9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5

Sharing

Copy URL Twitter E-mail

General

Target

9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5
Size

31KB
MD5

5fea22f442e7fd34a54008e363446d13
SHA1

67d17ca90880b448d5c3b40f69cec04d3649f170
SHA256

9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5
SHA512

24edccf70eb10f33e76a7be108b0c927a0e0b708a8703b0f89ef8cb0e8211b32b1e70632c55fa77b4b4bf5dfb29138965a23833488bbe18dd53e9cda9ed66b4e
SSDEEP

384:oQQFlifjYsLztg272Kw0HWL3XLI02kUW6TXr0I2juriMh3ay50ZSxR9zusrhwC:H8i7YsHW2aKwCWDlurd3h50Zi9zuQ

Score

1^/10

Malware Config

Signatures

Files

9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5
.dll windows:5 windows x64 arch:x64

1fb8e85267a70537d661f9df2fc215ac

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30
Signer

Actual PE Digest

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\slave\workspace\rentdrv-64\bin\pdb\renter\rentdrv_x64.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
ZwCreateFile
ExAllocatePool
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
ZwWriteFile
DbgPrint
InitializeSListHead
ExpInterlockedPushEntrySList
KeInitializeDpc
KeReleaseSpinLock
ExpInterlockedPopEntrySList
ZwWaitForSingleObject
KeFlushQueuedDpcs
PsCreateSystemThread
ExSystemTimeToLocalTime
_vsnprintf
KeInsertQueueDpc
RtlTimeToTimeFields
PsThreadType
PsGetCurrentThreadId
KeAcquireSpinLockRaiseToDpc
PsProcessType
PsLookupProcessByProcessId
_wcsnicmp
ExFreePoolWithTag
ZwOpenProcess
ZwQueryInformationProcess
RtlCopyUnicodeString
MmIsAddressValid
ZwTerminateProcess
ObOpenObjectByPointer
PsGetProcessId
RtlAppendUnicodeToString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeDelayExecutionThread
ZwQuerySystemInformation
KeBugCheckEx
KeClearEvent
IoDeleteSymbolicLink
KeResetEvent
IoCreateNotificationEvent
KeSetPriorityThread
IoDeleteDevice
KeSetTimerEx
PsTerminateSystemThread
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeInitializeTimerEx
KeCancelTimer
PsGetProcessInheritedFromUniqueProcessId
ExAllocatePoolWithTag
__C_specific_handler

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1fb8e85267a70537d661f9df2fc215ac

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: - Virtual size: 8KB

.pdata Size: 1024B - Virtual size: 1020B

INIT Size: 2KB - Virtual size: 1KB

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 1020B

INIT
Size: 2KB - Virtual size: 1KB