daxin | e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e

Resubmissions

28/08/2024, 22:36

240828-2jc63ssajn 10

10/04/2024, 14:43

240410-r3rhpsef5x 10

Sharing

Copy URL Twitter E-mail

General

Target

e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e
Size

70KB
MD5

4b058945c9f2b8d8ebc485add1101ba5
SHA1

37e6450c7cd6999d080da94b867ba23faa8c32fe
SHA256

e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e
SHA512

5da51df4cc0e10dc0d7800c067daa64a3d2e1c230e008b0be04532dad0a0e4f3a73a4df3fefa92dd612985b4b9d7de9f9f72b245169b307d01864fe17ab5ffb1
SSDEEP

1536:ARM1VWgS1lYpKCNTzc8jt4riPJdBnH2dXDGZ8W8tGVxJ:AhgUup7NQiP9H2dz08dsVxJ

Score

10^/10

daxin

Malware Config

Signatures

Daxin family
daxin

Daxin payload 1 IoCs

resource	yara_rule
sample	family_daxin

Files

e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e
.sys windows:6 windows x64 arch:x64

6150c5c5e078c5bf23006689a41058cd

Code Sign

38:7c:94:76:e2:83:20:26:45:94:84:63:17:d4:65:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/06/2011, 00:00

Not After

27/06/2014, 23:59

Subject

CN=Anhua Xinda (Beijing) Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Anhua Xinda (Beijing) Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:65:c6:f9:f4:11:89:2d:13:ff:e8:ba:1c:b5:e9:c4:be:2c:0a:25
Signer

Actual PE Digest

cb:65:c6:f9:f4:11:89:2d:13:ff:e8:ba:1c:b5:e9:c4:be:2c:0a:25

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcsncmp
IoAllocateMdl
_stricmp
sprintf
RtlLengthRequiredSid
_strnicmp
ExAllocatePoolWithTag
vsprintf
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlAnsiStringToUnicodeString
NtWriteFile
RtlCreateAcl
PsLookupProcessByProcessId
NtQuerySystemInformation
_wcsnicmp
ZwReadFile
RtlSetDaclSecurityDescriptor
KeInitializeApc
IoDeleteDevice
NtFsControlFile
KeInsertQueueApc
MmGetSystemRoutineAddress
IoCreateFile
atoi
_snprintf
ZwQuerySystemInformation
KeReleaseSpinLock
RtlAddAccessAllowedAce
RtlImageDirectoryEntryToData
KeDetachProcess
ZwOpenFile
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
PsTerminateSystemThread
ZwFreeVirtualMemory
KeQueryTimeIncrement
ObReferenceObjectByHandle
KeWaitForSingleObject
KeAttachProcess
PsGetVersion
PsThreadType
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
ZwTerminateProcess
ZwQueryInformationFile
KeWaitForMultipleObjects
ZwWriteFile
NtReadFile
PsLookupThreadByThreadId
RtlLengthSid
RtlCreateSecurityDescriptor
ZwAllocateVirtualMemory
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
RtlUnicodeStringToInteger
MmIsAddressValid
ZwDeviceIoControlFile
IofCompleteRequest
ZwClose
MmMapLockedPagesSpecifyCache
KeDelayExecutionThread
MmUserProbeAddress
MmBuildMdlForNonPagedPool
memchr
ZwWaitForSingleObject
RtlInitUnicodeString

ndis.sys

NdisAllocateMemoryWithTag
NdisAllocateNetBufferAndNetBufferList
NdisMSendNetBufferListsComplete
NdisReturnNetBufferLists
NdisAllocateNetBufferListPool
NdisFreeMemory
NdisMIndicateStatus
NdisFreeMdl
NdisFreeNetBufferListPool
NdisFreeNetBufferList
NdisSendNetBufferLists

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

6150c5c5e078c5bf23006689a41058cd

Code Sign

38:7c:94:76:e2:83:20:26:45:94:84:63:17:d4:65:40Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cb:65:c6:f9:f4:11:89:2d:13:ff:e8:ba:1c:b5:e9:c4:be:2c:0a:25Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 73KB

.pdata Size: 2KB - Virtual size: 2KB

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 944B

38:7c:94:76:e2:83:20:26:45:94:84:63:17:d4:65:40
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cb:65:c6:f9:f4:11:89:2d:13:ff:e8:ba:1c:b5:e9:c4:be:2c:0a:25
Signer

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 73KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 944B