7bbf05f5781a00bada1f5f8dc234cf98a17606cd2ee082c321139b15ce136b8c

Sharing

Copy URL Twitter E-mail

General

Target

7bbf05f5781a00bada1f5f8dc234cf98a17606cd2ee082c321139b15ce136b8c
Size

47KB
MD5

55c1b6bacd3a3996747a6b0f4be1ddbe
SHA1

9e36ae25e70110a77a64e3ae600aac1528d22821
SHA256

7bbf05f5781a00bada1f5f8dc234cf98a17606cd2ee082c321139b15ce136b8c
SHA512

2f7b76a3a6dfda793529c82ceeaa2e8a37b15c7d7ffd91a69f1109c9d485a7521c5a8edcfe7b989058acd06567035f38ce86ccaf8e7ab767d06eca115aa2fc3f
SSDEEP

768:oCEU40dioWLMAYAyFpNZfJlXgHkm2M3o9UVPSFm5Ar9GaO2HCwOmQ6TOP2OaY9mJ:lUgT/7hl2nsCoqEAL6O/DmIE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bbf05f5781a00bada1f5f8dc234cf98a17606cd2ee082c321139b15ce136b8c

Files

7bbf05f5781a00bada1f5f8dc234cf98a17606cd2ee082c321139b15ce136b8c
.exe windows x64

c08fafe3f0a9c883a3ea00ba622e3e68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
KeInitializeEvent
RtlGetVersion
KeDelayExecutionThread
IoGetDeviceObjectPointer
IofCompleteRequest
IoCreateSymbolicLink
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDevice
IofCallDriver
MmGetSystemRoutineAddress
PsGetVersion
ProbeForRead
ExRaiseStatus
ExReleaseFastMutex
ExAcquireFastMutex
LpcPortObjectType
ObReferenceObjectByHandle
KeReleaseInStackQueuedSpinLock
KeSetEvent
IoIs32bitProcess
KeAcquireInStackQueuedSpinLock
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
KeWaitForSingleObject
PsGetCurrentProcessId
IoReleaseCancelSpinLock
RtlInsertElementGenericTable
MmIsAddressValid
_stricmp
ZwQueryValueKey
ZwClose
RtlCompareMemory
ZwOpenKey
ExSystemTimeToLocalTime
RtlTimeToTimeFields
PsProcessType
ZwReadFile
IoCreateFile
IoGetCurrentProcess
ZwQueryInformationProcess
ZwQueryInformationFile
ObOpenObjectByPointer
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlGetElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlIsGenericTableEmptyAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
ExAllocatePoolWithTag
ExFreePoolWithTag
KeBugCheckEx
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
__C_specific_handler

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 653B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c08fafe3f0a9c883a3ea00ba622e3e68

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

PAGE Size: 1024B - Virtual size: 653B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 250B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

PAGE
Size: 1024B - Virtual size: 653B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 250B