e34899b06add7884acfee9527779effbe92f139c3a7b33dfd0bbbddba9ef34bd

Sharing

Copy URL

Twitter E-mail

General

Target

e34899b06add7884acfee9527779effbe92f139c3a7b33dfd0bbbddba9ef34bd
Size

88KB
MD5

46ef89756845b1c1caf2ced480986cbe
SHA1

17a1d403b4b6a2031fe57edef26f6d2da6c8e9aa
SHA256

e34899b06add7884acfee9527779effbe92f139c3a7b33dfd0bbbddba9ef34bd
SHA512

873f76cc44f985b4ebb1ba4f3a6d56cd1ed61c444d05356fe80f66ce593579e74f1746c35456ef5a8ce83e782ec83450eecd0fe27ba9d4b1207237ad86e6631b
SSDEEP

1536:I9ivxWMR7Te7AGjJrEjktW12vQOUUrSabqK4zxCaoQloe5U5u+szEwiC3A/wPEXW:lxWMR7TNG9rqknmyR9eMU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e34899b06add7884acfee9527779effbe92f139c3a7b33dfd0bbbddba9ef34bd

Files

e34899b06add7884acfee9527779effbe92f139c3a7b33dfd0bbbddba9ef34bd
.exe windows x64

eccbf9b99ed4440cd8e36ea958bbf01e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

wcsstr
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExAllocatePool
ExFreePoolWithTag
IoAllocateIrp
IofCallDriver
IoFreeIrp
IoFreeMdl
IoGetCurrentProcess
IoGetRelatedDeviceObject
IoSetCompletionRoutineEx
ObReferenceObjectByHandle
ObfDereferenceObject
ZwOpenFile
ZwClose
ZwOpenKey
ZwQueryValueKey
MmIsAddressValid
KeStackAttachProcess
KeUnstackDetachProcess
__C_specific_handler
IoFileObjectType
RtlEqualUnicodeString
PsLookupProcessByProcessId
PsGetProcessPeb
PsGetProcessWow64Process
ZwAllocateVirtualMemory
RtlInitString
DbgPrintEx
ExAllocatePoolWithTag
ProbeForRead
ProbeForWrite
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
ZwFreeVirtualMemory
RtlCompareUnicodeString
ObReferenceObjectByName
IoDriverObjectType
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
_stricmp
strstr
ExGetPreviousMode
ObRegisterCallbacks
ObUnRegisterCallbacks
ObGetFilterVersion
PsSetCreateProcessNotifyRoutine
PsGetCurrentProcessId
PsGetProcessId
PsGetThreadProcess
IoThreadToProcess
ObOpenObjectByPointer
PsGetProcessDebugPort
PsIsSystemProcess
PsAcquireProcessExitSynchronization
PsReleaseProcessExitSynchronization
ObFindHandleForObject
PsProcessType
PsThreadType
MmUserProbeAddress
PsInitialSystemProcess
IoCreateFile
ZwQueryInformationFile
ZwReadFile
sprintf
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
_strlwr
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlTimeToTimeFields
RtlGetVersion
KeDelayExecutionThread
ExSystemTimeToLocalTime
MmGetSystemRoutineAddress
MmAllocateContiguousMemory
MmFreeContiguousMemory
ObCloseHandle
ZwCreateFile
ZwWriteFile
PsGetProcessExitStatus
NtQuerySystemInformation
ZwQuerySystemInformation
PsGetProcessImageFileName
PsReferenceProcessFilePointer
ExEnumHandleTable
ExfUnblockPushLock
KeBugCheckEx

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eccbf9b99ed4440cd8e36ea958bbf01e

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 13KB - Virtual size: 13KB

.pdata Size: 2KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 13KB - Virtual size: 13KB

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB