630f76a3dd33303dde88a09ca984477fd2a5e8d132dd07170532b3fa82ba4641

Sharing

Copy URL

Twitter E-mail

General

Target

630f76a3dd33303dde88a09ca984477fd2a5e8d132dd07170532b3fa82ba4641
Size

3.6MB
MD5

fd23950e3c616fde969984549a48a3e6
SHA1

830c4378bfec06c09ecc063f3e57cdf3b54b0dc9
SHA256

630f76a3dd33303dde88a09ca984477fd2a5e8d132dd07170532b3fa82ba4641
SHA512

5ddba3f398eb73c97c32402b7d3b4fe2c23c5c565b8a4cf6d0d649e841673ec142415532c4a55af5d9e5b34164c75645dc96b3f5842a26eb23bdf5e29e649367
SSDEEP

98304:jDHcVaK6mEQYDFpzS5A/8QN42XeXfmStVzs:MghmEQYDG8HNUPVzs

Score

1^/10

Malware Config

Signatures

Files

630f76a3dd33303dde88a09ca984477fd2a5e8d132dd07170532b3fa82ba4641
.dll windows:6 windows x64 arch:x64

98377b3a11e85c9f5df631cbe3f35489

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:d9:54:19:1f:26:77:e1:39:0f:ed:02:8e:9d:98:57:b8:1b:d3:31:d3:28:c1:85:65:da:be:bb:01:51:ec:e5
Signer

Actual PE Digest

c1:d9:54:19:1f:26:77:e1:39:0f:ed:02:8e:9d:98:57:b8:1b:d3:31:d3:28:c1:85:65:da:be:bb:01:51:ec:e5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Exports

Exports

SynCreateAPI
war_registerDriver
war_unRegisterDriver

Sections

.text
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pm?
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oRJ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.`A:
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98377b3a11e85c9f5df631cbe3f35489

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c1:d9:54:19:1f:26:77:e1:39:0f:ed:02:8e:9d:98:57:b8:1b:d3:31:d3:28:c1:85:65:da:be:bb:01:51:ec:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 70KB

.rdata Size: - Virtual size: 40KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 4KB

_RDATA Size: - Virtual size: 500B

.pm? Size: - Virtual size: 2.0MB

.oRJ Size: 2KB - Virtual size: 2KB

.`A: Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c1:d9:54:19:1f:26:77:e1:39:0f:ed:02:8e:9d:98:57:b8:1b:d3:31:d3:28:c1:85:65:da:be:bb:01:51:ec:e5
Signer

.text
Size: - Virtual size: 70KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 4KB

_RDATA
Size: - Virtual size: 500B

.pm?
Size: - Virtual size: 2.0MB

.oRJ
Size: 2KB - Virtual size: 2KB

.`A:
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB