06e4288b59e36072925a7dab478a4b56cd7c74b2ffb7b1a991f91737fba597e4

Sharing

Copy URL Twitter E-mail

General

Target

06e4288b59e36072925a7dab478a4b56cd7c74b2ffb7b1a991f91737fba597e4
Size

171KB
MD5

2bd44031fae6f44d28785753d66a8085
SHA1

4d80010a4ad4d2a8f1b9ba3e09700abbdd930a3d
SHA256

06e4288b59e36072925a7dab478a4b56cd7c74b2ffb7b1a991f91737fba597e4
SHA512

133ddae796df0a528398bbbb98f4ab0b1093ca7b43957f148ca1d032e9b8cad63092fc0273fcc9df2db6a9ddd531f2099d5edfea3d46bc5b1d32d2f7f3a1a4ef
SSDEEP

3072:1m027Jnbyichr1rwDfYuijTrO2OPB1BlxDGLqy7+VsXzXqSSFEPt8:1+4dxKAuijT6LxDrSWmm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06e4288b59e36072925a7dab478a4b56cd7c74b2ffb7b1a991f91737fba597e4

Files

06e4288b59e36072925a7dab478a4b56cd7c74b2ffb7b1a991f91737fba597e4
.sys windows:6 windows x86

f5d38b2beba999065265d5e7ae6a98e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeEnterCriticalRegion
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
PsLookupProcessByProcessId
memset
PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
_vsnwprintf
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlMultiByteToUnicodeN
RtlCopyUnicodeString
MmIsAddressValid
ZwClose
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
_wcsnicmp
PsTerminateSystemThread
ZwTerminateProcess
ZwOpenProcess
PsCreateSystemThread
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
IoCreateDevice
MmHighestUserAddress
RtlCaptureStackBackTrace
KeLeaveCriticalRegion
KeBugCheckEx
RtlUnwind
ExAcquireRundownProtection
ExAcquireRundownProtectionEx
ExReleaseRundownProtectionEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitSafeBootMode
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
FsRtlIsNameInExpression
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
KeUnstackDetachProcess
KeStackAttachProcess
PsThreadType
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
RtlCompareMemory
ZwCreateKey
ZwSetInformationObject
ZwQueryObject
KeWaitForSingleObject
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwDuplicateObject
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
KeTickCount
RtlInitUnicodeString
MmUserProbeAddress
IoRegisterBootDriverReinitialization

hal

KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

fltmgr.sys

FltAcquirePushLockShared
FltInitializePushLock
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5d38b2beba999065265d5e7ae6a98e0

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 33KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 33KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 7KB - Virtual size: 7KB