Driver_Wifi[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Driver_Wifi.rar
Size

57KB
MD5

63e01cce67a563efdf34eb8646d0b372
SHA1

58d6a4858763d5df986ff24c1514e319b6c1d4f4
SHA256

a8dc35114a6c7e7affd0023277f9bcbdd03239db192625368d33314dfe3cb669
SHA512

64970276c7e70fa306e1969338c72f6a82a5eb0a63f64721d0b54d2b49db1e9167c768e4ec13710480a3e415d608cbde469b8c68bc05663fb283a1ef69b8f3ee
SSDEEP

1536:BpJKydMqZf+YnK5P/6a7lB4yvrqNc91wdabf+sYbbav7B:/JKyVZf+YK5PDB6RoVP0ajB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Client.exe

Files

Driver_Wifi.rar
.rar
Client.exe
.exe windows:6 windows x64 arch:x64

7b19c1d9b5739b493a560271c1074cf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\L1nk\Desktop\Shared Memory\x64\Release\Client.pdb

Imports

kernel32

VirtualAlloc
CreateFileW
GetCurrentThreadId
GetModuleHandleA
CloseHandle
GetProcAddress
DeviceIoControl
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
InitializeSListHead
GetSystemTimeAsFileTime
VirtualFree
GetCurrentProcessId
GetConsoleMode
SetConsoleMode
GetTempPathW
GetStdHandle
AcquireSRWLockExclusive
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
ReleaseSRWLockExclusive

user32

GetAsyncKeyState

advapi32

RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW

msvcp140

?good@ios_base@std@@QEBA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_counter
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

ntdll

RtlInitUnicodeString
NtQuerySystemInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
memmove
memset
__current_exception_context
__current_exception
__std_terminate
__std_exception_destroy
__std_exception_copy
wcsstr
__C_specific_handler
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
ungetc
fgetc
__stdio_common_vfprintf
__acrt_iob_func
__p__commode
_set_fmode
getchar
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
fputc
fwrite
fgetpos
setvbuf

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_register_onexit_function
_cexit
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
system
_invalid_parameter_noinfo_noreturn
__p___argc
_crt_atexit

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wremove

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver.sys
.sys windows:10 windows x64 arch:x64

cbbd2e63bfb2626f12323edd83e397b8

Code Sign

7f:f8:13:ea:91:7c:63:8b:49:21:c3:ea:a6:88:d4:52
Certificate

Issuer

CN=WDKTestCert L1nk\,133621889713043794

Not Before

06/06/2024, 23:09

Not After

06/06/2034, 00:00

Subject

CN=WDKTestCert L1nk\,133621889713043794

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

a7:4d:06:37:ee:26:5d:67:f5:52:86:7a:5f:70:1d:1a:70:46:c8:d5:52:d5:c7:44:bf:18:e3:f8:b7:4c:6b:5e
Signer

Actual PE Digest

a7:4d:06:37:ee:26:5d:67:f5:52:86:7a:5f:70:1d:1a:70:46:c8:d5:52:d5:c7:44:bf:18:e3:f8:b7:4c:6b:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\L1nk\Desktop\Shared Memory\x64\Release\Kernel.pdb

Imports

ntoskrnl.exe

KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
MmCopyVirtualMemory
PsGetProcessSectionBaseAddress
MmGetPhysicalAddress
vDbgPrintExWithPrefix
ExAllocatePool
ExFreePoolWithTag
ZwQuerySystemInformation
ObfDereferenceObject
RtlCopyUnicodeString
DbgPrintEx
PsTerminateSystemThread
MmUnmapIoSpace
MmMapIoSpace
strstr
PsCreateSystemThread

wdfldr.sys

WdfVersionUnbind
WdfLdrQueryInterface
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b19c1d9b5739b493a560271c1074cf2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 188B

cbbd2e63bfb2626f12323edd83e397b8

Code Sign

7f:f8:13:ea:91:7c:63:8b:49:21:c3:ea:a6:88:d4:52Certificate

Extended Key Usages

Key Usages

a7:4d:06:37:ee:26:5d:67:f5:52:86:7a:5f:70:1d:1a:70:46:c8:d5:52:d5:c7:44:bf:18:e3:f8:b7:4c:6b:5eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 760B

.pdata Size: 512B - Virtual size: 228B

INIT Size: 1024B - Virtual size: 852B

.reloc Size: 512B - Virtual size: 52B

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 188B

7f:f8:13:ea:91:7c:63:8b:49:21:c3:ea:a6:88:d4:52
Certificate

a7:4d:06:37:ee:26:5d:67:f5:52:86:7a:5f:70:1d:1a:70:46:c8:d5:52:d5:c7:44:bf:18:e3:f8:b7:4c:6b:5e
Signer

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 760B

.pdata
Size: 512B - Virtual size: 228B

INIT
Size: 1024B - Virtual size: 852B

.reloc
Size: 512B - Virtual size: 52B