0f1121ad37a7a81328af85e73ef57d65bd48a7159b4078f7a7a15893c1cc5fdb

Sharing

Copy URL

Twitter E-mail

General

Target

0f1121ad37a7a81328af85e73ef57d65bd48a7159b4078f7a7a15893c1cc5fdb
Size

3.5MB
MD5

78454945b09a5c9bd6729010859d5f0d
SHA1

6eda720c2fc131722b6c5a213936d63f6c88551e
SHA256

0f1121ad37a7a81328af85e73ef57d65bd48a7159b4078f7a7a15893c1cc5fdb
SHA512

7774d2a6f3290371718709d0ef4795107f4d233e39c4d57e2dc343daaab5dbf178ed22f48ee844f6382c3b87e2484492bfa7880ee7edfd78a044eee6944a6996
SSDEEP

98304:DZjREIse0Pezc9RRqe2jg0+/nsSjOWa4XKvyfQocp:1pDoezYSehP1C5jKfQ1

Score

1^/10

Malware Config

Signatures

Files

0f1121ad37a7a81328af85e73ef57d65bd48a7159b4078f7a7a15893c1cc5fdb
.dll windows:6 windows x64 arch:x64

98377b3a11e85c9f5df631cbe3f35489

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:15:40:2b:f4:3d:74:ca:a4:15:05:d5:f6:07:f4:29:4e:4d:da:7a:22:78:43:ac:fc:ad:db:1c:7b:20:47:00
Signer

Actual PE Digest

47:15:40:2b:f4:3d:74:ca:a4:15:05:d5:f6:07:f4:29:4e:4d:da:7a:22:78:43:ac:fc:ad:db:1c:7b:20:47:00

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Exports

Exports

SynCreateAPI
war_registerDriver
war_unRegisterDriver

Sections

.text
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.m7L
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

._}'
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.]fR
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98377b3a11e85c9f5df631cbe3f35489

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

47:15:40:2b:f4:3d:74:ca:a4:15:05:d5:f6:07:f4:29:4e:4d:da:7a:22:78:43:ac:fc:ad:db:1c:7b:20:47:00Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 70KB

.rdata Size: - Virtual size: 40KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 4KB

_RDATA Size: - Virtual size: 500B

.m7L Size: - Virtual size: 2.0MB

._}' Size: 2KB - Virtual size: 2KB

.]fR Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

47:15:40:2b:f4:3d:74:ca:a4:15:05:d5:f6:07:f4:29:4e:4d:da:7a:22:78:43:ac:fc:ad:db:1c:7b:20:47:00
Signer

.text
Size: - Virtual size: 70KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 4KB

_RDATA
Size: - Virtual size: 500B

.m7L
Size: - Virtual size: 2.0MB

._}'
Size: 2KB - Virtual size: 2KB

.]fR
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB