89ac2376593fac82dae3c48ac8da020133b6ac19e6499520aaa24c4b01b45506

Sharing

Copy URL Twitter E-mail

General

Target

89ac2376593fac82dae3c48ac8da020133b6ac19e6499520aaa24c4b01b45506
Size

19KB
MD5

b2e6790b001eea2dfd8b633b02e7193e
SHA1

0e5cef2805cd12ba9adde6938080983edd92c13e
SHA256

89ac2376593fac82dae3c48ac8da020133b6ac19e6499520aaa24c4b01b45506
SHA512

8aae6718248a7f81b88e47e70df23c76a010f986d8a2f0cc962ecca24f326dd143429640dc50d3dc3a79bb108328fc41786529bd004e8fbaaa2926fa9c71b2bf
SSDEEP

192:ULt0spC7CkT7CVbOCy4oW8X+e108z7hmfdZ/mpAp3jxJS+quusk6DcG95sm4PhIj:ULt0spCF4+08zRKp1JS+qVLKH8hQHvBZ

Score

1^/10

Malware Config

Signatures

Files

89ac2376593fac82dae3c48ac8da020133b6ac19e6499520aaa24c4b01b45506
.dll windows:5 windows x86 arch:x86

f62e6d071d68ee9d21e3db641c13551b

Code Sign

18:20:d8:45:1d:04:cf:95:42:02:ad:db:d0:99:03:c7
Certificate

Issuer

CN=64Signer.4

Not Before

11/08/2021, 07:02

Not After

11/08/2056, 07:02

Subject

CN=64Signer.4

48:82:4a:38:d2:6e:e2:34:d9:22:6f:35:6b:55:db:c3:e0:5b:2d:62
Signer

Actual PE Digest

48:82:4a:38:d2:6e:e2:34:d9:22:6f:35:6b:55:db:c3:e0:5b:2d:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\ydtest\Windows Driver\Win7 Checked\KJDT_Fc_B_W7x86.pdb

Imports

ntoskrnl.exe

memset
KeSetImportanceDpc
IoAttachDeviceToDeviceStack
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeInitializeDpc
IoStartNextPacket
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
ObfDereferenceObject
ObReferenceObjectByHandle
ExEventObjectType
strcpy
strlen
memcpy
WRITE_REGISTER_BUFFER_ULONG
READ_REGISTER_BUFFER_ULONG
IoGetDeviceProperty
KeInsertQueueDpc
IoDetachDevice
IoDisconnectInterrupt
IoConnectInterrupt
MmMapIoSpace
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
KeRemoveEntryDeviceQueue
MmGetPhysicalAddress
MmAllocateContiguousMemory
MmFreeContiguousMemory
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
MmUnmapLockedPages
IofCompleteRequest
_aullshr
KeSetEvent
_allshl

hal

KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Sections

init
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

page
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f62e6d071d68ee9d21e3db641c13551b

Code Sign

18:20:d8:45:1d:04:cf:95:42:02:ad:db:d0:99:03:c7Certificate

48:82:4a:38:d2:6e:e2:34:d9:22:6f:35:6b:55:db:c3:e0:5b:2d:62Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

init Size: 512B - Virtual size: 105B

.text Size: 10KB - Virtual size: 10KB

page Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 370B

.data Size: 1024B - Virtual size: 824B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 458B

18:20:d8:45:1d:04:cf:95:42:02:ad:db:d0:99:03:c7
Certificate

48:82:4a:38:d2:6e:e2:34:d9:22:6f:35:6b:55:db:c3:e0:5b:2d:62
Signer

init
Size: 512B - Virtual size: 105B

.text
Size: 10KB - Virtual size: 10KB

page
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 370B

.data
Size: 1024B - Virtual size: 824B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B