a9563dcb899717f85c265f7bdfdec0759eb03a133d3299e614298592120a1492

Sharing

Copy URL Twitter E-mail

General

Target

a9563dcb899717f85c265f7bdfdec0759eb03a133d3299e614298592120a1492
Size

155KB
MD5

d720ce0a35d7471ec40ee8cba9aec9a9
SHA1

95eb51e9b39938a11f8a8b6c81fbe79cc40680ae
SHA256

a9563dcb899717f85c265f7bdfdec0759eb03a133d3299e614298592120a1492
SHA512

3720a49fe6b05fa0b34385152b6cb90a8291f601a3a86604add365058d5281d532e19c6cc8827d1c97b78705120317d02039342f8e11a574901184aef94b9594
SSDEEP

3072:tUElTeOvkvtOtVcDrNj/puDX4HMGnJKsKAxAx:tbNarNmFG0P

Score

1^/10

Malware Config

Signatures

Files

a9563dcb899717f85c265f7bdfdec0759eb03a133d3299e614298592120a1492
.sys windows:6 windows x86 arch:x86

38cc2cd0df64b623e0ae10a667fbf4b5

Code Sign

56:27:fe:2d:ca:b9:57:6b:b6:99:48:f0:79:ba:a4:db
Certificate

Issuer

CN=Contoso.com(Test)

Not Before

05/08/2022, 07:16

Not After

31/12/2039, 23:59

Subject

CN=Contoso.com(Test)

c3:1a:ec:63:59:c9:48:dc:0a:22:39:8a:5a:09:0d:6e:67:e5:3c:d8
Signer

Actual PE Digest

c3:1a:ec:63:59:c9:48:dc:0a:22:39:8a:5a:09:0d:6e:67:e5:3c:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\git_project\integration\client-win-driver\lps\imd\objchk_win7_x86\i386\lpsimd.pdb

Imports

ntoskrnl.exe

RtlUnwind
KeBugCheckEx
KeReleaseSemaphore
ExfInterlockedInsertTailList
RtlIpv4StringToAddressA
_vsnprintf
tolower
isspace
_strnicmp
_alldiv
_stricmp
KeTickCount
strnlen
KeQueryTimeIncrement
ExSemaphoreObjectType
KeQuerySystemTime
ExEventObjectType
RtlCompareMemory
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IofCallDriver
KeClearEvent
ObfDereferenceObject
ObReferenceObjectByHandle
memcpy
KeSetEvent
IofCompleteRequest
memset
PsGetCurrentProcessId
RtlInitUnicodeString
ZwOpenKey
ZwQueryValueKey
ExAllocatePool
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ExFreePoolWithTag
ZwClose
MmMapLockedPagesSpecifyCache
IoFreeMdl
DbgPrint
RtlAssert
RtlAnsiCharToUnicodeChar

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisAllocateBuffer
NdisDprFreePacket
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisIMInitializeDeviceInstanceEx
NdisPacketPoolUsage
NdisDeregisterProtocol
NdisMDeregisterDevice
NdisMSleep
NdisMRegisterDevice
NdisInitializeReadWriteLock
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisRegisterProtocol
NdisIMDeregisterLayeredMiniport
NdisIMAssociateMiniport
NdisTerminateWrapper
NdisFreePacketPool
NdisCancelSendPackets
NdisMCancelTimer
NdisResetEvent
NdisCloseAdapter
NdisWaitEvent
NdisGetPoolFromPacket
NdisQueryPendingIOCount
NdisCopyFromPacketToPacket
NdisCloseConfiguration
NdisAllocatePacket
NdisSetEvent
NdisMSetPeriodicTimer
NdisMInitializeTimer
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendPerPacketInfo
NdisReturnPackets
NdisIMCopySendCompletePerPacketInfo
NdisIMGetCurrentPacketStack
NdisRequest
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisFreeMemory
NdisUnchainBufferAtFront

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38cc2cd0df64b623e0ae10a667fbf4b5

Code Sign

56:27:fe:2d:ca:b9:57:6b:b6:99:48:f0:79:ba:a4:dbCertificate

c3:1a:ec:63:59:c9:48:dc:0a:22:39:8a:5a:09:0d:6e:67:e5:3c:d8Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 27KB

INIT Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 7KB - Virtual size: 6KB

56:27:fe:2d:ca:b9:57:6b:b6:99:48:f0:79:ba:a4:db
Certificate

c3:1a:ec:63:59:c9:48:dc:0a:22:39:8a:5a:09:0d:6e:67:e5:3c:d8
Signer

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 27KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 7KB - Virtual size: 6KB