6e0be134d836f4ec4f6d92c6c02996ef5cf1fe39812e30a3d01a030c615ca983

Sharing

Copy URL Twitter E-mail

General

Target

6e0be134d836f4ec4f6d92c6c02996ef5cf1fe39812e30a3d01a030c615ca983
Size

40KB
MD5

1892280e7f3479af5268b4e1e0bbaefe
SHA1

e3cb597bc6cdd9df41ad80bbbc6b39e0d2d01671
SHA256

6e0be134d836f4ec4f6d92c6c02996ef5cf1fe39812e30a3d01a030c615ca983
SHA512

d58cc69507cb35c7ca6deb063b148bd3b5fa269a4c4bfa85c2e0b1d06e235535f9b580af8b35c7e3159d5e73d3519c8f1cbba31644b34d08b42ec8b9edecf2b2
SSDEEP

768:GpFSaBX+cQ2gP1oaFVAN7UTEAcrFXeDKFNoWdmb15S4DfrKE:GpFSaJrgP1oIVAN7UTElkDdtow

Score

1^/10

Malware Config

Signatures

Files

6e0be134d836f4ec4f6d92c6c02996ef5cf1fe39812e30a3d01a030c615ca983
.sys windows:10 windows x64 arch:x64

f9c733918e103e38a80d9cf62efb1bc4

Code Sign

77:94:18:51:48:19:a2:95:42:fd:e1:51:da:db:fd:6e
Certificate

Issuer

CN=WDKTestCert Admin\,133207284308755121

Not Before

13/02/2023, 02:20

Not After

13/02/2033, 00:00

Subject

CN=WDKTestCert Admin\,133207284308755121

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

26:51:57:11:ff:cd:9b:94:38:0b:e8:47:d5:ad:c5:c1:8c:25:e1:7f:59:26:fa:89:0f:8c:7b:05:db:9f:70:db
Signer

Actual PE Digest

26:51:57:11:ff:cd:9b:94:38:0b:e8:47:d5:ad:c5:c1:8c:25:e1:7f:59:26:fa:89:0f:8c:7b:05:db:9f:70:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
KeRegisterProcessorChangeCallback
KeDeregisterProcessorChangeCallback
KdDebuggerNotPresent
RtlInitUnicodeString
DbgPrintEx
RtlTimeToTimeFields
KeGetCurrentIrql
KeDelayExecutionThread
KeInitializeSpinLock
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeGetCurrentProcessorNumberEx
KeAreAllApcsDisabled
ExInitializeResourceLite
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
ExDeleteResourceLite
ExSystemTimeToLocalTime
PsCreateSystemThread
PsTerminateSystemThread
IoGetCurrentProcess
ZwCreateFile
ZwWriteFile
ZwClose
PsGetCurrentThreadId
PsGetProcessId
IoRegisterBootDriverReinitialization
RtlGetVersion
ZwFlushBuffersFile
_vsnprintf
PsGetProcessImageFileName
ExCreateCallback
ExRegisterCallback
ExUnregisterCallback
ObfDereferenceObject
RtlCompareMemory
KeLowerIrql
KfRaiseIrql
KeSetSystemGroupAffinityThread
KeRevertToUserGroupAffinityThread
KeBugCheckEx
KeQueryActiveProcessorCountEx
KeGetProcessorNumberFromIndex
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
__C_specific_handler
MmSystemRangeStart
RtlInitializeBitMap
RtlClearBits
ZwWaitForSingleObject
MmGetSystemRoutineAddress

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9c733918e103e38a80d9cf62efb1bc4

Code Sign

77:94:18:51:48:19:a2:95:42:fd:e1:51:da:db:fd:6eCertificate

Extended Key Usages

Key Usages

26:51:57:11:ff:cd:9b:94:38:0b:e8:47:d5:ad:c5:c1:8c:25:e1:7f:59:26:fa:89:0f:8c:7b:05:db:9f:70:dbSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 864B

.pdata Size: 1KB - Virtual size: 1KB

PAGE Size: 9KB - Virtual size: 9KB

INIT Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 44B

77:94:18:51:48:19:a2:95:42:fd:e1:51:da:db:fd:6e
Certificate

26:51:57:11:ff:cd:9b:94:38:0b:e8:47:d5:ad:c5:c1:8c:25:e1:7f:59:26:fa:89:0f:8c:7b:05:db:9f:70:db
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 864B

.pdata
Size: 1KB - Virtual size: 1KB

PAGE
Size: 9KB - Virtual size: 9KB

INIT
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 44B