8f6c1b1f03c373bed3a54db025f3d071986e035628c28ef230e0d171ba0dc3b7[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8f6c1b1f03c373bed3a54db025f3d071986e035628c28ef230e0d171ba0dc3b7.exe
Size

63KB
MD5

6fa6f0ddbfc6eb471bde926f848316e2
SHA1

c0fd44efa83dc714b77251f2870bd182fa7a15b3
SHA256

8f6c1b1f03c373bed3a54db025f3d071986e035628c28ef230e0d171ba0dc3b7
SHA512

e4e3b82cbbf4d8b812abe5427cff3f8b9d7efefb0cced43b111225e0b072a3197fa98996f6625ef863314845b943d2fc68437394e9caef414da07bac3fbb1c39
SSDEEP

768:PzaGkpEhDUQH/QWCBgi1LdKIwuBrRevP3q7ZAoumwvSx9:rarEN4hLxwP3q6ouHW

Score

1^/10

Malware Config

Signatures

Files

8f6c1b1f03c373bed3a54db025f3d071986e035628c28ef230e0d171ba0dc3b7.exe
.sys windows:10 windows x64 arch:x64

f4c2838d100bb9696fa3394dcec46784

Code Sign

6f:9a:31:7c:fc:fc:08:8b:4f:6e:19:8a:73:a1:19:ce
Certificate

Issuer

CN=WDKTestCert Admin\,131480495282941941

Not Before

24-08-2017 11:58

Not After

24-08-2027 00:00

Subject

CN=WDKTestCert Admin\,131480495282941941

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

d0:a5:ef:c8:a4:61:22:d6:ec:c7:63:97:f8:4a:bb:fd:0d:16:ac:6e
Signer

Actual PE Digest

d0:a5:ef:c8:a4:61:22:d6:ec:c7:63:97:f8:4a:bb:fd:0d:16:ac:6e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
PsLookupProcessByProcessId
RtlCopyUnicodeString
IoCreateDevice
IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
DbgPrint

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4c2838d100bb9696fa3394dcec46784

Code Sign

6f:9a:31:7c:fc:fc:08:8b:4f:6e:19:8a:73:a1:19:ceCertificate

Extended Key Usages

Key Usages

d0:a5:ef:c8:a4:61:22:d6:ec:c7:63:97:f8:4a:bb:fd:0d:16:ac:6eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 192B

.gfids Size: 512B - Virtual size: 4B

INIT Size: 1024B - Virtual size: 626B

.reloc Size: 512B - Virtual size: 44B

6f:9a:31:7c:fc:fc:08:8b:4f:6e:19:8a:73:a1:19:ce
Certificate

d0:a5:ef:c8:a4:61:22:d6:ec:c7:63:97:f8:4a:bb:fd:0d:16:ac:6e
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 192B

.gfids
Size: 512B - Virtual size: 4B

INIT
Size: 1024B - Virtual size: 626B

.reloc
Size: 512B - Virtual size: 44B