1094465a49c9006f8a9dbb645f47fdc2ee1526acffdac7e16c0b5c6030a316c4

Sharing

Copy URL Twitter E-mail

General

Target

1094465a49c9006f8a9dbb645f47fdc2ee1526acffdac7e16c0b5c6030a316c4
Size

102KB
MD5

26f2333b5ea2c2f8d8f43e1b1ef634f3
SHA1

50e4e818a07453e41d4d0d74ab4abfe2a15dfb78
SHA256

1094465a49c9006f8a9dbb645f47fdc2ee1526acffdac7e16c0b5c6030a316c4
SHA512

2e07855fb987ffdc0b95e2c4270c44581db7167c5af6725abb2fed5f4dee03b611f5d1940fbaf487cfafd5f9cd3b97212ce855b66b64c107e6ce64ca74c2f3c0
SSDEEP

1536:oyPxygSJRNdzmGsSDhnQcM5AY/kW8nwZ9/SX67+R443ETXQs:oyPYgS5dzXsghhQAYPZ9/SX67+ReMs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1094465a49c9006f8a9dbb645f47fdc2ee1526acffdac7e16c0b5c6030a316c4

Files

1094465a49c9006f8a9dbb645f47fdc2ee1526acffdac7e16c0b5c6030a316c4
.sys windows x86

660cfeb669036aafb9a3dde5c9c42094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
memset
ZwWriteFile
_strnicmp
PsGetProcessImageFileName
IoCreateFile
ZwClose
ExFreePoolWithTag
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
ZwDeleteFile
MmIsAddressValid
RtlInitUnicodeString
DbgPrint
KeUnstackDetachProcess
KeStackAttachProcess
_wcsicmp
KeGetCurrentThread
IoFreeIrp
IoFreeMdl
KeSetEvent
ExAllocatePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoGetDeviceAttachmentBaseRef
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
_wcsnicmp
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
PsGetProcessId
PsInitialSystemProcess
IofCompleteRequest
PsCreateSystemThread
IoRegisterBootDriverReinitialization
PsSetCreateProcessNotifyRoutine
IoRegisterShutdownNotification
IoCreateDevice
RtlGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
_vsnwprintf
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
PsLookupThreadByThreadId
_stricmp
_allmul
RtlEqualUnicodeString
PsGetProcessPeb
ZwAllocateVirtualMemory

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

660cfeb669036aafb9a3dde5c9c42094

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 588B

.data Size: 87KB - Virtual size: 87KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 588B

.data
Size: 87KB - Virtual size: 87KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1KB - Virtual size: 1KB