6f80076dab21fe059ffec1058d0825b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f80076dab21fe059ffec1058d0825b5_JaffaCakes118
Size

295KB
MD5

6f80076dab21fe059ffec1058d0825b5
SHA1

9c856b67964f02d022517e3ffc22e48bfb3c8ee2
SHA256

0347d66a7e49536c1f2aa211ecdb77e75fb8373f523e5f197de0227cb18ee448
SHA512

b3c62af2b33ce6d02e8cc7d35985419515d3b683ff6f8020593d0a752f50c078e46518b174e133828206dbca37079e719317d1b71a1ed7482432ca61d275fe6a
SSDEEP

6144:2YGdRE/3XB5dVjOW1wTDT/fYRTd0zFFA1235cWN7z2gGTrLD:C/E/h5rh2TDwx0JFAO1N7zTMH

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CPU-Tweaker/CPU-Tweaker.exe
unpack001/CPU-Tweaker/WinRing0.dll

Files

6f80076dab21fe059ffec1058d0825b5_JaffaCakes118
.rar
CPU-Tweaker/CPU-Tweaker.exe
.exe windows:1 windows x86 arch:x86

e3d1b746dfa33c2bcb506d60f3b46ebd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winring0

DeinitializeDll
InitializeDll
Rdmsr
RdmsrEx
RdtscEx
ReadIoPortByte
ReadIoPortDword
ReadPhysicalMemory
WriteIoPortByte
WriteIoPortDword
WritePhysicalMemory
Wrmsr
WrmsrEx

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegFlushKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemInfo
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
RemoveDirectoryA
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcpyA
lstrlenA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ImageList_DrawEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EnumFontFamiliesExA
EnumFontsA
ExcludeClipRect
ExtTextOutA
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA

ole32

CoCreateInstance
CoInitialize
IsEqualGUID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd

Exports

Exports

@@Colorbutton@Finalize
@@Colorbutton@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
@@Unit5@Finalize
@@Unit5@Initialize
@@Unitthreadcompteur@Finalize
@@Unitthreadcompteur@Initialize
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Colorbutton@Register$qqrv
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bdtr$qqrv
@Forms@TForm@$bdtr$qqrv
@Forms@TForm@$bdtr$qqrv
@Forms@TForm@$bdtr$qqrv
@Stdctrls@TButton@$bdtr$qqrv
@Stdctrls@TButtonControl@$bdtr$qqrv
@Sysutils@Exception@$bdtr$qqrv
_Form1
_Form2
_Form3
_Form4
_Form5
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 712KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CPU-Tweaker/WinRing0.dll
.dll windows:4 windows x86 arch:x86

028f3406dc140759c15946cd76549050

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

advapi32

ChangeServiceConfigA
QueryServiceConfigA
OpenSCManagerA
CloseServiceHandle
CreateServiceA
OpenServiceA
DeleteService
StartServiceA
ControlService

kernel32

WriteFile
CloseHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
DeviceIoControl
SetThreadAffinityMask
GetCurrentThread
GetProcAddress
GetModuleHandleA
GetCurrentProcess
FindFirstFileA
FindClose
GetDriveTypeA
Sleep
GetModuleFileNameA
CreateFileA
GetVersionExA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

Exports

Exports

Cpuid
CpuidEx
DeinitializeDll
FindPciDeviceByClass
FindPciDeviceById
GetDllStatus
GetDllVersion
GetDriverType
GetDriverVersion
Hlt
HltEx
InitializeDll
IsCpuid
IsMsr
IsTsc
Rdmsr
RdmsrEx
Rdpmc
RdpmcEx
Rdtsc
RdtscEx
ReadIoPortByte
ReadIoPortDword
ReadIoPortWord
ReadPciConfigByte
ReadPciConfigDword
ReadPciConfigWord
ReadPhysicalMemory
SetPciMaxBusIndex
WriteIoPortByte
WriteIoPortDword
WriteIoPortWord
WritePciConfigByte
WritePciConfigDword
WritePciConfigWord
WritePhysicalMemory
Wrmsr
WrmsrEx

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CPU-Tweaker/WinRing0.sys
.sys windows:6 windows x86 arch:x86

a1d29a3af6402793ec9d23883512938a

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:a8:1f:b1:be:d7:0a:64:a3:2e:ea:8c:12:64:6b:88:e7:9d:4d:83
Signer

Actual PE Digest

65:a8:1f:b1:be:d7:0a:64:a3:2e:ea:8c:12:64:6b:88:e7:9d:4d:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hotproject\openlibsys\source\dll\sys\lib\i386\WinRing0.pdb

Imports

ntoskrnl.exe

WRITE_REGISTER_BUFFER_USHORT
WRITE_REGISTER_BUFFER_ULONG
IofCompleteRequest
WRITE_REGISTER_BUFFER_UCHAR
IoCreateDevice
KeTickCount
MmMapIoSpace
READ_REGISTER_BUFFER_ULONG
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_UCHAR
MmUnmapIoSpace
RtlInitUnicodeString
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoDeleteDevice
RtlUnwind
KeBugCheckEx

hal

HalGetBusDataByOffset
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalSetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CPU-Tweaker/WinRing0x64.sys
.sys windows:6 windows x64 arch:x64

d6f977640d4810a784d152e4d3c63a6b

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:e2:53:3a:43:98:d6:7d:fc:72:2e:b8:d9:f8:ff:a3:a8:23:a7:21
Signer

Actual PE Digest

df:e2:53:3a:43:98:d6:7d:fc:72:2e:b8:d9:f8:ff:a3:a8:23:a7:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\hotproject\openlibsys\source\dll\sys\lib\amd64\WinRing0.pdb

Imports

ntoskrnl.exe

MmUnmapIoSpace
MmMapIoSpace
IofCompleteRequest
IoDeleteDevice
IoCreateDevice
KeBugCheckEx
RtlInitUnicodeString
IoCreateSymbolicLink
IoDeleteSymbolicLink
__C_specific_handler

hal

HalSetBusDataByOffset
HalGetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3d1b746dfa33c2bcb506d60f3b46ebd

Headers

File Characteristics

Imports

winring0

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 712KB - Virtual size: 716KB

.data Size: 114KB - Virtual size: 132KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.edata Size: 2KB - Virtual size: 4KB

.rsrc Size: 89KB - Virtual size: 92KB

.reloc Size: 47KB - Virtual size: 48KB

028f3406dc140759c15946cd76549050

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

a1d29a3af6402793ec9d23883512938a

Code Sign

01:00:00:00:00:01:15:37:24:21:a8Certificate

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:10:92:eb:82:95Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

65:a8:1f:b1:be:d7:0a:64:a3:2e:ea:8c:12:64:6b:88:e7:9d:4d:83Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 404B

.data Size: 128B - Virtual size: 12B

INIT Size: 896B - Virtual size: 814B

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 256B - Virtual size: 204B

d6f977640d4810a784d152e4d3c63a6b

Code Sign

01:00:00:00:00:01:15:37:24:21:a8Certificate

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

.text
Size: 712KB - Virtual size: 716KB

.data
Size: 114KB - Virtual size: 132KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.edata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 89KB - Virtual size: 92KB

.reloc
Size: 47KB - Virtual size: 48KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

65:a8:1f:b1:be:d7:0a:64:a3:2e:ea:8c:12:64:6b:88:e7:9d:4d:83
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 404B

.data
Size: 128B - Virtual size: 12B

INIT
Size: 896B - Virtual size: 814B

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 256B - Virtual size: 204B

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

df:e2:53:3a:43:98:d6:7d:fc:72:2e:b8:d9:f8:ff:a3:a8:23:a7:21
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 400B

.data
Size: 512B - Virtual size: 276B

.pdata
Size: 512B - Virtual size: 108B

INIT
Size: 1024B - Virtual size: 546B

.rsrc
Size: 1024B - Virtual size: 944B