f567584d2bdf423a896667c3e543f6d061dc36b6d014a8fd8aecdf964b2efe38

Sharing

Copy URL Twitter E-mail

General

Target

f567584d2bdf423a896667c3e543f6d061dc36b6d014a8fd8aecdf964b2efe38
Size

1.0MB
MD5

87c4329d1867492390c196c98d881816
SHA1

47fea07b6df174d2ffc4b77825a2bbb19ccc6cb0
SHA256

f567584d2bdf423a896667c3e543f6d061dc36b6d014a8fd8aecdf964b2efe38
SHA512

307bb3266ff1fb0359967641ffbf1266b252631b1acde65d48d8b8f45b0f82d7bebc8371bfb3017045f64cb9dbc6adf1303c9c23485f2c673fd2ea078bc35f04
SSDEEP

24576:Byjv78azDM7BE2ofpTNYL8Kagu8yRUTTRd1KLMSqy76kfDZR:ov3O/YWLdaVUTT/SfDX

Score

1^/10

Malware Config

Signatures

Files

f567584d2bdf423a896667c3e543f6d061dc36b6d014a8fd8aecdf964b2efe38
.zip
64x233.sys
.sys windows:10 windows x64 arch:x64

8996330cbc70986e90982b612db01244

Code Sign

6c:ac:2d:28:c3:f0:82:8b:2e:f4:9b:40:aa:2b:12:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/05/2015, 00:00

Not After

06/05/2016, 23:59

Subject

CN=北京天瑞地安网络科技有限公司,O=北京天瑞地安网络科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:2e:13:e1:61:3f:ea:6f:ff:b0:da:5d:82:d1:41:74:15:3e:88:53
Signer

Actual PE Digest

e0:2e:13:e1:61:3f:ea:6f:ff:b0:da:5d:82:d1:41:74:15:3e:88:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\work_code\driver_template_yj_ icould_19.0.00428.01_update_temp_new\x64\Release\driver_template_x64.pdb

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeQueryPerformanceCounter
HalMakeBeep

Exports

Exports

?cJSON_AddArrayToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddBoolToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBDH@Z
?cJSON_AddFalseToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddItemReferenceToArray@Json@@YAXPEAUcJSON@1@0@Z
?cJSON_AddItemReferenceToObject@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_AddItemToArray@Json@@YAXPEAUcJSON@1@0@Z
?cJSON_AddItemToObject@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_AddItemToObjectCS@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_AddNullToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddNumberToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBDN@Z
?cJSON_AddObjectToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_AddRawToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD1@Z
?cJSON_AddStringToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD1@Z
?cJSON_AddTrueToObject@Json@@YAPEAUcJSON@1@QEAU21@QEBD@Z
?cJSON_Compare@Json@@YAHQEBUcJSON@1@0H@Z
?cJSON_CreateArray@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateArrayReference@Json@@YAPEAUcJSON@1@PEBU21@@Z
?cJSON_CreateBool@Json@@YAPEAUcJSON@1@H@Z
?cJSON_CreateDoubleArray@Json@@YAPEAUcJSON@1@PEBNH@Z
?cJSON_CreateFalse@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateFloatArray@Json@@YAPEAUcJSON@1@PEBMH@Z
?cJSON_CreateIntArray@Json@@YAPEAUcJSON@1@PEBHH@Z
?cJSON_CreateNull@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateNumber@Json@@YAPEAUcJSON@1@N@Z
?cJSON_CreateObject@Json@@YAPEAUcJSON@1@XZ
?cJSON_CreateObjectReference@Json@@YAPEAUcJSON@1@PEBU21@@Z
?cJSON_CreateRaw@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_CreateString@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_CreateStringArray@Json@@YAPEAUcJSON@1@PEAPEBDH@Z
?cJSON_CreateStringReference@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_CreateTrue@Json@@YAPEAUcJSON@1@XZ
?cJSON_Delete@Json@@YAXPEAUcJSON@1@@Z
?cJSON_DeleteItemFromArray@Json@@YAXPEAUcJSON@1@H@Z
?cJSON_DeleteItemFromObject@Json@@YAXPEAUcJSON@1@PEBD@Z
?cJSON_DeleteItemFromObjectCaseSensitive@Json@@YAXPEAUcJSON@1@PEBD@Z
?cJSON_DetachItemFromArray@Json@@YAPEAUcJSON@1@PEAU21@H@Z
?cJSON_DetachItemFromObject@Json@@YAPEAUcJSON@1@PEAU21@PEBD@Z
?cJSON_DetachItemFromObjectCaseSensitive@Json@@YAPEAUcJSON@1@PEAU21@PEBD@Z
?cJSON_DetachItemViaPointer@Json@@YAPEAUcJSON@1@PEAU21@QEAU21@@Z
?cJSON_Duplicate@Json@@YAPEAUcJSON@1@PEBU21@H@Z
?cJSON_GetArrayItem@Json@@YAPEAUcJSON@1@PEBU21@H@Z
?cJSON_GetArraySize@Json@@YAHPEBUcJSON@1@@Z
?cJSON_GetErrorPtr@Json@@YAPEBDXZ
?cJSON_GetObjectItem@Json@@YAPEAUcJSON@1@QEBU21@QEBD@Z
?cJSON_GetObjectItemCaseSensitive@Json@@YAPEAUcJSON@1@QEBU21@QEBD@Z
?cJSON_GetStringValue@Json@@YAPEADPEAUcJSON@1@@Z
?cJSON_HasObjectItem@Json@@YAHPEBUcJSON@1@PEBD@Z
?cJSON_InitHooks@Json@@YAXPEAUcJSON_Hooks@1@@Z
?cJSON_InsertItemInArray@Json@@YAXPEAUcJSON@1@H0@Z
?cJSON_IsArray@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsBool@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsFalse@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsInvalid@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsNull@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsNumber@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsObject@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsRaw@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsString@Json@@YAHQEBUcJSON@1@@Z
?cJSON_IsTrue@Json@@YAHQEBUcJSON@1@@Z
?cJSON_Minify@Json@@YAXPEAD@Z
?cJSON_Parse@Json@@YAPEAUcJSON@1@PEBD@Z
?cJSON_ParseWithOpts@Json@@YAPEAUcJSON@1@PEBDPEAPEBDH@Z
?cJSON_PrintBuffered@Json@@YAPEADPEBUcJSON@1@HH@Z
?cJSON_PrintPreallocated@Json@@YAHPEAUcJSON@1@PEADHH@Z
?cJSON_ReplaceItemInArray@Json@@YAXPEAUcJSON@1@H0@Z
?cJSON_ReplaceItemInObject@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_ReplaceItemInObjectCaseSensitive@Json@@YAXPEAUcJSON@1@PEBD0@Z
?cJSON_ReplaceItemViaPointer@Json@@YAHQEAUcJSON@1@0PEAU21@@Z
?cJSON_SetNumberHelper@Json@@YANPEAUcJSON@1@N@Z
?cJSON_Version@Json@@YAPEBDXZ
?cJSON_free@Json@@YAXPEAX@Z
?cJSON_malloc@Json@@YAPEAX_K@Z

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fas0
Size: 944KB - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fas1
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8996330cbc70986e90982b612db01244

Code Sign

6c:ac:2d:28:c3:f0:82:8b:2e:f4:9b:40:aa:2b:12:87Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e0:2e:13:e1:61:3f:ea:6f:ff:b0:da:5d:82:d1:41:74:15:3e:88:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 271KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 37KB

.pdata Size: 14KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 8B

.edata Size: 4KB - Virtual size: 4KB

INIT Size: 4KB - Virtual size: 3KB

.fas0 Size: 944KB - Virtual size: 943KB

.fas1 Size: 90KB - Virtual size: 89KB

.reloc Size: 1024B - Virtual size: 696B

.rsrc Size: 1KB - Virtual size: 1KB

6c:ac:2d:28:c3:f0:82:8b:2e:f4:9b:40:aa:2b:12:87
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e0:2e:13:e1:61:3f:ea:6f:ff:b0:da:5d:82:d1:41:74:15:3e:88:53
Signer

.text
Size: 271KB - Virtual size: 271KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 37KB

.pdata
Size: 14KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 8B

.edata
Size: 4KB - Virtual size: 4KB

INIT
Size: 4KB - Virtual size: 3KB

.fas0
Size: 944KB - Virtual size: 943KB

.fas1
Size: 90KB - Virtual size: 89KB

.reloc
Size: 1024B - Virtual size: 696B

.rsrc
Size: 1KB - Virtual size: 1KB