PracticalMalwareAnalysis-Labs-Windows7[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

PracticalMalwareAnalysis-Labs-Windows7.7z
Size

3KB
MD5

fce79d0319b5303edb5e7b90f3ed5f13
SHA1

cb9416f2c483934c272e1ccbb0f6acb6807d37b0
SHA256

4a1dfb62afdab961bc98fe41a9080aae24fd5b06118944a699cf2c0d4b727180
SHA512

f4a87d1cfe6a15b02ada2e81bb27532805bc2cd0f288aef08c314c4c6bf812b39aa4e184aa865abf74518fba490ff01607598e4682eb9c703712d50ab52d6d01

Score

1^/10

Malware Config

Signatures

Files

PracticalMalwareAnalysis-Labs-Windows7.7z
.7z

Password: malware
Lab10-01.sys
.sys windows:10 windows x64 arch:x64

a5da36ab9c661568a26b7ae59491f93e

Code Sign

1f:14:d0:72:3b:27:3b:9f:4e:15:58:6d:37:96:02:18
Certificate

Issuer

CN=WDKTestCert paul.tarter\,132762939326261508

Not Before

16/09/2021, 19:25

Not After

16/09/2031, 00:00

Subject

CN=WDKTestCert paul.tarter\,132762939326261508

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

d3:b3:ca:44:9e:0f:26:8c:82:85:c2:00:1c:c2:64:f9:63:0d:6f:d8:46:f5:9c:64:5d:89:81:59:85:f7:17:a9
Signer

Actual PE Digest

d3:b3:ca:44:9e:0f:26:8c:82:85:c2:00:1c:c2:64:f9:63:0d:6f:d8:46:f5:9c:64:5d:89:81:59:85:f7:17:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

L:\x64\Release\Lab10-01.pdb

Imports

ntoskrnl.exe

RtlCreateRegistryKey
RtlWriteRegistryValue

Sections

.text
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lab10-03.sys
.sys windows:10 windows x64 arch:x64

81fe0a74bde9224b0f84efe3dc079bb8

Code Sign

1f:14:d0:72:3b:27:3b:9f:4e:15:58:6d:37:96:02:18
Certificate

Issuer

CN=WDKTestCert paul.tarter\,132762939326261508

Not Before

16/09/2021, 19:25

Not After

16/09/2031, 00:00

Subject

CN=WDKTestCert paul.tarter\,132762939326261508

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:3f:f5:e4:07:c2:7b:fe:01:c1:f3:c5:95:d0:d4:c9:f5:00:20:ea:89:56:2b:ac:18:c8:9e:2b:33:9d:03:d1
Signer

Actual PE Digest

38:3f:f5:e4:07:c2:7b:fe:01:c1:f3:c5:95:d0:d4:c9:f5:00:20:ea:89:56:2b:ac:18:c8:9e:2b:33:9d:03:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

L:\x64\Release\lab10-03.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetCurrentProcess
RtlInitUnicodeString

Sections

.text
Size: 1024B - Virtual size: 542B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: malware

a5da36ab9c661568a26b7ae59491f93e

Code Sign

1f:14:d0:72:3b:27:3b:9f:4e:15:58:6d:37:96:02:18Certificate

Extended Key Usages

Key Usages

d3:b3:ca:44:9e:0f:26:8c:82:85:c2:00:1c:c2:64:f9:63:0d:6f:d8:46:f5:9c:64:5d:89:81:59:85:f7:17:a9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 1024B - Virtual size: 846B

.rdata Size: 1024B - Virtual size: 852B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 48B

INIT Size: 512B - Virtual size: 270B

.reloc Size: 512B - Virtual size: 32B

81fe0a74bde9224b0f84efe3dc079bb8

Code Sign

1f:14:d0:72:3b:27:3b:9f:4e:15:58:6d:37:96:02:18Certificate

Extended Key Usages

Key Usages

38:3f:f5:e4:07:c2:7b:fe:01:c1:f3:c5:95:d0:d4:c9:f5:00:20:ea:89:56:2b:ac:18:c8:9e:2b:33:9d:03:d1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 1024B - Virtual size: 542B

.rdata Size: 1024B - Virtual size: 932B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 84B

INIT Size: 512B - Virtual size: 414B

.reloc Size: 512B - Virtual size: 32B

1f:14:d0:72:3b:27:3b:9f:4e:15:58:6d:37:96:02:18
Certificate

d3:b3:ca:44:9e:0f:26:8c:82:85:c2:00:1c:c2:64:f9:63:0d:6f:d8:46:f5:9c:64:5d:89:81:59:85:f7:17:a9
Signer

.text
Size: 1024B - Virtual size: 846B

.rdata
Size: 1024B - Virtual size: 852B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 48B

INIT
Size: 512B - Virtual size: 270B

.reloc
Size: 512B - Virtual size: 32B

1f:14:d0:72:3b:27:3b:9f:4e:15:58:6d:37:96:02:18
Certificate

38:3f:f5:e4:07:c2:7b:fe:01:c1:f3:c5:95:d0:d4:c9:f5:00:20:ea:89:56:2b:ac:18:c8:9e:2b:33:9d:03:d1
Signer

.text
Size: 1024B - Virtual size: 542B

.rdata
Size: 1024B - Virtual size: 932B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 84B

INIT
Size: 512B - Virtual size: 414B

.reloc
Size: 512B - Virtual size: 32B