39ba6e29de5bbc7d41044625f69887f8b21846d548cb7f16c3f9f49f8cb90151

General

Target

39ba6e29de5bbc7d41044625f69887f8b21846d548cb7f16c3f9f49f8cb90151
Size

26KB
MD5

d1fbace2c353f820c54a32527ea2766a
SHA1

7e0e4d1d1d3a9c1c950bf513e3c059fa69d06d2d
SHA256

39ba6e29de5bbc7d41044625f69887f8b21846d548cb7f16c3f9f49f8cb90151
SHA512

d28081c58f7f0551e50ef25a37c2bce50196c63a08208dab31563ce1007840cad3e077cd56c21fe46e0a09f6687e470213710f7f7fbbcaaa5e2dfbe2f663d060
SSDEEP

384:VRZWs4gKnYaY5pA6aSne6pcEIfQhnfvMQY0HC9u5a2R4o7qW9iB+:VRcsE90QSneIqfQhzYCCs5UhWsg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39ba6e29de5bbc7d41044625f69887f8b21846d548cb7f16c3f9f49f8cb90151

Files

39ba6e29de5bbc7d41044625f69887f8b21846d548cb7f16c3f9f49f8cb90151
.sys windows:6 windows x64

0e237c2ee40e94b1e3a8a8d70d26dde7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCompareMemory
IoWMIRegistrationControl
swprintf
IoGetDeviceProperty
ObfDereferenceObject
MmGetSystemRoutineAddress
MmMapIoSpace
IoGetDmaAdapter
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeSetEvent
ObReferenceObjectByHandle
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
MmUnmapIoSpace
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e237c2ee40e94b1e3a8a8d70d26dde7

Headers

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 612B

PAGE Size: 6KB - Virtual size: 5KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 612B

PAGE
Size: 6KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 96B