6e47863a2970e7419a4cb0172344fd37ccde7286a5a2c51a3040cb830126aeef

Sharing

Copy URL Twitter E-mail

General

Target

6e47863a2970e7419a4cb0172344fd37ccde7286a5a2c51a3040cb830126aeef
Size

1.5MB
MD5

9eae90cb75f24c20783bd34e98534347
SHA1

d5dec9af220f571e196f86fc807a217fc758ea51
SHA256

6e47863a2970e7419a4cb0172344fd37ccde7286a5a2c51a3040cb830126aeef
SHA512

3bfe0b778f5b3403c3966b2ad663046afa30292b70506cde2244720ae74e40f4ca7a418482e4c8f8455a80d21590f61826f458416db3da843e06a30c8eacbb72
SSDEEP

49152:Qw3KLAPJyMmKLC0d7JtYwk4zjWfHQpx/2Nkjnj7FtNuTB7uU:RaLAhyMJWY7bYwk4zjWfHQpx/2K+B7uU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e47863a2970e7419a4cb0172344fd37ccde7286a5a2c51a3040cb830126aeef

Files

6e47863a2970e7419a4cb0172344fd37ccde7286a5a2c51a3040cb830126aeef
.sys windows:6 windows x86

ed52ccecf7e1d043b00b21607e5d5d33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
memset
ZwWriteFile
ZwSetInformationFile
ZwQueryInformationFile
_strnicmp
PsGetProcessImageFileName
IoCreateFile
ZwClose
ExFreePoolWithTag
ZwReadFile
ZwFlushKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
ZwCreateFile
KeQuerySystemTime
ZwDeleteFile
MmIsAddressValid
RtlCopyUnicodeString
ObQueryNameString
ZwDeleteKey
ZwOpenKey
ZwQueryDirectoryFile
DbgPrint
RtlInitUnicodeString
RtlAppendUnicodeStringToString
ZwEnumerateKey
ZwQueryKey
KeUnstackDetachProcess
KeStackAttachProcess
_wcsicmp
KeGetCurrentThread
IoFreeIrp
IoFreeMdl
KeSetEvent
ExAllocatePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoGetDeviceAttachmentBaseRef
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
MmGetSystemRoutineAddress
_wcsnicmp
CmRegisterCallback
CmUnRegisterCallback
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
PsGetProcessId
PsInitialSystemProcess
IofCompleteRequest
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
NtShutdownSystem
PsCreateSystemThread
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateDevice
RtlGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
_vsnwprintf
_vsnprintf
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
PsLookupThreadByThreadId
_stricmp
_allmul
RtlEqualUnicodeString
PsGetProcessPeb
ZwAllocateVirtualMemory
ZwOpenFile

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed52ccecf7e1d043b00b21607e5d5d33

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 1024B - Virtual size: 988B

.data Size: 1.5MB - Virtual size: 1.5MB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 1024B - Virtual size: 988B

.data
Size: 1.5MB - Virtual size: 1.5MB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 5KB - Virtual size: 5KB