f12c70fd814cf9f1b5b205a293b3dff1102a20c769ac3d8bc231b9fbafa5c418

Sharing

Copy URL Twitter E-mail

General

Target

f12c70fd814cf9f1b5b205a293b3dff1102a20c769ac3d8bc231b9fbafa5c418
Size

5.2MB
MD5

e67f715c7ccdfe41a59489111acd30ed
SHA1

e2783033fabe39df9e2788e6ebda73b0bf26ed51
SHA256

f12c70fd814cf9f1b5b205a293b3dff1102a20c769ac3d8bc231b9fbafa5c418
SHA512

384369aad047e1a36265153391ef2ac704c2518710dc8a84e76fc74903a472bad05f77ec001df218ddca315009f439811cb937a0a1b8111712d88b2b7d213937
SSDEEP

49152:Oi0lR972ujBqZGHjZzSSE26kXxqbeHEWL9YlDLcH+H/zU1rJ92hCPR+s0dpkGLX0:OB5Pj6kNGSOk0EUcHZDHF43Gr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f12c70fd814cf9f1b5b205a293b3dff1102a20c769ac3d8bc231b9fbafa5c418

Files

f12c70fd814cf9f1b5b205a293b3dff1102a20c769ac3d8bc231b9fbafa5c418
.exe windows x64

44e6eaaa7849c253502db2659e758756

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI

cng.sys

BCryptGenRandom

ntoskrnl.exe

RtlInitUnicodeString
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Cc0
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Cc1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44e6eaaa7849c253502db2659e758756

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

cng.sys

ntoskrnl.exe

hal

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 1KB - Virtual size: 15KB

.pdata Size: 13KB - Virtual size: 12KB

INIT Size: 2KB - Virtual size: 1KB

.Cc0 Size: 3.0MB - Virtual size: 3.0MB

.Cc1 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 1KB - Virtual size: 15KB

.pdata
Size: 13KB - Virtual size: 12KB

INIT
Size: 2KB - Virtual size: 1KB

.Cc0
Size: 3.0MB - Virtual size: 3.0MB

.Cc1
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 3KB - Virtual size: 2KB