cf16183b65d4dc17a6a0df4048958c993f734ce8eb56df134af334474b7efa56

General

Target

cf16183b65d4dc17a6a0df4048958c993f734ce8eb56df134af334474b7efa56
Size

14KB
MD5

05f599ebab1eb056553e2eb71a56ce90
SHA1

4674d8e7b77cc9f217466060996ee0995ed5eb17
SHA256

cf16183b65d4dc17a6a0df4048958c993f734ce8eb56df134af334474b7efa56
SHA512

9e319bb8add3d3574c0560e0bd0746d2e43b8190e4a9937254289df1b371895f18a8f931b1053073d9110d19a4568b1b58c1b6699ab5f6d0cdd2bcc65f89b263
SSDEEP

384:4aHjJJkh8+0ZEe1I7KX5gUcJiEEgHvhpbzUdE:BjJJkiJlgUMiqUq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf16183b65d4dc17a6a0df4048958c993f734ce8eb56df134af334474b7efa56

Files

cf16183b65d4dc17a6a0df4048958c993f734ce8eb56df134af334474b7efa56
.exe windows x64

ad84dacb4e137496952f2eb062203031

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_wcsicmp
_strnicmp
ExAllocatePoolWithTag
IoDeleteSymbolicLink
ExFreePoolWithTag
KdDebuggerNotPresent
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ExGetPreviousMode
ObCreateObject
MmGetSystemRoutineAddress
KeInitializeEvent
KeUnstackDetachProcess
_wcslwr
wcsrchr
wcsstr
PsCreateSystemThread
ExAllocatePool
PsTerminateSystemThread
ZwClose
IofCompleteRequest
KeWaitForSingleObject
PsRemoveLoadImageNotifyRoutine
IoIsWdmVersionAvailable
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
RtlAssert
ObOpenObjectByPointer
DbgPrint
KeStackAttachProcess
ZwAllocateVirtualMemory
KeBugCheckEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad84dacb4e137496952f2eb062203031

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 780B

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 228B

PAGE Size: 1024B - Virtual size: 898B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 780B

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 228B

PAGE
Size: 1024B - Virtual size: 898B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B