6271b1a211b0cda0e6cb35a52e9f9f5a81059e2fc2d138052a77055909cf7b86

Sharing

Copy URL Twitter E-mail

General

Target

6271b1a211b0cda0e6cb35a52e9f9f5a81059e2fc2d138052a77055909cf7b86
Size

18KB
MD5

c45affb419d396219454581939db1167
SHA1

5d2123ed102a6d90b9c83338033e67ea48b5b0d2
SHA256

6271b1a211b0cda0e6cb35a52e9f9f5a81059e2fc2d138052a77055909cf7b86
SHA512

d3fd0cdbc31bba3a8c0210f0a2c8424e80e4943a71064493bf7267eea7e2f24b6e42ffc7a8bf8532b6cf591f65186ee70dd0197f0487ea06e44afafccf2a545b
SSDEEP

384:1jaZ4/urbxA7obKom5d0mhjHyOIx5ShzK7MH2KP1:9D/uJ8omr0mhj7+7MWk1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6271b1a211b0cda0e6cb35a52e9f9f5a81059e2fc2d138052a77055909cf7b86

Files

6271b1a211b0cda0e6cb35a52e9f9f5a81059e2fc2d138052a77055909cf7b86
.exe windows x64

10b679e8878465a73bbbefd6c5f9a15a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

_stricmp
strstr
RtlInitAnsiString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlEqualUnicodeString
DbgPrint
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmCreateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoFreeMdl
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwOpenFile
ZwClose
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlCompareString
MmIsAddressValid
PsGetProcessCreateTimeQuadPart
IoRegisterDriverReinitialization
IoCreateFileEx
ZwTerminateProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsLookupThreadByThreadId
MmFlushImageSection
ObOpenObjectByPointer
ObMakeTemporaryObject
ZwDeleteFile
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwQueryVirtualMemory
KeInitializeApc
KeInsertQueueApc
PsGetProcessPeb
PsSuspendProcess
PsResumeProcess
PsGetProcessWow64Process
RtlImageNtHeader
ObReferenceObjectByName
ZwQuerySystemInformation
IoFileObjectType
PsInitialSystemProcess
IoDriverObjectType
MmGetSystemRoutineAddress
IoAllocateMdl
RtlPcToFileHeader

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10b679e8878465a73bbbefd6c5f9a15a

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 160B

.pdata Size: 1024B - Virtual size: 516B

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 160B

.pdata
Size: 1024B - Virtual size: 516B

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B