ab04a16440ff541e6328d46dae77055f1b78129a140d12c400ee1d656165df57

Sharing

Copy URL Twitter E-mail

General

Target

ab04a16440ff541e6328d46dae77055f1b78129a140d12c400ee1d656165df57
Size

579KB
MD5

dfb803bfd278b4628b94ae6312ae23c8
SHA1

1348a4c385c3b086f5dd7435075e703c5da67327
SHA256

ab04a16440ff541e6328d46dae77055f1b78129a140d12c400ee1d656165df57
SHA512

59f54993b5a4dfd496f9c0676c5390d07810c68d0e9cc18513b342c4a84a4974e25c027100df9b10df91eace871ba3cf4a4fd73b1875a0050bae1897f98666d4
SSDEEP

12288:gsrBqWnMGQI+4zKz1uqp1KcKF5hKOZAZrpWm6mtw:giBJMe+4zdqp1K/F5h52pl6m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab04a16440ff541e6328d46dae77055f1b78129a140d12c400ee1d656165df57

Files

ab04a16440ff541e6328d46dae77055f1b78129a140d12c400ee1d656165df57
.exe windows x64

afbd5928df524187f46f0fc2ca5bdad0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ObOpenObjectByPointer
PsProcessType
PsThreadType
_strlwr
strstr
RtlInitUnicodeString
RtlGetVersion
KeQueryTimeIncrement
ExAllocatePool
MmGetSystemRoutineAddress
MmMapIoSpace
MmUnmapIoSpace
ObfDereferenceObject
MmGetPhysicalAddress
RtlImageDirectoryEntryToData
ObReferenceObjectByName
_vsnwprintf
srand
rand
ZwQuerySystemInformation
IoDriverObjectType
ObReferenceObjectByHandle
ZwWaitForSingleObject
ZwQueryInformationThread
ZwQueryVirtualMemory
ObSetHandleAttributes
IoFileObjectType
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
IoAllocateIrp
IofCallDriver
IoCreateFile
IoFreeIrp
IoGetRelatedDeviceObject
ZwOpenFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoVolumeDeviceToDosName
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlCompareMemory
KeDelayExecutionThread
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoDeleteDevice
IoGetCurrentProcess
ZwOpenKey
ZwFlushKey
ZwSetValueKey
KeBugCheck
MmSecureVirtualMemory
PsSetLoadImageNotifyRoutine
PsGetCurrentProcessId
PsGetCurrentThreadId
PsGetProcessExitStatus
PsGetProcessId
PsGetThreadId
ZwSetInformationThread
KeAttachProcess
KeDetachProcess
IoThreadToProcess
RtlImageNtHeader
RtlPcToFileHeader
PsGetProcessDebugPort
RtlComputeCrc32
PsGetProcessImageFileName
PsReferenceProcessFilePointer
IoDeviceObjectType
MmProtectMdlSystemAddress
MmAllocateMappingAddress
MmFreeMappingAddress
MmMapLockedPagesWithReservedMapping
MmUnmapReservedMapping
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
ZwCreateSection
KeStackAttachProcess
ObReferenceObjectByHandleWithTag
ObfDereferenceObjectWithTag
PsGetThreadProcessId
PsGetThreadProcess
PsLookupThreadByThreadId
ZwQueryObject
ZwQueryInformationProcess
NtQueryInformationThread
RtlCompareUnicodeString
IoAllocateMdl
ZwOpenProcess
MmCopyVirtualMemory
KeInsertQueueApc
KeInitializeApc
ZwOpenThread
ObOpenObjectByPointerWithTag
ObGetObjectType
KeResetEvent
IoAllocateWorkItem
IoQueueWorkItem
SeLocateProcessImageName
PsGetProcessPeb
ObReferenceObjectByPointerWithTag
ObCreateObjectType
strncmp
RtlEqualUnicodeString
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
PsGetProcessWow64Process
ZwOpenSection
MmMapViewOfSection
PsGetProcessSectionBaseAddress
IoBuildDeviceIoControlRequest
MmProbeAndLockPages
MmUnlockPages
IoFreeMdl
__C_specific_handler
MmIsAddressValid
ZwClose
ExFreePoolWithTag
ExAllocatePoolWithTag
PsLookupProcessByProcessId
KeSetKernelStackSwapEnable
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
PsCreateSystemThread
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalTranslateBusAddress
HalMakeBeep

Sections

.text
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INITKDBG
Size: - Virtual size: 469B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vc0
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vc1
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afbd5928df524187f46f0fc2ca5bdad0

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 61KB

INITKDBG Size: - Virtual size: 469B

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 2KB

INIT Size: - Virtual size: 4KB

.vc0 Size: - Virtual size: 640KB

.vc1 Size: 576KB - Virtual size: 575KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 61KB

INITKDBG
Size: - Virtual size: 469B

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 2KB

INIT
Size: - Virtual size: 4KB

.vc0
Size: - Virtual size: 640KB

.vc1
Size: 576KB - Virtual size: 575KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB