379594b8a8680c21569ac4ff9af9f996cf8049d67e3603187c5b6965ffcc0a5f

Sharing

Copy URL Twitter E-mail

General

Target

379594b8a8680c21569ac4ff9af9f996cf8049d67e3603187c5b6965ffcc0a5f
Size

184KB
MD5

a769abc63d078d2f12e662b71cc6e4b9
SHA1

3994caf7559261f6087ed1201e79c3f24f7d2a03
SHA256

379594b8a8680c21569ac4ff9af9f996cf8049d67e3603187c5b6965ffcc0a5f
SHA512

e6bed97f343db29751f5a301ce21bf887f3105c8db7c4316c1436526ce1fc21c32278c779be75015486748b6da52318d9ed27a3eab534aa66a00434e0386538c
SSDEEP

3072:ybUZloV42mNFnorQyJWiTY2Pqx+dwkZhLC717t0k+AmL/3g09iPsfxyVKBMUB2XM:BZloV42vQyJWmUxrsCDfPUxyVEME2X5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
379594b8a8680c21569ac4ff9af9f996cf8049d67e3603187c5b6965ffcc0a5f

Files

379594b8a8680c21569ac4ff9af9f996cf8049d67e3603187c5b6965ffcc0a5f
.exe windows x86

6ed2dc6f7d46fea68f4043698952872f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

NtBuildNumber
ExAllocatePoolWithTag
ExFreePoolWithTag
strcmp
KeInitializeEvent
KeResetEvent
KeSetEvent
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
ObReferenceObjectByHandle
ObfDereferenceObject
_except_handler3
ExEventObjectType
memmove
wcschr
wcscpy
wcslen
wcsncmp
RtlInitUnicodeString
KeQueryTimeIncrement
ProbeForWrite
ExGetPreviousMode
MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetCurrentProcess
ZwClose
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ExRaiseDatatypeMisalignment
ExRaiseAccessViolation
MmIsAddressValid
PsGetProcessId
PsGetThreadId
PsGetThreadProcessId
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryInformationProcess
_alldiv
_allmul
KeTickCount
IoFileObjectType
PsProcessType
PsThreadType
MmUserProbeAddress
ExAllocatePool
PsSetCreateProcessNotifyRoutine
PsSetCreateThreadNotifyRoutine
PsSetLoadImageNotifyRoutine
KeDelayExecutionThread
ObReferenceObjectByName
IoDriverObjectType
CmRegisterCallback
CmUnRegisterCallback
FsRtlIsNameInExpression
KeGetCurrentThread
KeClearEvent
IoAllocateIrp
ObfReferenceObject
IoQueueThreadIrp
IoRegisterDriverReinitialization
KeLeaveCriticalRegion
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
IoFreeIrp
IoFreeMdl
wcscat
PsGetCurrentProcessId
MmUnlockPages
MmProtectMdlSystemAddress
MmAllocatePagesForMdl
MmFreePagesFromMdl
MmSystemRangeStart
IoCreateFile
RtlPrefixUnicodeString
IoGetFileObjectGenericMapping
SeCreateAccessState
ObCreateObject
strcpy
strcat
_stricmp
strrchr
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
DbgPrint
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwCreateKey
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryValueKey
ZwSetValueKey
ZwDuplicateObject
PsGetVersion
ZwQuerySystemInformation
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ZwOpenFile
PsLookupThreadByThreadId
ZwQueryInformationThread
IoDeviceObjectType
strncpy
RtlCompareMemory
KeServiceDescriptorTable
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwWaitForSingleObject
IoRegisterBootDriverReinitialization
RtlGetVersion
ExDeleteResourceLite
ExInitializeResourceLite
RtlAssert
_aullshr
_allshl
strlen
memcpy
ZwSetSecurityObject
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
memset
towlower
KeEnterCriticalRegion
tolower
KeBugCheckEx

hal

KfLowerIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel
KfRaiseIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisAcquireReadWriteLock
NdisInitializeReadWriteLock
NdisReleaseReadWriteLock

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ed2dc6f7d46fea68f4043698952872f

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 9KB - Virtual size: 15KB

PAGE Size: 5KB - Virtual size: 4KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 9KB - Virtual size: 15KB

PAGE
Size: 5KB - Virtual size: 4KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 4KB