2010a9a07d578f6f87aaa92db754cbf9f30ca26cc855c585d0bd7e6826e5e357

Sharing

Copy URL Twitter E-mail

General

Target

2010a9a07d578f6f87aaa92db754cbf9f30ca26cc855c585d0bd7e6826e5e357
Size

5.8MB
MD5

b3be4b4f2586000d91e30de32c4e64b3
SHA1

0f73b8cc3056fd7a139647a48eea70fc8e6a45ea
SHA256

2010a9a07d578f6f87aaa92db754cbf9f30ca26cc855c585d0bd7e6826e5e357
SHA512

19ddcc6b07db2d0a3fe639e74852773bab1285699884a4dcaf48d7589125f4d8db983f4941745bce85a287c107eb59a8e2e4d718826f86873d2174114ac922d0
SSDEEP

98304:i9HR87BqeF68DiOdkULXzzcR7DVE6ehOdTgpTNHP2OTUsRWSG5Oc5hMdkpvvG2h/:iGhVuU/AR7ZE6Zg3+OUsMSG5Lz55v7/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2010a9a07d578f6f87aaa92db754cbf9f30ca26cc855c585d0bd7e6826e5e357

Files

2010a9a07d578f6f87aaa92db754cbf9f30ca26cc855c585d0bd7e6826e5e357
.exe windows x64

e3f2a0938909d56ca91222aeb6379a6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

fltmgr.sys

FltUnregisterFilter

ntoskrnl.exe

ExAllocatePool
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.t',
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.*y;
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

."S%
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f2a0938909d56ca91222aeb6379a6b

Headers

DLL Characteristics

File Characteristics

Imports

fltmgr.sys

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 41KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 344B

.pdata Size: - Virtual size: 924B

PAGE Size: - Virtual size: 76B

INIT Size: - Virtual size: 1KB

.t', Size: - Virtual size: 4.4MB

.*y; Size: 1KB - Virtual size: 1KB

."S% Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 220B

.rsrc Size: 1024B - Virtual size: 584B

.text
Size: - Virtual size: 41KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 344B

.pdata
Size: - Virtual size: 924B

PAGE
Size: - Virtual size: 76B

INIT
Size: - Virtual size: 1KB

.t',
Size: - Virtual size: 4.4MB

.*y;
Size: 1KB - Virtual size: 1KB

."S%
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 220B

.rsrc
Size: 1024B - Virtual size: 584B