General

  • Target

    WinS.zip

  • Size

    4.2MB

  • MD5

    07cf4aa9a4301aa1d5239a5a71b9e748

  • SHA1

    ac5c1e8d35d39916df486f9b360c642f9c925b7f

  • SHA256

    795d0a91a62da5707248580ac1dad46701a693925572f091107227272d354ee5

  • SHA512

    3b5f64f77107a6ffa3f65785974435d91cc38f2651a463c31492ec265c4dbd6a6eb89a964cd3127bf2ae915dda6ee717c559577460a3983871f62673f46f4658

  • SSDEEP

    98304:DFe7NaiwolmCpJ2O39a254dL0vjX5MkbIIfKPq7kk/E98:A74oEi2O3M86L0b5FvfKPGLG8

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • WinS.zip
    .zip

    Password: ather

  • WinS/WinRing0x64.sys
    .sys windows:6 windows x64 arch:x64

    d41fa95d4642dc981f10de36f4dc8cd7


    Code Sign

    Headers

    Imports

    Sections

  • WinS/wd.bat
  • WinS/wmpnetwk.exe
    .exe windows:5 windows x64 arch:x64

    Password: ather

    e14388498639688dc750895bc5ef963a


    Headers

    Imports

    Sections

  • WinS/xcopy.exe
    .exe windows:4 windows x64 arch:x64

    Password: ather

    2eabe9054cad5152567f0699947a2c5b


    Headers

    Imports

    Sections