8d4df82ce5c13fca72c8efa60f4d2f40N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8d4df82ce5c13fca72c8efa60f4d2f40N.exe
Size

290KB
MD5

8d4df82ce5c13fca72c8efa60f4d2f40
SHA1

360eadf04eea00a6189476a88b09e2745cddb579
SHA256

fd766b9a9c228b153467e06bbdcb9be64cf327cd6a37863669c95bd8450677a7
SHA512

2e6cc11306c26b2f2cb5ae1e7e47572578ecc77e1f0f5bf71e0bd31d058557e95575e43f0f69e4bc9f0e7c1333b346c12d10486e9e3f5e857151868d814b26c4
SSDEEP

3072:/iM7DzxmFMGM7lMUS83FBjArSj5/0YYZF2KfeS1SqGVl8KCCMcOi9P65/MoGtKt3:D9mFG7lTS282DYZRWS1SJN6KtK/1

Score

1^/10

Malware Config

Signatures

Files

8d4df82ce5c13fca72c8efa60f4d2f40N.exe
.sys windows:10 windows x64 arch:x64

a30b497e1d3bc8c38463f4428035d91d

Code Sign

0f:a4:c3:1c:aa:9a:8b:97:4d:75:ed:0a:59:d1:4c:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13-06-2013 00:00

Not After

13-06-2014 23:59

Subject

CN=Baoji zhihengtaiye co.\,ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baoji zhihengtaiye co.\,ltd,L=Baoji,ST=Shannxi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:0f:9c:02:41:a1:d7:b5:fc:a0:1a:c3:0f:67:5c:08:f9:f0:80:c5
Signer

Actual PE Digest

9e:0f:9c:02:41:a1:d7:b5:fc:a0:1a:c3:0f:67:5c:08:f9:f0:80:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\omen\source\repos\InjectFrame\x64\Release\InjectFrame.pdb

Imports

fwpkclnt.sys

FwpmCalloutAdd0
FwpmFilterDeleteById0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmTransactionAbort0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmEngineOpen0
FwpsCalloutUnregisterById0
FwpmFilterAdd0
FwpsCalloutRegister1

ntoskrnl.exe

__C_specific_handler
strstr
IoDeleteSymbolicLink
IoGetCurrentProcess
PsGetProcessImageFileName
KeInitializeEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ObfDereferenceObject
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
ZwClose
IoFileObjectType
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
PsTerminateSystemThread
ZwCreateFile
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwQuerySystemInformation
RtlImageNtHeader
PsGetProcessWow64Process
MmIsAddressValid
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
IoFreeMdl
IoReuseIrp
RtlCompareUnicodeString
RtlImageDirectoryEntryToData
wcsnlen
wcsrchr
KeInitializeTimerEx
KeSetTimerEx
ExSystemTimeToLocalTime
CmUnRegisterCallback
PsCreateSystemThread
PsGetVersion
ZwOpenEvent
ZwCreateEvent
ZwSetEvent
RtlCompareUnicodeStrings
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExpInterlockedPopEntrySList
ExInitializeNPagedLookasideList
ExInitializeResourceLite
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwEnumerateKey
ZwFlushKey
ZwQueryValueKey
ZwSetValueKey
strchr
ExFreePoolWithTag
ExAllocatePool
KeSetEvent
RtlFreeUnicodeString
KeBugCheckEx
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
KeResetEvent

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a30b497e1d3bc8c38463f4428035d91d

Code Sign

0f:a4:c3:1c:aa:9a:8b:97:4d:75:ed:0a:59:d1:4c:61Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9e:0f:9c:02:41:a1:d7:b5:fc:a0:1a:c3:0f:67:5c:08:f9:f0:80:c5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fwpkclnt.sys

ntoskrnl.exe

netio.sys

wdfldr.sys

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 248KB - Virtual size: 290KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 40B

0f:a4:c3:1c:aa:9a:8b:97:4d:75:ed:0a:59:d1:4c:61
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9e:0f:9c:02:41:a1:d7:b5:fc:a0:1a:c3:0f:67:5c:08:f9:f0:80:c5
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 248KB - Virtual size: 290KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 40B