5fea22f442e7fd34a54008e363446d13[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

5fea22f442e7fd34a54008e363446d13.bin
Size

17KB
MD5

6e607eb5382b44dc0beca4848b28c2ee
SHA1

54f6f3c4e44599685ca29d652d7c65fd790040ed
SHA256

74d608099950a73f33f081065768035ba07570599a140e24614549f040937506
SHA512

2fc334cf5b053a6c3c108807c2de29a3f310eeee84a55eb12badaf1e7769c5453fac91b4f347348d3603d2d2de7d96b20f7fbe0fa29e474fa6702a0ec7785fea
SSDEEP

384:Ye48WNJHznHIgp+JGWDIyfBI82la1yjmVoZcj1oJvVydt/Jf+I:OtzHnQJGOIygl8yjUoZUIV+t/JT

Score

1^/10

Malware Config

Signatures

Files

5fea22f442e7fd34a54008e363446d13.bin
.zip

Password: infected
9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5.sys
.dll windows:5 windows x64

Password: infected

1fb8e85267a70537d661f9df2fc215ac

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30
Signer

Actual PE Digest

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
ZwCreateFile
ExAllocatePool
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
ZwWriteFile
DbgPrint
InitializeSListHead
ExpInterlockedPushEntrySList
KeInitializeDpc
KeReleaseSpinLock
ExpInterlockedPopEntrySList
ZwWaitForSingleObject
KeFlushQueuedDpcs
PsCreateSystemThread
ExSystemTimeToLocalTime
_vsnprintf
KeInsertQueueDpc
RtlTimeToTimeFields
PsThreadType
PsGetCurrentThreadId
KeAcquireSpinLockRaiseToDpc
PsProcessType
PsLookupProcessByProcessId
_wcsnicmp
ExFreePoolWithTag
ZwOpenProcess
ZwQueryInformationProcess
RtlCopyUnicodeString
MmIsAddressValid
ZwTerminateProcess
ObOpenObjectByPointer
PsGetProcessId
RtlAppendUnicodeToString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeDelayExecutionThread
ZwQuerySystemInformation
KeBugCheckEx
KeClearEvent
IoDeleteSymbolicLink
KeResetEvent
IoCreateNotificationEvent
KeSetPriorityThread
IoDeleteDevice
KeSetTimerEx
PsTerminateSystemThread
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeInitializeTimerEx
KeCancelTimer
PsGetProcessInheritedFromUniqueProcessId
ExAllocatePoolWithTag
__C_specific_handler

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1fb8e85267a70537d661f9df2fc215ac

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: - Virtual size: 8KB

.pdata Size: 1024B - Virtual size: 1020B

INIT Size: 2KB - Virtual size: 1KB

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 1020B

INIT
Size: 2KB - Virtual size: 1KB