4:7a:6f:c5:72:e2
Signer

Actual PE Digest

ba:7f:85:19:8e:38:76:10:6d:0c:f5:18:f0:51:d4:7a:6f:c5:72:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_stricmp
NtBuildNumber
KeDelayExecutionThread
rand
srand
RtlImageNtHeader
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
IoGetRelatedDeviceObject
KeSetEvent
IoCreateFile
KeInitializeEvent
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
ObfDereferenceObject
DbgPrint
IofCallDriver
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwReadFile
RtlInitUnicodeString
ZwSetInformationFile
RtlFreeUnicodeString
ZwCreateFile
_vsnwprintf
ZwDeleteFile
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
strchr
IoBuildDeviceIoControlRequest
IoCancelIrp
sprintf
strncmp
isspace
strncpy
isdigit
swprintf
_vsnprintf
PsGetVersion
ZwDeviceIoControlFile
ZwLoadDriver
ZwCreateKey
RtlUpcaseUnicodeString
RtlAppendUnicodeToString
ZwDeleteValueKey
ZwSetValueKey
FsRtlIsNameInExpression
ObQueryNameString
ZwQueryValueKey
ZwEnumerateValueKey
RtlAppendUnicodeStringToString
ZwFlushKey
RtlCompareMemory
MmIsAddressValid
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
MmGetSystemRoutineAddress
IoDriverObjectType
ObReferenceObjectByName
KeInitializeApc
KeInsertQueueApc
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
KeLeaveCriticalRegion
IoRegisterDriverReinitialization
PsGetProcessImageFileName
PsLookupProcessByProcessId
IoFreeWorkItem
KeEnterCriticalRegion
PsCreateSystemThread
IoGetDeviceObjectPointer
PsTerminateSystemThread
ExAcquireResourceSharedLite
IoGetCurrentProcess
IoAllocateWorkItem
ExReleaseResourceLite
IofCompleteRequest
RtlCompareUnicodeString
IoQueueWorkItem
CmUnRegisterCallback
PsGetProcessWow64Process
IoDeleteSymbolicLink
IoRegisterShutdownNotification
PsSetLoadImageNotifyRoutine
IoDeleteDevice
KeInitializeDpc
PsSetCreateProcessNotifyRoutine
KeInitializeTimer
IoUnregisterShutdownNotification
PsRemoveLoadImageNotifyRoutine
KeSetTimer
CmRegisterCallback
ExDeleteResourceLite
IoCreateSymbolicLink
IoCreateDevice
ExInitializeResourceLite
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tdiDriver.dat
.sys windows:6 windows x64

8b2fa203cac5fd2d6fb39bb3e5145c1d

Code Sign

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/03/2018, 00:00

Not After

20/03/2019, 23:59

Subject

CN=AC777 LTD,O=AC777 LTD,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:c8:4b:4a:07:d0:24:44:31:df:70:30:ba:a0:55:85:9a:08:ce:a1
Signer

Actual PE Digest

33:c8:4b:4a:07:d0:24:44:31:df:70:30:ba:a0:55:85:9a:08:ce:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlInitUnicodeString
MmGetSystemRoutineAddress
MmIsAddressValid
DbgPrint
MmMapLockedPagesSpecifyCache
IoDeleteDevice
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoDeleteSymbolicLink
KeInitializeDpc
PsSetCreateProcessNotifyRoutine
ExAllocatePoolWithTag
IofCompleteRequest
KeSetTimer
IoCreateSymbolicLink
IofCallDriver
IoGetRelatedDeviceObject
KeSetEvent
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFileObjectType
wcsstr
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
RtlCompareMemory
PsGetCurrentProcessId
IoAllocateMdl
KeBugCheckEx
KeAcquireSpinLockRaiseToDpc
_wcsicmp
ExDeleteNPagedLookasideList
ExQueryDepthSList
ExpInterlockedPopEntrySList
KeReleaseSpinLock
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
KeInitializeTimer
__C_specific_handler

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc1b86d45a412f86d259da3c1e80ee85

Code Sign

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9Certificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

f7:48:a1:f4:5d:44:6e:35:41:4e:e7:4c:d0:af:c5:de:02:f1:67:37Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 2KB

PAGE Size: 7KB - Virtual size: 6KB

INIT Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 356B

5f24780d2de64a1b7fdaf3a073f40387

Code Sign

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9Certificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

ba:7f:85:19:8e:38:76:10:6d:0c:f5:18:f0:51:d4:7a:6f:c5:72:e2Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 310B

8b2fa203cac5fd2d6fb39bb3e5145c1d

Code Sign

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9Certificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

33:c8:4b:4a:07:d0:24:44:31:df:70:30:ba:a0:55:85:9a:08:ce:a1Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

tdi.sys

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 1024B - Virtual size: 916B

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 636B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 96B

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

f7:48:a1:f4:5d:44:6e:35:41:4e:e7:4c:d0:af:c5:de:02:f1:67:37
Signer

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 7KB - Virtual size: 6KB

INIT
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 356B

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

ba:7f:85:19:8e:38:76:10:6d:0c:f5:18:f0:51:d4:7a:6f:c5:72:e2
Signer

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 310B

58:c9:dd:11:a7:a8:5c:1b:79:00:a9:3f:bf:9c:d2:f9
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

33:c8:4b:4a:07:d0:24:44:31:df:70:30:ba:a0:55:85:9a:08:ce:a1
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 1024B - Virtual size: 916B

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 636B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 96B