6c0aab8da3755b0c42a1974fd726990f

Sharing

Copy URL Twitter E-mail

General

Target

6c0aab8da3755b0c42a1974fd726990f
Size

91KB
MD5

6c0aab8da3755b0c42a1974fd726990f
SHA1

45aee2d5cb4a26033e88db09ea313b30de650328
SHA256

108aaf791f4f50792fc635c7133d09cb3f5f8917ee59c7295e525a7ace90c70f
SHA512

0a8840e65058d3b5ae918d83d5199e4b6ba74939b6428b57251995b3783f37b1c41db76224a69dde3abe7c2c149fdfa46160997533fb3d1290244a4db84b1e1c
SSDEEP

1536:7vtnCvulMH77O5DKkcR9Q4W5hsceBoUPQlZ1fJAXwqb7KVXRwdq+/64Vzl4ryc9x:7lCvulMH77O5DKD9Q4W5OBoUPQlZ1xAQ

Score

1^/10

Malware Config

Signatures

Files

6c0aab8da3755b0c42a1974fd726990f
.sys windows:6 windows x64 arch:x64

0250bc4d4a42bac67644432537ff1ba8

Code Sign

6b:9d:ac:67:91:b0:06:b0:4e:37:27:fb:85:11:c9:27
Certificate

Issuer

CN=Aseejuqozukuz

Not Before

07/07/2015, 15:48

Not After

31/12/2039, 23:59

Subject

CN=Aseejuqozukuz

02:9a:43:0f:d4:83:72:43:eb:d3:09:1d:d6:cd:3e:38:70:eb:19:d2
Signer

Actual PE Digest

02:9a:43:0f:d4:83:72:43:eb:d3:09:1d:d6:cd:3e:38:70:eb:19:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

FsRtlResetLargeMcb
ExWaitForRundownProtectionRelease
ExAllocatePoolWithTag
KeQueryActiveProcessors
RtlNumberGenericTableElements
RtlConvertSidToUnicodeString
RtlCaptureContext
ExFreePoolWithTag
PfxInitialize
IoSetHardErrorOrVerifyDevice
KeInitializeMutant
RtlInitializeBitMap
RtlNumberGenericTableElementsAvl
RtlSetGroupSecurityDescriptor
ExInitializeRundownProtection
ExConvertExclusiveToSharedLite
FsRtlInitializeTunnelCache
MmGetVirtualForPhysical
RtlGetGroupSecurityDescriptor
KeReadStateMutant
RtlValidRelativeSecurityDescriptor
RtlIsGenericTableEmptyAvl
RtlAreBitsSet
RtlLengthSecurityDescriptor
FsRtlIsTotalDeviceFailure
SeRegisterLogonSessionTerminatedRoutine
PsIsThreadTerminating
RtlNtStatusToDosErrorNoTeb
RtlEnumerateGenericTableAvl
FsRtlNormalizeNtstatus
RtlEnumerateGenericTable
ExDeleteResourceLite
ExReInitializeRundownProtection
IoInitializeRemoveLockEx
ExInitializeResourceLite
RtlSubAuthorityCountSid
FsRtlIsNtstatusExpected
RtlEnumerateGenericTableWithoutSplaying
SeTokenType
RtlAreBitsClear
RtlSetOwnerSecurityDescriptor
KeBugCheckEx
__C_specific_handler
_local_unwind

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0250bc4d4a42bac67644432537ff1ba8

Code Sign

6b:9d:ac:67:91:b0:06:b0:4e:37:27:fb:85:11:c9:27Certificate

02:9a:43:0f:d4:83:72:43:eb:d3:09:1d:d6:cd:3e:38:70:eb:19:d2Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 10KB

.pdata Size: 512B - Virtual size: 384B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 380B

6b:9d:ac:67:91:b0:06:b0:4e:37:27:fb:85:11:c9:27
Certificate

02:9a:43:0f:d4:83:72:43:eb:d3:09:1d:d6:cd:3e:38:70:eb:19:d2
Signer

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 10KB

.pdata
Size: 512B - Virtual size: 384B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 380B