28b7ccd578ce5f31617a0b6d5c761113

Sharing

Copy URL Twitter E-mail

General

Target

28b7ccd578ce5f31617a0b6d5c761113
Size

44KB
MD5

28b7ccd578ce5f31617a0b6d5c761113
SHA1

9fb68a480a960a342025ffc682b81e5b7203afca
SHA256

b52d761da9a6e468e0ec70022603ead835e0dd3d0b97f3ef3de81fd8634229c8
SHA512

5c7629ee37b4fbf173752b40e805b51b1a1c86dbd6beb7b6eb0ae0d1bd6837d95889644d629e78d785c03dc60dcb4be2bdac6bbe951ccb97a7a20e6c4710c14a
SSDEEP

768:EkKEOwlX5Qs3YRnbyRR6ulkhaLPNgnU/ZxP3njseinIIuPSc1uBjH:EkmwlXmSYRnbyoahiU/ZKUSc18

Score

1^/10

Malware Config

Signatures

Files

28b7ccd578ce5f31617a0b6d5c761113
.dll windows:10 windows x64 arch:x64

30a8dcaa8e138029e6cc1f19d202d891

Code Sign

3f:fc:eb:a8:3f:e0:0f:ef:97:f6:3c:d9:2e:77:eb:b9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/08/2011, 00:00

Not After

04/08/2012, 23:59

Subject

CN=HT Srl,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HT Srl,L=Milan,ST=Italy,C=IT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

Issuer

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:6c:e6:a4:e3:0a:8a:1e:cc:9f:a2:e1:ca:68:66:e7:d9:54:33:e1
Signer

Actual PE Digest

7b:6c:e6:a4:e3:0a:8a:1e:cc:9f:a2:e1:ca:68:66:e7:d9:54:33:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExAllocateTimer
ExCancelTimer
ObfDereferenceObject
PsCreateSystemThread
KeInitializeSpinLock
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
KeReleaseSpinLock
RtlUTF8ToUnicodeN
KeSetEvent
ObReferenceObjectByHandle
ExDeleteTimer
KeAcquireSpinLockAtDpcLevel
RtlFindMessage
ExAllocatePoolWithTag
KeReleaseSpinLockFromDpcLevel
IofCallDriver
ExFreePoolWithTag
KeInitializeEvent
KeWaitForSingleObject
IoGetDeviceInterfaces
ZwClose
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
KeAcquireSpinLockRaiseToDpc
ExSetTimer
_vsnwprintf
IoWMIRegistrationControl
MmGetSystemRoutineAddress
ExFreePool
RtlInitUnicodeString

cng.sys

SystemPrng

wpprecorder.sys

WppAutoLogStop
imp_WppRecorderReplay
WppAutoLogStart
WppAutoLogTrace

Exports

Exports

BtaMpmBuildIndirectStringFromMessageWithSingleUTF8Arg
BtaMpmConnectionRequest
BtaMpmGetRemoteDeviceProfileVersionAndAttribute
BtaMpmGetStatus
BtaMpmRegister
BtaMpmRegisterPnp
BtaMpmSuspendRequest
BtaMpmUnregister
BtaMpmUnregisterPnp
BtaMpmUpdateConnectionStatus
BtaMpmUpdatePlayStatus
BtaMpmUpdateSuspendStatus
DllInitialize
DllUnload

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30a8dcaa8e138029e6cc1f19d202d891

Code Sign

3f:fc:eb:a8:3f:e0:0f:ef:97:f6:3c:d9:2e:77:eb:b9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5Certificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96Certificate

Extended Key Usages

Key Usages

7b:6c:e6:a4:e3:0a:8a:1e:cc:9f:a2:e1:ca:68:66:e7:d9:54:33:e1Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

cng.sys

wpprecorder.sys

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 180B

.pdata Size: 1024B - Virtual size: 768B

.idata Size: 2KB - Virtual size: 1KB

PAGE Size: 7KB - Virtual size: 7KB

.edata Size: 1024B - Virtual size: 526B

INIT Size: 512B - Virtual size: 113B

GFIDS Size: 512B - Virtual size: 112B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 676B

3f:fc:eb:a8:3f:e0:0f:ef:97:f6:3c:d9:2e:77:eb:b9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

1e:b1:32:d5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1e:b1:32:d5:7e:79:68:96
Certificate

7b:6c:e6:a4:e3:0a:8a:1e:cc:9f:a2:e1:ca:68:66:e7:d9:54:33:e1
Signer

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 180B

.pdata
Size: 1024B - Virtual size: 768B

.idata
Size: 2KB - Virtual size: 1KB

PAGE
Size: 7KB - Virtual size: 7KB

.edata
Size: 1024B - Virtual size: 526B

INIT
Size: 512B - Virtual size: 113B

GFIDS
Size: 512B - Virtual size: 112B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 676B