476de283f333d032132f661e0bf62ba1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

476de283f333d032132f661e0bf62ba1.zip
Size

71KB
MD5

d96abc12daedf9cb9d69342ffd61c71c
SHA1

e1627db488abc82372264bcb0613badea2e8d747
SHA256

08f3b08a5c713bb627e35af9abf1b3cf44951720ed1201a342158c1b1936f066
SHA512

a0813984893ee08d1494f61c2e09e648b7a9cf8089fc043e6ee9dec57f1d789ba74443765745b37fd6f72f7673aa0e844c17d8c6e0b013cb13bb5f3871a6ba7b
SSDEEP

1536:0CQgaNHjCNJOCt4M/1F4+uSwDCwe6qoyA6EGx2pMTKRyv8M2mr10Kz:0XgUWjd4M/w+iDPJyQy0MTK4UMF10k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ser2pl64.sys

Files

476de283f333d032132f661e0bf62ba1.zip
.zip
ser2pl.PNF
ser2pl.cat
ser2pl.inf
ser2pl64.sys
.exe windows x64

1c1576f9e01a1d2856c73038804c3155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IofCompleteRequest
MmQuerySystemSize
ExAllocatePoolWithTag
KeDelayExecutionThread
ExFreePoolWithTag
IoGetConfigurationInformation
RtlInitUnicodeString
RtlWriteRegistryValue
IoIsWdmVersionAvailable
ExAllocatePoolWithQuotaTag
DbgPrint
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
atoi
RtlFreeUnicodeString
RtlFreeAnsiString
atol
KeBugCheckEx
RtlCopyUnicodeString
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
KeReleaseSpinLock
RtlDeleteRegistryValue
KeAcquireSpinLockRaiseToDpc
__C_specific_handler

wdfldr.sys

WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESRP0
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c1576f9e01a1d2856c73038804c3155

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

PAGE Size: 512B - Virtual size: 369B

PAGESRP0 Size: 10KB - Virtual size: 9KB

PAGESER Size: 512B - Virtual size: 280B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 144B

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

PAGE
Size: 512B - Virtual size: 369B

PAGESRP0
Size: 10KB - Virtual size: 9KB

PAGESER
Size: 512B - Virtual size: 280B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 144B