fa881a60a0d65b13afc24cb89a4d9c991a255fb1d28e56473b8097f6e07bfce6

Sharing

Copy URL Twitter E-mail

General

Target

fa881a60a0d65b13afc24cb89a4d9c991a255fb1d28e56473b8097f6e07bfce6
Size

3.5MB
MD5

caaafa29536f3177f2fa298c912309f3
SHA1

5e3dabcc12a1a937339f7c66d02169bb45047185
SHA256

fa881a60a0d65b13afc24cb89a4d9c991a255fb1d28e56473b8097f6e07bfce6
SHA512

e2059a7ae971b82c26b66bcece46aaaf9da0545dcea46bf70aaf3662f37178e797119e768f00b12756002333f1fa9b6306550cdc51934f5f24fdbda67899118c
SSDEEP

98304:DZjREIse0Pezc9RRqe2jg0+/nsSjOWa4XKvyfQocj:1pDoezYSehP1C5jKfQH

Score

1^/10

Malware Config

Signatures

Files

fa881a60a0d65b13afc24cb89a4d9c991a255fb1d28e56473b8097f6e07bfce6
.dll windows:6 windows x64 arch:x64

98377b3a11e85c9f5df631cbe3f35489

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:0d:bc:0e:a4:ea:f9:a9:2a:ac:25:05:f8:f1:53:ed:29:fb:61:3a:1f:79:9b:ab:9c:1e:df:d7:0f:01:87:bd
Signer

Actual PE Digest

52:0d:bc:0e:a4:ea:f9:a9:2a:ac:25:05:f8:f1:53:ed:29:fb:61:3a:1f:79:9b:ab:9c:1e:df:d7:0f:01:87:bd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Exports

Exports

SynCreateAPI
war_registerDriver
war_unRegisterDriver

Sections

.text
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.m7L
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

._}'
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.]fR
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98377b3a11e85c9f5df631cbe3f35489

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

52:0d:bc:0e:a4:ea:f9:a9:2a:ac:25:05:f8:f1:53:ed:29:fb:61:3a:1f:79:9b:ab:9c:1e:df:d7:0f:01:87:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 70KB

.rdata Size: - Virtual size: 40KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 4KB

_RDATA Size: - Virtual size: 500B

.m7L Size: - Virtual size: 2.0MB

._}' Size: 2KB - Virtual size: 2KB

.]fR Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

52:0d:bc:0e:a4:ea:f9:a9:2a:ac:25:05:f8:f1:53:ed:29:fb:61:3a:1f:79:9b:ab:9c:1e:df:d7:0f:01:87:bd
Signer

.text
Size: - Virtual size: 70KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 4KB

_RDATA
Size: - Virtual size: 500B

.m7L
Size: - Virtual size: 2.0MB

._}'
Size: 2KB - Virtual size: 2KB

.]fR
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB