SpooferDriverTemp[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

SpooferDriverTemp.rar
Size

111KB
MD5

c96d2a67e360ea1f9aa359705bfbdbd0
SHA1

ee2ed88f676b011e5c610ad9ff86274683fafd8b
SHA256

72f8cec9ea30bbfca6ec09014399b7279ca0ce25ce4c40678d0ca3fe0896b3b7
SHA512

248b29f267e59edfb6b8a7d9a6e7b02c53b62c2ef2de2e3682d3ad2b4dbdda3b481bcc9477d5a472bf230169bafd95c2364a089580f609418796dd876947c631
SSDEEP

3072:VcJuaO/92IROdIlQrWDDMfM+u/+EEH4VfLiGbW:VcJl+2ffrUEINEMfLM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SpooferDriverMethod/strnmap.exe

Files

SpooferDriverTemp.rar
.rar
SpooferDriverMethod/rgoikhoihoiherth.sys
.sys windows:10 windows x64 arch:x64

4c92e291e9f3b6b07e8b0511a52c3f45

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10-11-2021 00:00

Not After

09-11-2024 23:59

Subject

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:83:89:ff:1f:0e:a5:bc:ef:66:00:5f:bb:87:c6:dc:cf:9a:2e:c1
Signer

Actual PE Digest

40:83:89:ff:1f:0e:a5:bc:ef:66:00:5f:bb:87:c6:dc:cf:9a:2e:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\cody\OneDrive\Desktop\mutante-master\mutante\build\bin\mutante.pdb

Imports

ntoskrnl.exe

RtlInitString
RtlInitUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetDeviceObjectPointer
ObfDereferenceObject
IoEnumerateDeviceObjectList
_vsnwprintf
ObReferenceObjectByName
IoDriverObjectType
vDbgPrintExWithPrefix
MmMapIoSpace
MmUnmapIoSpace
strstr
KeQueryTimeIncrement
RtlRandomEx
ZwQuerySystemInformation

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SpooferDriverMethod/strnmap.exe
.exe windows:6 windows x64 arch:x64

0d759af411dbbce5e0cf8cbe4564ec03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\School\Documents\coding projects\Saturn Mapper\mapper\build\saturn.pdb

Imports

kernel32

VirtualFree
GetModuleHandleA
GetProcAddress
VirtualAlloc
Sleep
GetTempPathW
VirtualQuery
GetCurrentThreadId
GetCurrentProcessId
DeviceIoControl
CloseHandle
SetUnhandledExceptionFilter
CreateFileW
GetProcessHeap
HeapFree
HeapAlloc
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WideCharToMultiByte
MultiByteToWideChar
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
GetModuleHandleW
GetLastError
AreFileApisANSI
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
FreeLibrary

advapi32

RegSetKeyValueW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
RegDeleteTreeW

msvcp140d

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Xlength_error@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140d

__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__current_exception_context
__current_exception
__C_specific_handler
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
wcsstr
memset
memmove
memcpy
__std_type_info_destroy_list
__C_specific_handler_noexcept

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
_seh_filter_dll
_cexit
__p___wargv
__p___argc
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
__setusermatherr
_set_app_type
_seh_filter_exe
__p__commode
malloc
_callnewh
terminate
_malloc_dbg
_free_dbg
_calloc_dbg
_wcsicmp
_time64
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_wremove
_CrtDbgReport
rand
srand
strlen
_stricmp
wcslen
_invalid_parameter
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_CrtDbgReportW
_c_exit
___lc_codepage_func

Sections

.textbss
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c92e291e9f3b6b07e8b0511a52c3f45

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

40:83:89:ff:1f:0e:a5:bc:ef:66:00:5f:bb:87:c6:dc:cf:9a:2e:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 976B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 240B

INIT Size: 1024B - Virtual size: 560B

0d759af411dbbce5e0cf8cbe4564ec03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140d

ntdll

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 151KB

.text Size: 343KB - Virtual size: 342KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 25KB - Virtual size: 24KB

.idata Size: 15KB - Virtual size: 15KB

.msvcjmc Size: 2KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

40:83:89:ff:1f:0e:a5:bc:ef:66:00:5f:bb:87:c6:dc:cf:9a:2e:c1
Signer

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 976B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 240B

INIT
Size: 1024B - Virtual size: 560B

.textbss
Size: - Virtual size: 151KB

.text
Size: 343KB - Virtual size: 342KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 25KB - Virtual size: 24KB

.idata
Size: 15KB - Virtual size: 15KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB