bin[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bin.zip
Size

40KB
MD5

2c64d9f4ac4228dbc310d858abb7c905
SHA1

eba7e193c13a8e240e0cf095fe0853977fecaf28
SHA256

d594cd02d0b1867a9199a006bbe8c3cd9949a638567ccb308950f77da2d37cf5
SHA512

d60faeef299b817834d4a3acd2afc5f3cdd41e4fcf5cda62494fef0de577c3266f829230f4bbc512b1767f2a033e6d7aef26c37cd6eab9536042ad4a71b8c37f
SSDEEP

768:EcPHTFOS+7m3WIU3W72naUnayzL2Bc/c6F+/l/hdwXUu3:nTxpyfF3lE6Edp+Es

Score

1^/10

Malware Config

Signatures

Files

bin.zip
.zip
bin/csgo_radar.cer
bin/csgo_radar.pdb
bin/csgo_radar.sys
.sys windows:10 windows x64 arch:x64

346426035d139cf788e398335aa437c9

Code Sign

7b:c8:34:c8:b7:7b:78:a2:43:73:70:6f:41:39:04:fc
Certificate

Issuer

CN=WDKTestCert lukep\,132943188234754286

Not Before

13/04/2022, 10:20

Not After

13/04/2032, 00:00

Subject

CN=WDKTestCert lukep\,132943188234754286

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21
Signer

Actual PE Digest

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcscmp
vDbgPrintExWithPrefix
KeDelayExecutionThread
KeWaitForSingleObject
MmIsAddressValid
KeStackAttachProcess
KeUnstackDetachProcess
_vsnprintf_s
PsGetProcessWow64Process
PsInitialSystemProcess

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/csgo_radar/csgo_radar.sys
.sys windows:10 windows x64 arch:x64

346426035d139cf788e398335aa437c9

Code Sign

7b:c8:34:c8:b7:7b:78:a2:43:73:70:6f:41:39:04:fc
Certificate

Issuer

CN=WDKTestCert lukep\,132943188234754286

Not Before

13/04/2022, 10:20

Not After

13/04/2032, 00:00

Subject

CN=WDKTestCert lukep\,132943188234754286

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21
Signer

Actual PE Digest

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcscmp
vDbgPrintExWithPrefix
KeDelayExecutionThread
KeWaitForSingleObject
MmIsAddressValid
KeStackAttachProcess
KeUnstackDetachProcess
_vsnprintf_s
PsGetProcessWow64Process
PsInitialSystemProcess

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/intermediates/csgo.obj
bin/intermediates/csgo_radar.log
bin/intermediates/csgo_radar.sys.recipe
bin/intermediates/csgo_radar.tlog/CL.command.1.tlog
bin/intermediates/csgo_radar.tlog/CL.read.1.tlog
bin/intermediates/csgo_radar.tlog/CL.write.1.tlog
bin/intermediates/csgo_radar.tlog/csgo_radar.lastbuildstate
bin/intermediates/csgo_radar.tlog/link.command.1.tlog
bin/intermediates/csgo_radar.tlog/link.read.1.tlog
bin/intermediates/csgo_radar.tlog/link.write.1.tlog
bin/intermediates/csgo_radar.tlog/signtool.command.1.tlog
bin/intermediates/csgo_radar.tlog/signtool.read.1.tlog
bin/intermediates/csgo_radar.tlog/signtool.timestamp.1.tlog
bin/intermediates/csgo_radar.tlog/signtool.write.1.tlog

Sharing

General

Malware Config

Signatures

Files

346426035d139cf788e398335aa437c9

Code Sign

7b:c8:34:c8:b7:7b:78:a2:43:73:70:6f:41:39:04:fcCertificate

Extended Key Usages

Key Usages

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 33B

.pdata Size: 512B - Virtual size: 132B

INIT Size: 512B - Virtual size: 366B

.reloc Size: 512B - Virtual size: 20B

346426035d139cf788e398335aa437c9

Code Sign

7b:c8:34:c8:b7:7b:78:a2:43:73:70:6f:41:39:04:fcCertificate

Extended Key Usages

Key Usages

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 33B

.pdata Size: 512B - Virtual size: 132B

INIT Size: 512B - Virtual size: 366B

.reloc Size: 512B - Virtual size: 20B

7b:c8:34:c8:b7:7b:78:a2:43:73:70:6f:41:39:04:fc
Certificate

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 33B

.pdata
Size: 512B - Virtual size: 132B

INIT
Size: 512B - Virtual size: 366B

.reloc
Size: 512B - Virtual size: 20B

7b:c8:34:c8:b7:7b:78:a2:43:73:70:6f:41:39:04:fc
Certificate

5c:ac:3b:ff:6e:56:97:d5:16:c9:48:f4:eb:b7:00:f6:f8:4c:9f:21
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 33B

.pdata
Size: 512B - Virtual size: 132B

INIT
Size: 512B - Virtual size: 366B

.reloc
Size: 512B - Virtual size: 20B