bbe80e6f8bb8ca4a566c39e5f19fe3887d6a6036f43d92f393ec495c31ee5e68

General

Target

bbe80e6f8bb8ca4a566c39e5f19fe3887d6a6036f43d92f393ec495c31ee5e68
Size

27KB
MD5

ff4aee5ecf21826af8acb96ada6edab3
SHA1

b5102b7371a8c345adc47ca8a21fdcaceb995cbc
SHA256

bbe80e6f8bb8ca4a566c39e5f19fe3887d6a6036f43d92f393ec495c31ee5e68
SHA512

c0b58939d03a5104596e45fe75bfc422f47313213fff851cd6e5ebd84d3e8c54517975f81f87f754aa7a2c4ef18ee4ce008be6d4eb7480e681507548f0d33373
SSDEEP

384:HlWsxVEt8arJspE6F3c2D8w8CpmlOovGM0Y0HVPqsYLqPd1juCm58eM6xaNX:HIsEriP3Row8Cp0OTYCx4qPeCVw+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbe80e6f8bb8ca4a566c39e5f19fe3887d6a6036f43d92f393ec495c31ee5e68

Files

bbe80e6f8bb8ca4a566c39e5f19fe3887d6a6036f43d92f393ec495c31ee5e68
.exe windows x64

56c7c3b10b76304095eee730fce74203

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmUnmapIoSpace
MmMapIoSpace
MmGetSystemRoutineAddress
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ObReferenceObjectByHandle
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
IoGetDmaAdapter
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56c7c3b10b76304095eee730fce74203

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 636B

PAGE Size: 6KB - Virtual size: 6KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 636B

PAGE
Size: 6KB - Virtual size: 6KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 96B