1487b716bf98591475a8d673ac640a8d

Sharing

Copy URL Twitter E-mail

General

Target

1487b716bf98591475a8d673ac640a8d
Size

550KB
MD5

1487b716bf98591475a8d673ac640a8d
SHA1

cfda9fa22f2d6fa8181e10d3e09423bd9722fb53
SHA256

16ac1e770094e36246683d471ea6755b4cbad2c1ac71c96d9f49c2c307186152
SHA512

0c98e64b8501e1c94f98b6bb766e40e2613b9bb2e321ecc8b73c3ba639efd872ffcca5f76fc48c51cda1ed2102147f1b4cb09bf146524567a06ad17e15c5ae71
SSDEEP

12288:2cYUiXijnO5t2Wi5OGImz5mPAVo0RQwFW0zn7ZDZtws+PS:2siXdti4GY6B3FvOhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/X-DAKILL.sys
unpack001/X-DAKillFile.sys
unpack001/qm.DLL
unpack001/Ƥ.dll

Files

1487b716bf98591475a8d673ac640a8d
.zip
X-DAKILL.sys
.sys windows:5 windows x86 arch:x86

bd4f4587ca581be542ec2e0ddccbf83e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeGetCurrentThread
RtlAssert
DbgPrint
ExAllocatePoolWithTag
KeInsertQueueApc
RtlInitUnicodeString
ObfReferenceObject
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
_except_handler3
ObfDereferenceObject
MmIsAddressValid

hal

KfLowerIrql
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 616B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X-DAKillFile.sys
.sys windows:5 windows x86 arch:x86

4e6a1493ddf45baba5868efaf0ce5934

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
RtlAssert
KeGetCurrentThread
KeInitializeEvent
ObfDereferenceObject
RtlInitUnicodeString
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ZwClose
IoDeleteSymbolicLink
IoAllocateIrp
IoCreateFile

hal

KeGetCurrentIrql

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 602B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qm.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AboutMe
FileVerifyTrust

Sections

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 30KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ƥ.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ƥ/Aero.she
Ƥ/MSN.she
Ƥ/QQ2009.she
Ƥ/darkroyale.she
Ƥ/dogmax.she
Ƥ/enjoy.she
Ƥ/gem.she
Ƥ/homestead.she
Ƥ/itunes.she
Ƥ/longhorn.she
Ƥ/office2007.she
Ƥ/ouframe.she
Ƥ/pixos.she
Ƥ/qqgame.she
Ƥ/vista.she
Ƥ/ɫ.she
Ƥ/ľ.she
Ƥ/й.she

Sharing

General

Malware Config

Signatures

Files

bd4f4587ca581be542ec2e0ddccbf83e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 384B - Virtual size: 265B

.data Size: 640B - Virtual size: 552B

INIT Size: 640B - Virtual size: 616B

.reloc Size: 384B - Virtual size: 336B

4e6a1493ddf45baba5868efaf0ce5934

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 256B - Virtual size: 189B

INIT Size: 640B - Virtual size: 602B

.reloc Size: 256B - Virtual size: 162B

Headers

File Characteristics

Exports

Exports

Sections

.text Size: - Virtual size: 64KB

.text Size: 30KB - Virtual size: 44KB

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 228KB

.52PoJie Size: 96KB - Virtual size: 112KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 384B - Virtual size: 265B

.data
Size: 640B - Virtual size: 552B

INIT
Size: 640B - Virtual size: 616B

.reloc
Size: 384B - Virtual size: 336B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 256B - Virtual size: 189B

INIT
Size: 640B - Virtual size: 602B

.reloc
Size: 256B - Virtual size: 162B

.text
Size: - Virtual size: 64KB

.text
Size: 30KB - Virtual size: 44KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB