292adb7c57b5457f18f2fc06934b0b40N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

292adb7c57b5457f18f2fc06934b0b40N.exe
Size

42KB
MD5

292adb7c57b5457f18f2fc06934b0b40
SHA1

43e9fe323911c6afe3548e016eff8fcc1baeb236
SHA256

12ffdf5f48a79b1b4adbb88ba2cb6c59dd6719554e8ea6beefe99b3e3c66f1ac
SHA512

5e37f9d075704aad28b2d575716d48e39a300c3f7bb3b09f36aa67bdc73b1a1e4a6505146f7284747aa42bfd9471badd0db2a93466826bc289692d43af6b8bf4
SSDEEP

768:vEryo2Qx88kOxtC2gOVTn5muAFy1+z4zhlzH3CrNYCG+m34tsVL7EjXW:C6O+uAwoz4zjXSI37L7oXW

Score

1^/10

Malware Config

Signatures

Files

292adb7c57b5457f18f2fc06934b0b40N.exe
.sys windows:6 windows x64 arch:x64

8638595afb996f568ee35c55ccc8e280

Code Sign

23:be:05:bc:77:3d:f9:6a:ba:a2:2f:91:11:50:75:ab
Certificate

Issuer

CN=BoiseTest

Not Before

17-10-2006 22:19

Not After

31-12-2039 23:59

Subject

CN=BoiseTest

07:0b:f5:a0:80:94:c0:d1:47:e7:2f:00:e1:6b:3b:fb:d3:99:7a:21
Signer

Actual PE Digest

07:0b:f5:a0:80:94:c0:d1:47:e7:2f:00:e1:6b:3b:fb:d3:99:7a:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dot4usb.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
DbgPrint
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlFreeUnicodeString
IoAcquireRemoveLockEx
ExFreePool
IofCompleteRequest
IoReleaseRemoveLockEx
IofCallDriver
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IoReleaseRemoveLockAndWaitEx
IoDetachDevice
IoDeleteDevice
IoAllocateIrp
IoFreeIrp
PoStartNextPowerIrp
PoRequestPowerIrp
PoCallDriver
IoInitializeRemoveLockEx
IoAllocateWorkItem
IoQueueWorkItem
IoFreeWorkItem
KeSetEvent
IoReuseIrp
IoCancelIrp
KeWaitForSingleObject
KeClearEvent
IoInitializeIrp
MmMapLockedPagesSpecifyCache
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
KeResetEvent
KeBugCheckEx
IoAttachDeviceToDeviceStack
RtlQueryRegistryValues
IoCreateDevice

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8638595afb996f568ee35c55ccc8e280

Code Sign

23:be:05:bc:77:3d:f9:6a:ba:a2:2f:91:11:50:75:abCertificate

07:0b:f5:a0:80:94:c0:d1:47:e7:2f:00:e1:6b:3b:fb:d3:99:7a:21Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

usbd.sys

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 508B

.pdata Size: 1024B - Virtual size: 660B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 188B

23:be:05:bc:77:3d:f9:6a:ba:a2:2f:91:11:50:75:ab
Certificate

07:0b:f5:a0:80:94:c0:d1:47:e7:2f:00:e1:6b:3b:fb:d3:99:7a:21
Signer

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 508B

.pdata
Size: 1024B - Virtual size: 660B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 188B