7ad60620aa5f2058001c73dc0bcc8a765bfe7f8394bcba0aa6a2ae69cc080d75

Sharing

Copy URL Twitter E-mail

General

Target

7ad60620aa5f2058001c73dc0bcc8a765bfe7f8394bcba0aa6a2ae69cc080d75
Size

2.3MB
MD5

9b27f0c14205805b77354e26227b07d8
SHA1

de7c70799a6cc52c5959ee78e7dbbb4dd5c87a23
SHA256

7ad60620aa5f2058001c73dc0bcc8a765bfe7f8394bcba0aa6a2ae69cc080d75
SHA512

b5c77d1a4623c30e68c982ae42fafa7302026d874fa9aa1d167bf2e17d3094504572effaba1816894a305855b07cbed1de0f6da26920507a72a25396badd4dd7
SSDEEP

49152:EQJeFJ0RZzJmxVuRb/lbHKd7HEkheKCNStu/iMOrCvqH:EQJ+0RZzYuxtqpEk/tfMOruqH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ad60620aa5f2058001c73dc0bcc8a765bfe7f8394bcba0aa6a2ae69cc080d75

Files

7ad60620aa5f2058001c73dc0bcc8a765bfe7f8394bcba0aa6a2ae69cc080d75
.sys windows:6 windows x86

8575d29927d360eab1981fca90eb6ad6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_allmul
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlRandomEx
KeTickCount
MmGetSystemRoutineAddress
ZwDeleteFile
ZwOpenFile
KeDelayExecutionThread
KeSetPriorityThread
KeGetCurrentThread
IofCompleteRequest
IoDeleteDevice
PsRemoveLoadImageNotifyRoutine
PsTerminateSystemThread
PsCreateSystemThread
PsSetLoadImageNotifyRoutine
IoCreateDevice
IoGetCurrentProcess
memcpy
strstr
_strnicmp
MmIsAddressValid
IoGetStackLimits
ZwSetInformationThread
ObOpenObjectByPointer
PsThreadType
ObfDereferenceObject
ObfReferenceObject
PsLookupThreadByThreadId
IoThreadToProcess
KeNumberProcessors
KeWaitForSingleObject
KeSetEvent
ObReferenceObjectByHandle
KeClearEvent
KeInitializeEvent
_stricmp
ProbeForRead
PsInitialSystemProcess
IoGetAttachedDevice
ObReferenceObjectByName
IoDriverObjectType
IoGetDeviceObjectPointer
IofCallDriver
RtlCopyUnicodeString
IoAttachDeviceToDeviceStackSafe
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDriver
KeQuerySystemTime
IoDeleteDriver
IoDetachDevice
IoEnumerateDeviceObjectList
IoGetLowerDeviceObject
IoGetBaseFileSystemDeviceObject
IoUnregisterShutdownNotification
PsSetCreateProcessNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
ExFreePoolWithTag
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
RtlInitUnicodeString
KeFlushQueuedDpcs
KeCancelTimer
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
IoRegisterShutdownNotification
ExAllocatePoolWithTag
_wcsnicmp
RtlCompareMemory
DbgPrint
IoGetDeviceAttachmentBaseRef
IoBuildDeviceIoControlRequest
ZwMapViewOfSection
ZwCreateSection
IoCreateFile
ZwUnmapViewOfSection
RtlCompareString
RtlInitString
ZwReadFile
ZwQueryInformationFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQuerySystemInformation
MmFreePagesFromMdl
RtlUpcaseUnicodeChar
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwQueryValueKey
ZwOpenKey
ZwSetValueKey
isupper
IoCreateFileSpecifyDeviceObjectHint
RtlAppendUnicodeToString
ZwDeleteKey
ZwFlushKey
ZwEnumerateKey
ZwCreateKey
KdDebuggerEnabled
IoStopTimer
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeInitializeDpc
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
RtlEqualUnicodeString
ObQueryNameString
MmAllocatePagesForMdl
RtlUnicodeStringToInteger
LdrFindResource_U
LdrAccessResource
_wcsicmp
_snprintf
memmove
KeBugCheckEx
RtlUnwind
ZwCreateFile
ExAllocatePool
ZwWriteFile
RtlInt64ToUnicodeString
RtlFreeUnicodeString
ZwClose
memset
RtlCompareUnicodeString
_vsnwprintf

hal

KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql

fltmgr.sys

FltEnumerateFilters
FltObjectDereference
FltUnregisterFilter
FltGetFilterInformation
FltRegisterFilter

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NUfZ0
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.NUfZ1
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 432B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8575d29927d360eab1981fca90eb6ad6

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 556KB - Virtual size: 556KB

INIT Size: 4KB - Virtual size: 4KB

.NUfZ0 Size: 748KB - Virtual size: 748KB

.NUfZ1 Size: 864KB - Virtual size: 864KB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 432B - Virtual size: 432B

.l1 Size: 6KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 556KB - Virtual size: 556KB

INIT
Size: 4KB - Virtual size: 4KB

.NUfZ0
Size: 748KB - Virtual size: 748KB

.NUfZ1
Size: 864KB - Virtual size: 864KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 432B - Virtual size: 432B

.l1
Size: 6KB - Virtual size: 6KB