09a005b91f537fe42d3dae1776b74adf

Sharing

Copy URL Twitter E-mail

General

Target

09a005b91f537fe42d3dae1776b74adf
Size

71KB
MD5

09a005b91f537fe42d3dae1776b74adf
SHA1

27a2f346db51480208b2913a3af897f94efc9808
SHA256

58d06373b1ee5785e0e8fb5b9745d83772a91e47c0b63dff0591b81d7f0685bc
SHA512

f0e80a0e85ce272fc1d673bbc61ba46b6ff901f0acf4ac3079ecafbe8de88332b617798393c41726344b20c9adc1873e6bc24c8eb4533f9ad03896e6fdc0ec42
SSDEEP

1536:GBimGpowE9ltfAmA8V+mh5+m0Rh1aEvl0+NSN:GBpoWlRAeV+e+HRSEY

Score

1^/10

Malware Config

Signatures

Files

09a005b91f537fe42d3dae1776b74adf
.sys windows:6 windows x64 arch:x64

ea05bcc4c857dfc7df835082e93ebc6a

Code Sign

1e:c0:15:42:32:05:f3:a8:4f:bc:b4:cd:2a:6f:69:48
Certificate

Issuer

CN=Exeguceiyhahe

Not Before

27/08/2016, 00:04

Not After

31/12/2039, 23:59

Subject

CN=Exeguceiyhahe

ab:14:99:42:fa:a8:57:ad:47:c1:32:ba:41:98:6b:f9:d5:bf:db:d3
Signer

Actual PE Digest

ab:14:99:42:fa:a8:57:ad:47:c1:32:ba:41:98:6b:f9:d5:bf:db:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAcquireRemoveLockEx
IoWMIRegistrationControl
IoReuseIrp
ExFreePoolWithTag
RtlFindMostSignificantBit
PfxInitialize
InitializeSListHead
IoSetHardErrorOrVerifyDevice
RtlCheckRegistryKey
PsGetProcessCreateTimeQuadPart
DbgBreakPointWithStatus
IoRemoveShareAccess
IoCheckEaBufferValidity
IoReleaseRemoveLockEx
MmProtectMdlSystemAddress
RtlEqualUnicodeString
RtlTimeFieldsToTime
RtlSetGroupSecurityDescriptor
MmAddVerifierThunks
RtlGetGroupSecurityDescriptor
IoCheckDesiredAccess
MmUserProbeAddress
IoForwardIrpSynchronously
RtlIsGenericTableEmptyAvl
IoCsqInitialize
IoGetDeviceToVerify
IoCheckQuerySetVolumeInformation
IoCheckQuotaBufferValidity
CcGetFileObjectFromSectionPtrs
KeBugCheckEx
ExQueryPoolBlockSize
RtlNtStatusToDosErrorNoTeb
RtlEqualString
NtGlobalFlag
KeNumberProcessors
IoSetShareAccess
KeQueryPriorityThread
RtlDeleteRegistryValue
RtlCreateRegistryKey
RtlFindLeastSignificantBit
DbgPrint
__chkstk
__C_specific_handler

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea05bcc4c857dfc7df835082e93ebc6a

Code Sign

1e:c0:15:42:32:05:f3:a8:4f:bc:b4:cd:2a:6f:69:48Certificate

ab:14:99:42:fa:a8:57:ad:47:c1:32:ba:41:98:6b:f9:d5:bf:db:d3Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 1024B - Virtual size: 1020B

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 504B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 482B

1e:c0:15:42:32:05:f3:a8:4f:bc:b4:cd:2a:6f:69:48
Certificate

ab:14:99:42:fa:a8:57:ad:47:c1:32:ba:41:98:6b:f9:d5:bf:db:d3
Signer

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 1024B - Virtual size: 1020B

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 504B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 482B