16456e7f3dea7ee287e301a03abc6264

Sharing

Copy URL Twitter E-mail

General

Target

16456e7f3dea7ee287e301a03abc6264
Size

82KB
MD5

16456e7f3dea7ee287e301a03abc6264
SHA1

bbca644cb1ba3abfe905df8c013016dcb7c44b9c
SHA256

267813d9ad20bca7277258d29dca20a13bc26a62012492d2ab1f30025b7531c0
SHA512

7083c0da8cd9db4d145f0299ecafa76248232280c6409688293779e215cb43400876249fcc76ee1537620914b4a402d34bab6f44e2f7c8597fc67930e815fab6
SSDEEP

1536:d+RzzfGq7S9fZSg/tUYaYUJxQJk2CqBsE4OtpjIpkNeos:wxBmNaYixQmgsE4OtFxex

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DrvFltIp.sys
unpack002/testDrv.exe
unpack003/DrvFltIp.sys
unpack003/Firewall.exe

Files

16456e7f3dea7ee287e301a03abc6264
.rar
575217120/DrvFltIp_source.zip
.zip
DrvFltIp.c
DrvFltIp.dsp
DrvFltIp.dsw
DrvFltIp.h
DrvFltIp.sys
.sys windows:4 windows x86 arch:x86

53c9634d6635fdcefe9c3732b139cbed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoCreateDevice
RtlInitUnicodeString
DbgPrint
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 442B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 192B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makefile
sources
testDrv.exe
.exe windows:4 windows x86 arch:x86

7cc113ea49122a0d5500eb065f8b7b31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42d

ord4408
ord2340
ord2481
ord4215
ord2584
ord3691
ord2473
ord2585
ord2341
ord2432
ord2339
ord3143
ord3144
ord3142
ord2431
ord3367
ord3784
ord3657
ord2021
ord1285
ord4492
ord2986
ord528
ord3826
ord4239
ord1862
ord2052
ord574
ord559
ord4195
ord3629
ord3948
ord4017
ord3831
ord4753
ord3362
ord1364
ord3651
ord4176
ord1781
ord4118
ord5076
ord3618
ord4208
ord2078
ord1310
ord706
ord3944
ord3670
ord728
ord4229
ord5078
ord3002
ord4064
ord1344
ord4191
ord1830
ord1631
ord4205
ord3786
ord3658
ord1952
ord1228
ord2875
ord317
ord3803
ord3524
ord3432
ord1087
ord299
ord1757
ord4676
ord684
ord880
ord1212
ord3355
ord3447
ord492
ord3070
ord4053
ord3960
ord646
ord1906
ord3201
ord5072
ord2324
ord454
ord4475
ord2993
ord413
ord3365
ord1136
ord2068
ord1033
ord3231
ord4415
ord1860
ord1880
ord3702
ord5077
ord3552
ord3366
ord2104
ord1789
ord4227
ord2661
ord2076
ord4130
ord1566
ord3069
ord1857
ord1041
ord1100
ord1190

msvcrtd

__set_app_type
_except_handler3
__p__fmode
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
strcat
_adjust_fdiv
__p__commode
__getmainargs
malloc
__setusermatherr
_initterm
strcpy
strrchr
free
memcpy
sprintf
_chkesp
atoi
strchr
__dllonexit
__CxxFrameHandler
_setmbcp
strlen

kernel32

CloseHandle
GetCurrentDirectoryA
GetLastError
GetFileAttributesA
DeviceIoControl
GetModuleHandleA
CreateFileA
GetStartupInfoA
GetWindowsDirectoryA

user32

GetSystemMetrics

advapi32

CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
StartServiceA
ControlService

mfco42d

ord798

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
testDrv/StdAfx.cpp
testDrv/StdAfx.h
testDrv/TDriver.cpp
testDrv/TDriver.h
testDrv/res/testDrv.ico
testDrv/res/testDrv.rc2
testDrv/resource.h
testDrv/sockUtil.cpp
testDrv/sockutil.h
testDrv/testDrv.cpp
testDrv/testDrv.dsp
testDrv/testDrv.h
testDrv/testDrv.rc
testDrv/testDrvDlg.cpp
testDrv/testDrvDlg.h
575217120/FirewallFHK_src.zip
.zip
DrvFltIp.h
DrvFltIp.sys
.sys windows:4 windows x86 arch:x86

53c9634d6635fdcefe9c3732b139cbed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoCreateDevice
RtlInitUnicodeString
DbgPrint
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 442B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Firewall.exe
.exe windows:4 windows x86 arch:x86

6c25e996c959db9ddff15051655ca99f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5307
ord5289
ord5714
ord2982
ord4698
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord2725
ord4079
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord6374
ord5280
ord2582
ord3346
ord5302
ord5290
ord3370
ord3640
ord4589
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4615
ord4524
ord4963
ord4960
ord4108
ord6054
ord1776
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord567
ord364
ord784
ord693
ord2302
ord5260
ord3996
ord5677
ord3495
ord4720
ord2535
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord674
ord1200
ord554
ord529
ord366
ord6199
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord800
ord2884
ord5651
ord3127
ord3616
ord3663
ord665
ord5442
ord5186
ord3499
ord2515
ord355
ord860
ord540
ord350
ord354
ord1979
ord6385
ord2299
ord2363
ord2289
ord2370
ord6334
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord5300
ord1089
ord2396
ord5199
ord6055
ord3922
ord4402
ord1841
ord4241
ord4529
ord1576
ord1168

msvcrt

__getmainargs
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
__p__fmode
__set_app_type
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
malloc
_initterm
__p__commode
strchr
atoi
_setmbcp
free
sprintf
_itoa
_mbscmp
exit
__CxxFrameHandler

kernel32

GetWindowsDirectoryA
GetLastError
CreateFileA
GetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
DeviceIoControl
CloseHandle
GetFileAttributesA

user32

GetClientRect
SendMessageA
EnableWindow
UpdateWindow

advapi32

CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
StartServiceA
ControlService

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FirewallApp.clw
FirewallApp.cpp
FirewallApp.dsp
FirewallApp.dsw
FirewallApp.h
FirewallApp.rc
FirewallAppDoc.cpp
FirewallAppDoc.h
FirewallAppView.cpp
FirewallAppView.h
MainFrm.cpp
MainFrm.h
RuleDlg.cpp
RuleDlg.h
StdAfx.cpp
StdAfx.h
TDriver.cpp
TDriver.h
res/CVS/Entries
res/CVS/Entries.Extra
res/CVS/Repository
res/CVS/Root
res/FirewallApp.ico
res/FirewallApp.rc2
res/FirewallAppDoc.ico
res/Toolbar.bmp
res/newtoolbar.bmp
resource.h
rules.h
sockUtil.cpp
sockutil.h
575217120/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

53c9634d6635fdcefe9c3732b139cbed

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 32B - Virtual size: 8B

INIT Size: 448B - Virtual size: 442B

.reloc Size: 192B - Virtual size: 174B

7cc113ea49122a0d5500eb065f8b7b31

Headers

File Characteristics

Imports

mfc42d

msvcrtd

kernel32

user32

advapi32

mfco42d

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

53c9634d6635fdcefe9c3732b139cbed

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 32B - Virtual size: 8B

INIT Size: 448B - Virtual size: 442B

.reloc Size: 160B - Virtual size: 160B

6c25e996c959db9ddff15051655ca99f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 32B - Virtual size: 8B

INIT
Size: 448B - Virtual size: 442B

.reloc
Size: 192B - Virtual size: 174B

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 32B - Virtual size: 8B

INIT
Size: 448B - Virtual size: 442B

.reloc
Size: 160B - Virtual size: 160B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 20KB - Virtual size: 16KB