c66ebf80b86d9128b2aab5f1339ad6c95459b3c882741711924d065b5e833c04

General

Target

c66ebf80b86d9128b2aab5f1339ad6c95459b3c882741711924d065b5e833c04
Size

34KB
MD5

e2dbde3b1bd94a1cc4e39cb5cd2069e2
SHA1

347cef40ef875cc8acd2e70757a9c5e86a99d93a
SHA256

c66ebf80b86d9128b2aab5f1339ad6c95459b3c882741711924d065b5e833c04
SHA512

cb4399401d94ca9f90fb96e2ab7f06b2cb8c267255b292355be5a12c331aee4a046fcfb6003f4ff34632bbdf2240772d84cfeef9dd372f71eb9f5c631b3d02d1
SSDEEP

768:RuOsklVWuFsDxRMyaZnbQ6B/YCz6pFKh0lON:RBVgDxRM/bnBdz6DfsN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c66ebf80b86d9128b2aab5f1339ad6c95459b3c882741711924d065b5e833c04

Files

c66ebf80b86d9128b2aab5f1339ad6c95459b3c882741711924d065b5e833c04
.sys windows:6 windows x64

b2f7fb928da3fbc2c7de19f779d3af4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
ObfDereferenceObject
MmUnmapIoSpace
MmMapIoSpace
IoGetDeviceProperty
IoGetDmaAdapter
MmGetSystemRoutineAddress
KeReleaseSpinLock
KeSetEvent
DbgPrint
ObReferenceObjectByHandle
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
KeAcquireSpinLockRaiseToDpc
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2f7fb928da3fbc2c7de19f779d3af4e

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 1024B - Virtual size: 988B

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 588B

PAGE Size: 7KB - Virtual size: 6KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 1024B - Virtual size: 988B

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 588B

PAGE
Size: 7KB - Virtual size: 6KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 512B - Virtual size: 96B