TrojanWin32[.]Duqu[.]Stuxnet[.]zip

General

Target

TrojanWin32.Duqu.Stuxnet.zip
Size

12KB
MD5

03bb47f461c51203d6799919dbb37012
SHA1

35f58153a7ddafe0d7cca6789eb1bb5c3ad9939e
SHA256

152c64365b6224e065e18d9a3421adbf94eb231aa93ac242675c6c45c7929c97
SHA512

dfd3b525a78521e6a07038c38c1a809f61959246ad320dd5da14109c597717823ee736cdf6c7cbc8a1e6456ac0abe96dd1d1b6d9771c757c62b37788b7232fd3
SSDEEP

192:BfPYiQA5CkOVUy/tRdmOEreg84c+NvwqmrZNP+hcnT2C++X0C+wQsyGLxqh1:pPYRAFOL/jdu8/awqy2ITH+bCjQE141

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/win32.exe

Files

TrojanWin32.Duqu.Stuxnet.zip
.zip

Password: infected
win32.exe
.sys windows:6 windows x86 arch:x86

c00e20f56d65068b81a1a5324d461344

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoFreeWorkItem
MmUnmapIoSpace
MmGetPhysicalAddress
ExAllocatePool
IoAllocateWorkItem
MmMapIoSpace
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoInitializeRemoveLockEx
IoCreateDevice
IoQueueWorkItem
RtlInitUnicodeString
ZwClose
ZwOpenFile
ZwQueryInformationFile
KdDebuggerEnabled
InitSafeBootMode
IofCompleteRequest
RtlDeleteElementGenericTable
KeGetCurrentThread
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlUpcaseUnicodeChar
IoRegisterDriverReinitialization
ExFreePoolWithTag
ZwReadFile
IoDeleteSymbolicLink
ZwAllocateVirtualMemory
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
ZwQueryValueKey
ZwOpenKey
_stricmp
MmGetSystemRoutineAddress
PsGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsLookupProcessByProcessId
ObfDereferenceObject
memcpy
_except_handler3
memset

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c00e20f56d65068b81a1a5324d461344

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 640B - Virtual size: 628B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 640B - Virtual size: 628B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 964B