SecuriteInfo[.]com[.]Trojan[.]Zadved[.]688[.]23234[.]13466[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Zadved.688.23234.13466.exe
Size

46KB
MD5

e915ab8c9653840bc31a2d6e7bceb39a
SHA1

821c580ccb4cb194defa9b7c3bc49c5010a42da2
SHA256

243fe9523c275f802b533c1006b9577886d1525a9928d482c54b9fd6ecc08ccf
SHA512

eccf1cfd2f345e50bb4d47e8f71bfe0268579b30462a9773113d8894edfad9542caf17ec8fb77fa16c5da8bd4d40d1cbb810217788d0428e1f7eb92d3d786920
SSDEEP

768:p9AEGYGoq5ohx9c8Fr0tjyZVzTUdkHzRiB1FJpflSk62/b4Ei3fW:pWghxGy00/okHY1ikNbFi3fW

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.Zadved.688.23234.13466.exe
.sys windows:6 windows x86 arch:x86

1a0f39f48f0804fd96fb5f8b6aa5891e

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:d3:fc:de:45:32:a6:3b:d2:98:03:9d:05:55:d0:c2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/08/2016, 00:00

Not After

22/08/2017, 23:59

Subject

CN=Chichek Konstrakshn\, TOV,OU=IT,O=Chichek Konstrakshn\, TOV,POSTALCODE=01103,STREET=vul. Kikvidze\, 5,L=Kyyiv,ST=Kyyiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2011, 22:06

Not After

11/04/2021, 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:b1:34:62:6c:d6:99:9a:fe:84:5b:2b:a6:0c:86:ba:01:c2:57:99
Signer

Actual PE Digest

31:b1:34:62:6c:d6:99:9a:fe:84:5b:2b:a6:0c:86:ba:01:c2:57:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlUnwind
KeBugCheckEx
KeTickCount
ExUuidCreate
KeInitializeDpc
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
MmGetSystemRoutineAddress
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObfDereferenceObject
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoReleaseCancelSpinLock
memcpy
PsGetCurrentProcessId
IofCompleteRequest
IoDeleteSymbolicLink
IoDeleteDevice
KeRemoveQueueDpc
MmAllocatePagesForMdl
MmMapLockedPagesSpecifyCache
MmFreePagesFromMdl
IoFreeMdl
MmUnmapLockedPages
KeInsertQueueDpc
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_aullrem
ExFreePoolWithTag
memset
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwOpenKey
ZwClose

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

fwpkclnt.sys

FwpmEngineClose0
FwpsAcquireClassifyHandle0
FwpsPendClassify0
FwpsQueryPacketInjectionState0
FwpsFlowAssociateContext0
FwpmTransactionBegin0
FwpmSubLayerAdd0
FwpmProviderContextDeleteByKey0
FwpmTransactionAbort0
FwpmSubLayerCreateEnumHandle0
FwpmFreeMemory0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsCalloutUnregisterByKey0
FwpsCalloutRegister1
FwpsInjectionHandleCreate0
FwpsAcquireWritableLayerDataPointer0
FwpsApplyModifiedLayerData0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectNetworkSendAsync0
FwpsInjectTransportSendAsync0
FwpsInjectTransportReceiveAsync0
FwpsAllocateNetBufferAndNetBufferList0
FwpmProviderAdd0
FwpmEngineOpen0
FwpmTransactionCommit0
FwpmBfeStateUnsubscribeChanges0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateGet0
FwpsStreamInjectAsync0
FwpsDiscardClonedStreamData0
FwpsReleaseClassifyHandle0
FwpsCompleteClassify0
FwpsCloneStreamData0
FwpsFlowRemoveContext0
FwpsInjectionHandleDestroy0
FwpsCopyStreamDataToBuffer0
FwpsFreeCloneNetBufferList0
FwpsFreeNetBufferList0

ndis.sys

NdisAllocateNetBufferListPool
NdisGetDataBuffer
NdisAllocateGenericObject
NdisWaitEvent
NdisFreeNetBufferListPool
NdisFreeGenericObject
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisInitializeEvent

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a0f39f48f0804fd96fb5f8b6aa5891e

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

39:d3:fc:de:45:32:a6:3b:d2:98:03:9d:05:55:d0:c2Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

61:18:54:86:00:00:00:00:00:24Certificate

Key Usages

31:b1:34:62:6c:d6:99:9a:fe:84:5b:2b:a6:0c:86:ba:01:c2:57:99Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

fwpkclnt.sys

ndis.sys

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 948B

.reloc Size: 2KB - Virtual size: 2KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

39:d3:fc:de:45:32:a6:3b:d2:98:03:9d:05:55:d0:c2
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

61:18:54:86:00:00:00:00:00:24
Certificate

31:b1:34:62:6c:d6:99:9a:fe:84:5b:2b:a6:0c:86:ba:01:c2:57:99
Signer

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 948B

.reloc
Size: 2KB - Virtual size: 2KB