0b4c183f77185a20705dd958249cb59046651fa0b02885a74ac86813ab699640

Sharing

Copy URL Twitter E-mail

General

Target

0b4c183f77185a20705dd958249cb59046651fa0b02885a74ac86813ab699640
Size

43KB
MD5

cd648f14175040b713e1d58f9ee2fad6
SHA1

f380939d4a231064a035e4c44e1ab92e9f85b14c
SHA256

0b4c183f77185a20705dd958249cb59046651fa0b02885a74ac86813ab699640
SHA512

0c23d13c12794e9942f0b3b443b30d0f649dbbbf07f5ed48f63b7748591f4edec1ca98202b8db7346ce93373550aa3db7adeab6090a1064cb4075a1f4b46a418
SSDEEP

768:3wncpmHRzNlVrelN0kXMOKa4SI9nfWDd:yzNTrevkOjIZex

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b4c183f77185a20705dd958249cb59046651fa0b02885a74ac86813ab699640

Files

0b4c183f77185a20705dd958249cb59046651fa0b02885a74ac86813ab699640
.sys windows:10 windows x64

1aa75c76af86b94f7609ca38723b85ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

ntoskrnl.exe

strtok_s
RtlTimeToTimeFields
ExAllocatePool
ExSystemTimeToLocalTime
MmIsAddressValid
DbgPrint
CmUnRegisterCallback
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
PsTerminateSystemThread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObfDereferenceObject
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetProcessExitStatus
ZwTerminateProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsGetProcessImageFileName
KeDelayExecutionThread
KeQueryTimeIncrement
CmRegisterCallback
PsCreateSystemThread
PsSetLoadImageNotifyRoutine
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
MmProbeAndLockPages
MmUnlockPages
IoAllocateIrp
IoFreeIrp
__C_specific_handler
RtlRaiseException
ExAllocatePoolWithTag
RtlFindExportedRoutineByName
ExFreePoolWithTag
ZwClose

vmprotectddk64.sys

VMProtectBeginMutation
VMProtectBegin
VMProtectEnd

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1aa75c76af86b94f7609ca38723b85ca

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

vmprotectddk64.sys

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B