dbf8f4608e27ee76acba29749c9bc9f9807188e7348cc36bf96e2b9b941a4690

Sharing

Copy URL

Twitter E-mail

General

Target

dbf8f4608e27ee76acba29749c9bc9f9807188e7348cc36bf96e2b9b941a4690
Size

215KB
MD5

b76803aa759fb813d2acc8b01d29d729
SHA1

adbce62987c91cd5a5a39293a5ad7b9256fad61d
SHA256

dbf8f4608e27ee76acba29749c9bc9f9807188e7348cc36bf96e2b9b941a4690
SHA512

ef3f08a962454d5ef9b9679dc4e75a1772e38dc661fffa157a8aed5e2c06daa0e3f69a4bb3306dbbbd8af3307123117d3cc2f29e975367320658b32634bda910
SSDEEP

3072:W00N0HQ89pDyCmsiE9HFjW7nZ4juuAx2LZRWA4Gh8TyG4nljLfluu3l2lEBJ8:r0N08BsiE9EIuzx2LZaGhDGoB5xB8

Score

1^/10

Malware Config

Signatures

Files

dbf8f4608e27ee76acba29749c9bc9f9807188e7348cc36bf96e2b9b941a4690
.dll windows:6 windows x64 arch:x64

3b1630121f698bf675dd028e99e20ac6

Code Sign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-03-2017 19:05

Not After

01-06-2018 19:05

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:2b:50:69:58:f2:ec:11:e9:f6:b9:3e:9c:e2:0a:88:4d:7e:ea:ec:e9:9c:0e:4a:26:c3:02:80:14:6b:c3:63
Signer

Actual PE Digest

50:2b:50:69:58:f2:ec:11:e9:f6:b9:3e:9c:e2:0a:88:4d:7e:ea:ec:e9:9c:0e:4a:26:c3:02:80:14:6b:c3:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\windrvnew3\windrv_src\it5_bk_v4.0\kmsrc_2.06.62-0.05\driver\driver\build\xps\filter\filters\cleanup\objfre_wlh_amd64\amd64\KOAXVX_C.pdb

Imports

kernel32

ExitProcess
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsGetValue
GetLastError
GetCurrentThreadId
FlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
LeaveCriticalSection
GetModuleHandleW
EnterCriticalSection
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
Sleep
LoadLibraryW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
GetProcAddress
GetVersionExW
GetCommandLineA
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlsSetValue
GetProcessHeap
lstrlenW
RaiseException
RtlPcToFileHeader
HeapSize
SetFilePointer

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoFileTimeNow
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysStringByteLen
VariantClear
SysFreeString
SysStringLen
SysAllocString
VariantCopy
VariantInit

winspool.drv

SetJobW
GetJobW

atl

ord30

prntvpt

ord4

advapi32

ImpersonateLoggedOnUser
RevertToSelf

user32

CharUpperW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b1630121f698bf675dd028e99e20ac6

Code Sign

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

50:2b:50:69:58:f2:ec:11:e9:f6:b9:3e:9c:e2:0a:88:4d:7e:ea:ec:e9:9c:0e:4a:26:c3:02:80:14:6b:c3:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

winspool.drv

atl

prntvpt

advapi32

user32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 184KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:00:43:9b:d4:99:23:01:cb:6d:34:00:00:00:00:00:43
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

50:2b:50:69:58:f2:ec:11:e9:f6:b9:3e:9c:e2:0a:88:4d:7e:ea:ec:e9:9c:0e:4a:26:c3:02:80:14:6b:c3:63
Signer

.text
Size: 184KB - Virtual size: 184KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB