dd92c443c9d5cf33f72378b44444c8bc34ab34ad4bf1695dd2d7d80ce876d3d0

Sharing

Copy URL Twitter E-mail

General

Target

dd92c443c9d5cf33f72378b44444c8bc34ab34ad4bf1695dd2d7d80ce876d3d0
Size

2.9MB
MD5

d417663da292bf8b0ec4224a15829aa6
SHA1

e663485ea41686626ba3eeaeefce556514b49de1
SHA256

dd92c443c9d5cf33f72378b44444c8bc34ab34ad4bf1695dd2d7d80ce876d3d0
SHA512

c0fec72f1037c33f83d19ecfdb9a2d775663eb7ee01ca99121ae37cab524335f79edb2fed883e23c3c2536b506ffaa62d9c44321e1432f0e1a73a3a4e0823814
SSDEEP

49152:5yxX1tlhfwp0qhXZT+mmX3AfaHKtROT8bVPV/FebIhAMfol8Wfy3dwG+yKM9iheq:5Q1fhfiPp+1X3fqr2t2wY9iwQ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd92c443c9d5cf33f72378b44444c8bc34ab34ad4bf1695dd2d7d80ce876d3d0

Files

dd92c443c9d5cf33f72378b44444c8bc34ab34ad4bf1695dd2d7d80ce876d3d0
.sys windows:10 windows x64

959b24886c3c3f7c2b4882aff8432933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI

ntoskrnl.exe

strtok_s
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.WHQL0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.WHQL1
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WHQL2
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959b24886c3c3f7c2b4882aff8432933

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 28KB

.rdata Size: - Virtual size: 8KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 1KB

INIT Size: - Virtual size: 1KB

.WHQL0 Size: - Virtual size: 1.6MB

.WHQL1 Size: 1024B - Virtual size: 704B

.WHQL2 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 512B - Virtual size: 196B

.text
Size: - Virtual size: 28KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 1KB

INIT
Size: - Virtual size: 1KB

.WHQL0
Size: - Virtual size: 1.6MB

.WHQL1
Size: 1024B - Virtual size: 704B

.WHQL2
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 512B - Virtual size: 196B