MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d
SHA3-384 hash: 69e6a72fdc5a9c2512f815dadc583c561b0a335597dc29ed90fa76766579a2a5fe5914ffec1ea278e5a57783959b81b6
SHA1 hash: 515c36115e6eba2699afbf196ae929f56dc8fe4c
MD5 hash: 7d55ad6b428320f191ed8529701ac2fa
humanhash: beer-delaware-chicken-ceiling
File name:idmwfp64.sys
Download: download sample
File size:173'736 bytes
First seen:2025-05-17 11:49:51 UTC
Last seen:Never
File type: sys
MIME type:application/x-dosexec
imphash 1319ef79e87919dc5f3835ec43b30569
ssdeep 3072:JpWzUs0cJtazu2rEXGrl26X4L/2ZnV9GOG4rbZZXhR:JpWwW8zBr6GrFSUneOBbjXr
TLSH T1C0048DC6B3A510E5C5A7907886258642E7B2B8052B22ABCF03F1DB751F337E2BD39751
TrID 56.5% (.EXE) Win64 Executable (generic) (10522/11/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Gasr
Tags:signed sys

Code Signing Certificate

Organisation:Microsoft Windows Hardware Compatibility Publisher
Issuer:Microsoft Windows Third Party Component CA 2014
Algorithm:sha256WithRSAEncryption
Valid from:2023-04-06T19:16:28Z
Valid to:2024-04-03T19:16:28Z
Serial number: 3300000061c88b129c2a7f1d87000000000061
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 8ad650e76471ccc21eb702a6e224ff4af5401b0a9ab6ee0e4627e81e132a9342
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
RU RU
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682876fbe5aa44ec2e1a2599
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
expired-cert microsoft_visual_cc signed
Link:
https://www.filescan.io/uploads/682877fbc609634bd7c6deaf/reports/a3117907-bffa-410e-81d5-ea283f192f40/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d
Score:
1%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ou5bhbxhwn7oge63scayhl7heohrukxmlzwb4wpjyeouog3kvkgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
KERNEL_APIManipulates Windows Kernel & Driversntoskrnl.exe::IoCreateDevice
ntoskrnl.exe::IoDeleteDevice
ntoskrnl.exe::IoIsWdmVersionAvailable
ntoskrnl.exe::IoDeleteSymbolicLink
ntoskrnl.exe::KeInitializeEvent
ntoskrnl.exe::ObReferenceObjectByHandle
SECURITY_BASE_APIUses Security Base APIntoskrnl.exe::RtlAddAccessAllowedAce
WIN32_PROCESS_APICan Create Process and Threadsntoskrnl.exe::PsSetCreateProcessNotifyRoutine
WIN_BASE_IO_APICan Create Filesntoskrnl.exe::ZwCreateFile

Comments