9211b54fc005132e9d2135c696ec891ec820eaaf2186fddb2c4b6036933124cd

Sharing

Copy URL Twitter E-mail

General

Target

9211b54fc005132e9d2135c696ec891ec820eaaf2186fddb2c4b6036933124cd
Size

34KB
MD5

8db6c6f8e2c3457718cad8c419037d19
SHA1

85d6f9a5495cd56591274d664c6d3d4fa4eeb547
SHA256

9211b54fc005132e9d2135c696ec891ec820eaaf2186fddb2c4b6036933124cd
SHA512

fa9e3cedfb18ebead00ba74afa5ce52f5031250e0ecd705b9eeb0c18461bca0d06e5420e618bcf233bc79d3e19678e247a40e933421bfd6235d457f38cee0455
SSDEEP

768:e/2H7lx2VXCgME+kFcQHtTaE8dNeSW27MUTm:eOHT2VSxbkm4+E6zJ7MUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9211b54fc005132e9d2135c696ec891ec820eaaf2186fddb2c4b6036933124cd

Files

9211b54fc005132e9d2135c696ec891ec820eaaf2186fddb2c4b6036933124cd
.sys windows:6 windows x86

fb0e851306d89ed2bb402986e15a4778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
KeTickCount
ProbeForRead
ProbeForWrite
PsGetCurrentProcessId
RtlUnwind
InitSafeBootMode
PsGetVersion
IoCreateDevice
IoCreateSymbolicLink
RtlInitUnicodeString
RtlCompareUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
KeInitializeEvent
ExAllocatePool
MmIsAddressValid
RtlEqualUnicodeString
MmUnlockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
DbgPrint
MmGetSystemRoutineAddress
KeQueryTimeIncrement
_alldiv
ExFreePoolWithTag
KeDelayExecutionThread
RtlAppendUnicodeStringToString
ExRaiseStatus
IoVolumeDeviceToDosName
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
RtlQueryRegistryValues
ObfDereferenceObject
IoGetDeviceObjectPointer
_wcsnicmp
memmove
ObOpenObjectByPointer
PsProcessType
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
IoGetCurrentProcess
IofCallDriver
PsTerminateSystemThread
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
IoSetCompletionRoutineEx
ObReferenceObjectByHandle
IoFileObjectType
PsGetCurrentThreadId
KeSetEvent
IoFreeIrp
IoAllocateIrp
IoGetRelatedDeviceObject
RtlGetVersion
MmMapLockedPages
KeBugCheckEx
memset
_allmul
ExAllocatePoolWithTag
IoAttachDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

fltmgr.sys

FltCreateCommunicationPort
FltUnregisterFilter
FltCloseCommunicationPort
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCloseClientPort
FltFreeSecurityDescriptor
FltStartFiltering

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0e851306d89ed2bb402986e15a4778

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 896B - Virtual size: 800B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 896B - Virtual size: 800B

.reloc
Size: 2KB - Virtual size: 2KB