9b4af02635b8034addc9ac5aa18d5a05c76b109baa889e7a795cc8e84957542c

Sharing

Copy URL Twitter E-mail

General

Target

9b4af02635b8034addc9ac5aa18d5a05c76b109baa889e7a795cc8e84957542c
Size

7.4MB
MD5

17eafa8adc474e8fe390500621d4cabe
SHA1

cd95b173ac0f39ff9b525919eb4a2a7f7d28bb49
SHA256

9b4af02635b8034addc9ac5aa18d5a05c76b109baa889e7a795cc8e84957542c
SHA512

6a629666b1365d51059aa66f97f7788da0c688936709f44fc1711d9c67c6f5db237cb139b82ceef8e45dfee9a5858081a74e863e1742fc3e0659ce9d54e3e8d1
SSDEEP

196608:ZsKD3DaH1q+z9wH9Qpc409NdRj5t90F4vvN:ZsvVrGHOw3jP90F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b4af02635b8034addc9ac5aa18d5a05c76b109baa889e7a795cc8e84957542c

Files

9b4af02635b8034addc9ac5aa18d5a05c76b109baa889e7a795cc8e84957542c
.exe windows x64

85bece44f13b6247dafb1f7e55440485

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Drv0
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Drv1
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Drv2
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85bece44f13b6247dafb1f7e55440485

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 512B - Virtual size: 85B

.rdata Size: 1024B - Virtual size: 772B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 36B

INIT Size: 512B - Virtual size: 184B

.Drv0 Size: 3.5MB - Virtual size: 3.5MB

.Drv1 Size: 512B - Virtual size: 304B

.Drv2 Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 512B - Virtual size: 492B

.text
Size: 512B - Virtual size: 85B

.rdata
Size: 1024B - Virtual size: 772B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 36B

INIT
Size: 512B - Virtual size: 184B

.Drv0
Size: 3.5MB - Virtual size: 3.5MB

.Drv1
Size: 512B - Virtual size: 304B

.Drv2
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 512B - Virtual size: 492B