2eb5ec26a693d6f101f2c6b9a4c7bd8fd4d6a3eaf1c693681ee7486ac0778ad2

Sharing

Copy URL Twitter E-mail

General

Target

2eb5ec26a693d6f101f2c6b9a4c7bd8fd4d6a3eaf1c693681ee7486ac0778ad2
Size

41KB
MD5

a09ed7551ad96b1a2b6e2059bf9cb329
SHA1

b91686524921bbb84687fa55c36937669fa0f957
SHA256

2eb5ec26a693d6f101f2c6b9a4c7bd8fd4d6a3eaf1c693681ee7486ac0778ad2
SHA512

69545a84204c2632af054acf51efd84c4061eed5b2ea960695344b69bf1f3ef7d48b35f0d20ee2972594f557c00095f46f745505f8f3801f7dfe94ad9018643f
SSDEEP

384:gaA7C8rf5M7+9NXBVXVqwTTzh/oAobrer/lQ21EF9S9A0zgLu5HHICe4S9eRTtj0:yf5M6TXNdkreBA901Q4SI9nfLzBtNc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eb5ec26a693d6f101f2c6b9a4c7bd8fd4d6a3eaf1c693681ee7486ac0778ad2

Files

2eb5ec26a693d6f101f2c6b9a4c7bd8fd4d6a3eaf1c693681ee7486ac0778ad2
.sys windows:10 windows x64

3b55e46fca7174bf3dab371859bf194b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
RtlFindExportedRoutineByName
ZwQuerySystemInformation
strtok_s
RtlTimeToTimeFields
ExAllocatePool
ExSystemTimeToLocalTime
MmIsAddressValid
DbgPrint
CmUnRegisterCallback
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
PsTerminateSystemThread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObfDereferenceObject
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwClose
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetProcessExitStatus
ZwTerminateProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
PsGetProcessImageFileName
KeDelayExecutionThread
KeQueryTimeIncrement
CmRegisterCallback
PsCreateSystemThread
PsSetLoadImageNotifyRoutine
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
MmProbeAndLockPages
MmUnlockPages
IoAllocateIrp
IoFreeIrp
__C_specific_handler
RtlRaiseException

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b55e46fca7174bf3dab371859bf194b

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B