71e62e43fc2187b86b6458a404ede85b651661360f6cf34d1a9a82ca0b2d5946[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

71e62e43fc2187b86b6458a404ede85b651661360f6cf34d1a9a82ca0b2d5946.zip
Size

17KB
MD5

ebe8aafbdade29a50fb91038c1a19e20
SHA1

c21c7b2661ad682c6c29d4ebbd26671d01a24889
SHA256

457faad9f966b2c219605832f408cf67d0b3fe10bbe248190da1f76ea89cee6c
SHA512

d801ef814efd3f0f1dfa5591615fd1358ffe9cf1d96b3b91278c5729b7a9790fc6e3f50e4e60b3b1efe86e9c7136f79e2cee829a69930525d8f5f8609fc27e41
SSDEEP

384:KJXD7fzkut9/igKuQfQfG5oOBgQD3KYFjwLMSfiIFl4s:KK8ZLTQ4fGNzTKYFjgMyF3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mskssrv.sys

Files

71e62e43fc2187b86b6458a404ede85b651661360f6cf34d1a9a82ca0b2d5946.zip
.zip

Password: infected
mskssrv.sys
.sys windows:10 windows x64

bb6206eefa337f1623460d101dcccf55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwSetValueKey
RtlCompareMemory
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
ObReferenceObjectByPointer
_purecall
MmUnlockPages
KeSetEvent
NtClose
MmUnmapLockedPages
ExEventObjectType
IoAllocateWorkItem
IoGetCurrentProcess
ZwClose
IoQueueWorkItem
IofCompleteRequest
RtlValidSid
RtlLengthSid
ZwUpdateWnfStateData
DbgPrintEx
PsGetCurrentProcessId
PsGetProcessId
ObDuplicateObject
ObOpenObjectByPointer
ExSetTimer
ExDeleteTimer
ExAllocateTimer
ExCancelTimer
KeStackAttachProcess
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
ZwQueryValueKey
IoCreateDevice
ExAllocatePoolWithTag
IoCreateFile
IoFreeMdl
ExFreePool
ObReferenceObjectByHandle
IoFileObjectType
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoOpenDeviceInterfaceRegistryKey
RtlInitUnicodeString
IoAllocateMdl
ObfDereferenceObject
MmProbeAndLockPages
IoFreeWorkItem
__C_specific_handler

ks.sys

KsSetMajorFunctionHandler
KsDefaultForwardIrp
KsDefaultDispatchPower
KsFreeDeviceHeader
KsFreeObjectHeader
KsQueryDevicePnpObject
KsAllocateObjectHeader
KsSetCameraAllowlistedProcess
KsPropertyHandler
KsUpdateCameraStreamingConsent
KsCacheMedium
KsIsCurrentProcessFrameServer
KsReferenceSoftwareBusObject
KsSetDevicePnpAndBaseObject
KsAllocateDeviceHeader
KsUpdateUserLoginTrigger
KsDereferenceSoftwareBusObject
KsSynchronousIoControlDevice
KsDefaultDispatchPnp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.guids
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 350B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bb6206eefa337f1623460d101dcccf55

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

ks.sys

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 320B

.pdata Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 2KB

.guids Size: 4KB - Virtual size: 48B

PAGE Size: 20KB - Virtual size: 16KB

fothk Size: 4KB - Virtual size: 4KB

INIT Size: 4KB - Virtual size: 350B

GFIDS Size: 4KB - Virtual size: 136B

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 320B

.pdata
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.guids
Size: 4KB - Virtual size: 48B

PAGE
Size: 20KB - Virtual size: 16KB

fothk
Size: 4KB - Virtual size: 4KB

INIT
Size: 4KB - Virtual size: 350B

GFIDS
Size: 4KB - Virtual size: 136B

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 1KB