8df626cc32a01e853432660eb6bc74996f3dbcadc7c27591c202aa1e2cc17ea8

Sharing

Copy URL Twitter E-mail

General

Target

8df626cc32a01e853432660eb6bc74996f3dbcadc7c27591c202aa1e2cc17ea8
Size

34KB
MD5

abe75818fc378a7f4f04fbf4f8ddbc94
SHA1

fa8d5b5a13840369c98c0264a9688b9e85d937c0
SHA256

8df626cc32a01e853432660eb6bc74996f3dbcadc7c27591c202aa1e2cc17ea8
SHA512

6e1b32f9e85913523d496d48c36e3e49b4ee8f044032a82bdc0f78caa44b6e6d4a125e6cc423b6f4221430bbdd4d6fd6b0cdf991b713c7a80e6b3e7c95b3c9f1
SSDEEP

768:MX2H7lx2VXCgME+kFcQHtTaEu2NeSW2c+UTm:MmHT2VSxbkm4+E3zJc+Uy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8df626cc32a01e853432660eb6bc74996f3dbcadc7c27591c202aa1e2cc17ea8

Files

8df626cc32a01e853432660eb6bc74996f3dbcadc7c27591c202aa1e2cc17ea8
.sys windows:6 windows x86

fb0e851306d89ed2bb402986e15a4778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
KeTickCount
ProbeForRead
ProbeForWrite
PsGetCurrentProcessId
RtlUnwind
InitSafeBootMode
PsGetVersion
IoCreateDevice
IoCreateSymbolicLink
RtlInitUnicodeString
RtlCompareUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
KeInitializeEvent
ExAllocatePool
MmIsAddressValid
RtlEqualUnicodeString
MmUnlockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
DbgPrint
MmGetSystemRoutineAddress
KeQueryTimeIncrement
_alldiv
ExFreePoolWithTag
KeDelayExecutionThread
RtlAppendUnicodeStringToString
ExRaiseStatus
IoVolumeDeviceToDosName
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
RtlQueryRegistryValues
ObfDereferenceObject
IoGetDeviceObjectPointer
_wcsnicmp
memmove
ObOpenObjectByPointer
PsProcessType
KeInitializeMutex
KeReleaseMutex
KeWaitForSingleObject
IoGetCurrentProcess
IofCallDriver
PsTerminateSystemThread
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
IoSetCompletionRoutineEx
ObReferenceObjectByHandle
IoFileObjectType
PsGetCurrentThreadId
KeSetEvent
IoFreeIrp
IoAllocateIrp
IoGetRelatedDeviceObject
RtlGetVersion
MmMapLockedPages
KeBugCheckEx
memset
_allmul
ExAllocatePoolWithTag
IoAttachDevice

hal

ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

fltmgr.sys

FltCreateCommunicationPort
FltUnregisterFilter
FltCloseCommunicationPort
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCloseClientPort
FltFreeSecurityDescriptor
FltStartFiltering

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0e851306d89ed2bb402986e15a4778

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

fltmgr.sys

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 896B - Virtual size: 800B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 896B - Virtual size: 800B

.reloc
Size: 2KB - Virtual size: 2KB