4e8d81bb240ba3b5cbc35c650f000b12577ea24260b2ff652f0473165a48a7ef

Sharing

Copy URL

Twitter E-mail

General

Target

4e8d81bb240ba3b5cbc35c650f000b12577ea24260b2ff652f0473165a48a7ef
Size

34KB
MD5

f1ca452d05c2209f3d26ea0c768d3c6f
SHA1

7eda7b9b4df4b982f388700ccfa1bfb7dcb0a107
SHA256

4e8d81bb240ba3b5cbc35c650f000b12577ea24260b2ff652f0473165a48a7ef
SHA512

75f5f0efcb8e3901fb8f3169fb3ef865772ab3ee7f6f084c36d405085843c53e77fbade7577dbc7b2708638340f70ec46178330fb6ca6047a1424eeef2e0dac2
SSDEEP

768:8/2H7lx2VXCgME+kFcQHtTaE8bNeSW27MUTm:8OHT2VSxbkm4+EQzJ7MUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e8d81bb240ba3b5cbc35c650f000b12577ea24260b2ff652f0473165a48a7ef

Files

4e8d81bb240ba3b5cbc35c650f000b12577ea24260b2ff652f0473165a48a7ef
.sys windows:6 windows x86

fb0e851306d89ed2bb402986e15a4778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
KeTickCount
ProbeForRead
ProbeForWrite
PsGetCurrentProcessId
RtlUnwind
InitSafeBootMode
PsGetVersion
IoCreateDevice
IoCreateSymbolicLink
RtlInitUnicodeString
RtlCompareUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
KeInitializeEvent
ExAllocatePool
MmIsAddressValid
RtlEqualUnicodeString
MmUnlockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
DbgPrint
MmGetSystemRoutineAddress
KeQueryTimeIncrement
_alldiv
ExFreePoolWithTag
KeDelayExecutionThread
RtlAppendUnicodeStringToString
ExRaiseStatus
IoVolumeDeviceToDosName
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
RtlQueryRegistryValues
ObfDereferenceObject
IoGetDeviceObjectPointer
_wcsnicmp
memmove
ObOpenObjectByPointer
PsProcessType
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
IoGetCurrentProcess
IofCallDriver
PsTerminateSystemThread
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
IoSetCompletionRoutineEx
ObReferenceObjectByHandle
IoFileObjectType
PsGetCurrentThreadId
KeSetEvent
IoFreeIrp
IoAllocateIrp
IoGetRelatedDeviceObject
RtlGetVersion
MmMapLockedPages
KeBugCheckEx
memset
_allmul
ExAllocatePoolWithTag
IoAttachDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

fltmgr.sys

FltCreateCommunicationPort
FltUnregisterFilter
FltCloseCommunicationPort
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCloseClientPort
FltFreeSecurityDescriptor
FltStartFiltering

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0e851306d89ed2bb402986e15a4778

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 896B - Virtual size: 800B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 896B - Virtual size: 800B

.reloc
Size: 2KB - Virtual size: 2KB