BstkDrv[.]sys[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

BstkDrv.sys.zip
Size

384KB
MD5

cd5aafc31ae73575e8ae91c88fbc07c4
SHA1

54c27c10ddb9c6673b1385d9fbad5fe93ecd640f
SHA256

5dbada964863a724ab1ba938116328191981a460246bf3b2012592e527a7ad52
SHA512

7859bf878ac8084536e8ac295ea838d1c09284c32fbd365d257783dd095cba0363f002c18c4edd7c9775471368f2ca8d33ed9a149b31391bdee2b75131889671
SSDEEP

6144:UXgCqscnnr9ihoeGaEbmQChyVXrrRzNGXMHgEi4WT/y:qLuBihoe+FZrrJkjE+/y

Score

1^/10

Malware Config

Signatures

Files

BstkDrv.sys.zip
.sys windows:6 windows x64 arch:x64

0f5a15258856633bee3bffa8ad74835a

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

05/04/2025, 23:59

Subject

SERIALNUMBER=4559077,CN=Now.gg\, INC,O=Now.gg\, INC,L=Campbell,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2c
Signer

Actual PE Digest

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2c

Digest Algorithm

sha256

PE Digest Matches

true

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2c
Signer

Actual PE Digest

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\virtualbox\out\win.amd64\release\obj\VBoxDrv\BstkDrv_nxt.pdb

Imports

ntoskrnl.exe

strchr
strcmp
RtlInitUnicodeString
RtlQueryRegistryValues
MmGetSystemRoutineAddress
KeInitializeEvent
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExCreateCallback
ExRegisterCallback
ExUnregisterCallback
SeCaptureSubjectContext
SeReleaseSubjectContext
PsGetVersion
IoBuildDeviceIoControlRequest
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoGetRelatedDeviceObject
IoIs32bitProcess
ObReferenceObjectByHandle
ObfDereferenceObject
MmGetPhysicalAddress
MmIsAddressValid
MmIsNonPagedSystemAddressValid
RtlConvertSidToUnicodeString
SeQueryInformationToken
RtlFreeUnicodeString
ZwSetSystemInformation
__C_specific_handler
IoFileObjectType
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
KeQueryTimeIncrement
DbgPrint
ZwQuerySystemInformation
MmSystemRangeStart
ProbeForRead
ProbeForWrite
MmHighestUserAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeSetEvent
KeResetEvent
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAcquireFastMutex
ExReleaseFastMutex
__chkstk
KeNumberProcessors
KeSetPriorityThread
PsCreateSystemThread
ZwClose
KeDelayExecutionThread
ZwYieldExecution
ExAllocatePool
ExFreePool
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmProtectMdlSystemAddress
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
MmAllocateContiguousMemory
MmFreeContiguousMemory
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU16
ASMAtomicXchgU8
ASMCpuIdExSlow
ASMGetCS
ASMGetDS
ASMGetES
ASMGetFS
ASMGetFlags
ASMGetGS
ASMGetSS
ASMMultU64ByU32DivByU32
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTAvllU32Destroy
RTAvllU32DoWithAll
RTAvllU32Get
RTAvllU32GetBestFit
RTAvllU32Insert
RTAvllU32Remove
RTAvllU32RemoveBestFit
RTAvllU32RemoveNode
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromErrno
RTErrConvertFromNtStatus
RTErrConvertToErrno
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTHandleTableAllocWithCtx
RTHandleTableCreate
RTHandleTableCreateEx
RTHandleTableDestroy
RTHandleTableFreeWithCtx
RTHandleTableLookupWithCtx
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemDupExTag
RTMemDupTag
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemReallocZTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetArraySize
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTNetIPv4AddDataChecksum
RTNetIPv4AddTCPChecksum
RTNetIPv4AddUDPChecksum
RTNetIPv4FinalizeChecksum
RTNetIPv4HdrChecksum
RTNetIPv4IsDHCPValid
RTNetIPv4IsHdrValid
RTNetIPv4IsTCPSizeValid
RTNetIPv4IsTCPValid
RTNetIPv4IsUDPSizeValid
RTNetIPv4IsUDPValid
RTNetIPv4PseudoChecksum
RTNetIPv4PseudoChecksumBits
RTNetIPv4TCPChecksum
RTNetIPv4UDPChecksum
RTNetIPv6PseudoChecksum
RTNetIPv6PseudoChecksumBits
RTNetIPv6PseudoChecksumEx
RTNetTCPChecksum
RTNetUDPChecksum
RTOnceReset
RTOnceSlow
RTPowerNotificationDeregister
RTPowerNotificationRegister
RTPowerSignalEvent
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemAreKrnlAndUsrDifferent
RTR0MemKernelCopyFrom
RTR0MemKernelCopyTo
RTR0MemKernelIsValidAddr
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemUserCopyFrom
RTR0MemUserCopyTo
RTR0MemUserIsValidAddr
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventGetResolution
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiGetResolution
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemEventWaitNoResume
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrHash1
RTStrHash1ExN
RTStrHash1ExNV
RTStrHash1N
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTTermDeregisterCallback
RTTermRegisterCallback
RTTermRunCallbacks
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadCtxHookCreate
RTThreadCtxHookDestroy
RTThreadCtxHookDisable
RTThreadCtxHookEnable
RTThreadCtxHookIsEnabled
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreate
RTTimerCreateEx
RTTimerDestroy
RTTimerGetSystemGranularity
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
RTUuidClear
RTUuidCompare
RTUuidCompare2Strs
RTUuidCompareStr
RTUuidFromStr
RTUuidFromUtf16
RTUuidIsNull
RTUuidToStr
RTUuidToUtf16
SUPGetCpuHzFromGipForAsyncMode
SUPGetGIP
SUPGetGipCpuPtrForAsyncMode
SUPGetTscDeltaSlow
SUPIsTscFreqCompatible
SUPIsTscFreqCompatibleEx
SUPR0BadContext
SUPR0ChangeCR4
SUPR0ComponentDeregisterFactory
SUPR0ComponentQueryFactory

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f5a15258856633bee3bffa8ad74835a

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ffCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2cSigner

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 22KB - Virtual size: 132KB

.pdata Size: 14KB - Virtual size: 14KB

.edata Size: 17KB - Virtual size: 16KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 3KB - Virtual size: 3KB

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2c
Signer

2d:44:67:e8:74:e7:d4:a5:21:e3:e6:fb:1d:57:79:19:5a:65:e7:e6:9e:f8:00:72:08:eb:25:b3:d8:e7:74:2c
Signer

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 22KB - Virtual size: 132KB

.pdata
Size: 14KB - Virtual size: 14KB

.edata
Size: 17KB - Virtual size: 16KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 3KB - Virtual size: 3KB