General
-
Target
81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1
-
Size
58KB
-
MD5
fb7c61ef427f9b2fdff3574ee6b1819b
-
SHA1
1f25f54e9b289f76604e81e98483309612c5a471
-
SHA256
81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1
-
SHA512
61e3f0b7bd62390f33333cbd94ae6f31c9cf7f124cec703411945f6f6edd285f35d0dc8a9cf8103f089a500fbb8d71b41d8a4e26f09c088dcf884b0263b68ba4
-
SSDEEP
768:LEt/o78vtl0gfkunuajwu8PJ8daK51hD16AvzSOjV7v23PvmOhq08nY+z:LaDHfkyjWBghD1zvOsVTWXBZ8Y+z
Malware Config
Signatures
-
Daxin family
-
Daxin payload 1 IoCs
resource yara_rule sample family_daxin -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1
Files
-
81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1.sys windows:4 windows x86 arch:x86
1a065ac561b041052599294843406fae
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
KeResetEvent
InterlockedIncrement
KeSetEvent
InterlockedDecrement
RtlUnicodeStringToInteger
RtlInitUnicodeString
KeInitializeEvent
wcsncmp
wcscat
wcslen
wcscpy
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
KeDetachProcess
KeAttachProcess
PsLookupThreadByThreadId
ZwAllocateVirtualMemory
RtlCompareUnicodeString
PsLookupProcessByProcessId
ZwFreeVirtualMemory
_wcsnicmp
ZwQuerySystemInformation
ZwQueryInformationProcess
RtlImageDirectoryEntryToData
_stricmp
NtQuerySystemInformation
ZwOpenFile
MmGetSystemRoutineAddress
ZwQueryValueKey
ZwOpenKey
ZwTerminateProcess
ZwOpenProcess
IoCreateFile
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlCreateSecurityDescriptor
NtWriteFile
NtReadFile
KeWaitForMultipleObjects
NtFsControlFile
ZwWaitForSingleObject
RtlLengthRequiredSid
IoCreateSymbolicLink
DbgPrint
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
sprintf
ZwCreateFile
RtlAnsiStringToUnicodeString
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
vsprintf
ZwDeviceIoControlFile
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeWaitForSingleObject
ObfDereferenceObject
KeDelayExecutionThread
PsTerminateSystemThread
PsCreateSystemThread
PsThreadType
ObReferenceObjectByHandle
ZwClose
KeQueryTimeIncrement
KeTickCount
KeInitializeSpinLock
ExAllocatePoolWithTag
PsGetVersion
ExFreePool
hal
KfReleaseSpinLock
KfAcquireSpinLock
ndis.sys
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisRegisterProtocol
NdisDeregisterProtocol
NdisUnchainBufferAtFront
NdisAllocatePacket
NdisAllocateMemory
NdisFreePacket
NdisAllocateBuffer
NdisFreeMemory
NdisFreeBufferPool
NdisCopyFromPacketToPacket
NdisFreePacketPool
Sections
.text Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 376B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 860KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 944B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ