a9cffcd54749ee8c9d110c77ea061b04

Sharing

Copy URL Twitter E-mail

General

Target

a9cffcd54749ee8c9d110c77ea061b04
Size

1.1MB
MD5

a9cffcd54749ee8c9d110c77ea061b04
SHA1

1b29496dd1f5d7b635b6d83519e47b0c7375f7c8
SHA256

e4f8cdafaccd946eea27854a596be862f19a68e8b35eb4c1383bc2f527a1b609
SHA512

9ea8f222e12f7b233922c78c463c76421b1d204dbeaa69680641cd97efbeebc20c6f094512c1610e2e97882b1cd40d593c6dcc45f3bbb2462ca7bde2a0b77ec0
SSDEEP

24576:SG/5HOoTXYhytDV4Olyb9I2sJeHESsgd20wPuZ60:x5HTXYktR4bW2MmJsgU0wP2H

Score

1^/10

Malware Config

Signatures

Files

a9cffcd54749ee8c9d110c77ea061b04
.sys .ps1 windows:6 windows x64 arch:x64 polyglot

9b32ea9e14649a04d59c1fbc377ff499

Code Sign

64:fe:29:dc:cf:38:e0:30:dc:ff:e3:4d:05:68:96:61
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:08:9c:51:ab:0d:f2:6e:85:4e:b0:dd:a7
Certificate

Issuer

CN=JemmyLoveJenny SHA2 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:da:dd:07:40:57:22:70:20:3f:81:38:69:2c:4a:83
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/01/2015, 07:31

Not After

19/01/2016, 07:31

Subject

CN=Open Source Developer\, William Zoltan,O=William Zoltan,C=AU,1.2.840.113549.1.9.1=#0c1777696c6c7a6f6c74616e31313140676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5:08:9c:51:ab
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA2 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:0b:d7:8e:b6:20:06:49:f2:83:2b:fe:a9:b2:39:03:da:a3:a4:52
Signer

Actual PE Digest

2f:0b:d7:8e:b6:20:06:49:f2:83:2b:fe:a9:b2:39:03:da:a3:a4:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoInvalidateDeviceRelations
IoGetCurrentProcess
IofCompleteRequest
RtlCopyUnicodeString
IofCallDriver
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoDeleteDevice
KeInitializeEvent
IoRequestDeviceEject
IoDetachDevice
KeEnterCriticalRegion
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
ObfReferenceObject
IoCreateDevice
PoSetPowerState
PoStartNextPowerIrp
PoCallDriver
KeSetEvent
_vsnwprintf
IoGetAttachedDeviceReference
ObfDereferenceObject
RtlInitUnicodeString
ZwSetValueKey
RtlTimeFieldsToTime
ExSystemTimeToLocalTime
ZwQueryValueKey
_vsnprintf
ZwClose
RtlTimeToTimeFields
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
MmUnmapIoSpace
ZwCreateFile
MmMapIoSpace
KeQueryTimeIncrement
ZwQueryVolumeInformationFile
KeBugCheckEx
ExFreePoolWithTag
strncmp
KeClearEvent
IoBuildSynchronousFsdRequest
ExAllocatePoolWithTag

wmilib.sys

WmiSystemControl

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b32ea9e14649a04d59c1fbc377ff499

Code Sign

64:fe:29:dc:cf:38:e0:30:dc:ff:e3:4d:05:68:96:61Certificate

Key Usages

1e:b1:32:d5:08:9c:51:ab:0d:f2:6e:85:4e:b0:dd:a7Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5Certificate

Key Usages

2f:da:dd:07:40:57:22:70:20:3f:81:38:69:2c:4a:83Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:08:9c:51:abCertificate

Extended Key Usages

Key Usages

2f:0b:d7:8e:b6:20:06:49:f2:83:2b:fe:a9:b2:39:03:da:a3:a4:52Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

wmilib.sys

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 9KB

.pdata Size: 1024B - Virtual size: 768B

PAGE Size: 25KB - Virtual size: 24KB

INIT Size: 2KB - Virtual size: 1KB

.data0 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 512B - Virtual size: 132B

.rsrc Size: 1024B - Virtual size: 784B

64:fe:29:dc:cf:38:e0:30:dc:ff:e3:4d:05:68:96:61
Certificate

1e:b1:32:d5:08:9c:51:ab:0d:f2:6e:85:4e:b0:dd:a7
Certificate

1e:b1:32:d5
Certificate

2f:da:dd:07:40:57:22:70:20:3f:81:38:69:2c:4a:83
Certificate

1e:b1:32:d5:08:9c:51:ab
Certificate

2f:0b:d7:8e:b6:20:06:49:f2:83:2b:fe:a9:b2:39:03:da:a3:a4:52
Signer

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 9KB

.pdata
Size: 1024B - Virtual size: 768B

PAGE
Size: 25KB - Virtual size: 24KB

INIT
Size: 2KB - Virtual size: 1KB

.data0
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 512B - Virtual size: 132B

.rsrc
Size: 1024B - Virtual size: 784B