b3a08f57f2a2763f543f78f44c3d8492e3bce0daa8ee1c97cbc957298d3c788f

Sharing

Copy URL Twitter E-mail

General

Target

b3a08f57f2a2763f543f78f44c3d8492e3bce0daa8ee1c97cbc957298d3c788f
Size

170KB
MD5

53547c8acb89a3e047afee4bbd266ed3
SHA1

eae8e321771676a987a64b529bc975e765825360
SHA256

b3a08f57f2a2763f543f78f44c3d8492e3bce0daa8ee1c97cbc957298d3c788f
SHA512

44ea79d5f4fea0baefb416d45f421e073b96987467650a35b4bd1fecb844dc153d7a3ec58ee30ce7f851328d0e80fa8ccab0c40142f0c4a6c43e45f3705ff9e1
SSDEEP

3072:RvB/CBgjcWrpr5uvqHLLs98B2rO091BlxDGLqy7+VsXzXqSp8ht:qMV50aLA98A5xDrSu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3a08f57f2a2763f543f78f44c3d8492e3bce0daa8ee1c97cbc957298d3c788f

Files

b3a08f57f2a2763f543f78f44c3d8492e3bce0daa8ee1c97cbc957298d3c788f
.sys windows:6 windows x86

0b22f99d1e90170f9e05a58208fbf3c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeEnterCriticalRegion
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
PsLookupProcessByProcessId
memset
MmGetSystemRoutineAddress
KeInitializeEvent
ExInitializeNPagedLookasideList
KeDelayExecutionThread
KeSetEvent
_vsnwprintf
ExAllocatePoolWithTag
RtlEqualUnicodeString
RtlMultiByteToUnicodeN
PsTerminateSystemThread
KeWaitForSingleObject
RtlCopyUnicodeString
MmIsAddressValid
ZwClose
PsGetCurrentProcessId
ObQueryNameString
ExInitializeRundownProtection
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
_wcsnicmp
ZwTerminateProcess
ZwOpenProcess
PsCreateSystemThread
ExReleaseResourceLite
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
ExAcquireResourceSharedLite
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
ExInitializeResourceLite
memcpy
KeRegisterBugCheckReasonCallback
ExUuidCreate
ExGetPreviousMode
RtlImageNtHeader
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryInformationFile
ZwOpenFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
ZwCreateFile
ObReferenceObjectByHandle
IoFileObjectType
KeGetCurrentThread
ZwWriteFile
ZwDeleteFile
RtlAppendUnicodeStringToString
IoCreateDevice
MmUserProbeAddress
MmHighestUserAddress
KeLeaveCriticalRegion
KeTickCount
KeBugCheckEx
RtlUnwind
ExAcquireRundownProtection
ExAcquireRundownProtectionEx
ExReleaseRundownProtectionEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitSafeBootMode
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateSymbolicLink
RtlAppendUnicodeToString
ExFreePoolWithTag
IoRegisterDriverReinitialization
FsRtlIsNameInExpression
IoGetDeviceObjectPointer
ZwDeleteKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
RtlGetVersion
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
KeUnstackDetachProcess
KeStackAttachProcess
PsThreadType
PsIsThreadTerminating
MmUnmapLockedPages
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeInsertQueueApc
KeInitializeApc
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
IoGetDeviceAttachmentBaseRef
IoGetRelatedDeviceObject
ZwReadFile
IoCreateFileSpecifyDeviceObjectHint
ZwSetInformationFile
ZwQueryDirectoryFile
memmove
RtlCompareMemory
ZwCreateKey
ZwSetInformationObject
ZwQueryObject
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
IoFreeIrp
IoCreateFile
ZwDuplicateObject
RtlQueryRegistryValues
KeAreApcsDisabled
ExRaiseStatus
IoVolumeDeviceToDosName
_strnicmp
_allshr
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
FsRtlDissectName
RtlCaptureStackBackTrace
RtlInitUnicodeString
RtlPrefixUnicodeString
IoRegisterBootDriverReinitialization

hal

KeGetCurrentIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex

fltmgr.sys

FltAcquirePushLockShared
FltInitializePushLock
FltAcquirePushLockExclusive
FltReleasePushLock
FltDeletePushLock

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b22f99d1e90170f9e05a58208fbf3c9

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 33KB

INIT Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 33KB

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 7KB - Virtual size: 7KB