5d4fb57d2804e88993dbdea9c67cebf0_native[.]exe

General

Target

5d4fb57d2804e88993dbdea9c67cebf0_native.exe
Size

27KB
MD5

5d4fb57d2804e88993dbdea9c67cebf0
SHA1

5a86897b470a8df9da3792406bd0b47a68b263aa
SHA256

a3a6a8fced3fd8b74e6a078dbfc57f8a5390d1167c1574f11d27f4380f85c36d
SHA512

c7c51222ce5dacc47228ae0a7c7e9cc0db97e91e38db742e3f12f27be90610715cc9d460af68774777b2b7057496c35dcae9028eba4c93bbb3697766feafecaf
SSDEEP

384:WZ9Mt5a+LzwaZZyXPb8Tx0qIbRhmPcwi0yJzTtKAy4ze:69MCavycxdOhTugn0Alz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d4fb57d2804e88993dbdea9c67cebf0_native.exe

Files

5d4fb57d2804e88993dbdea9c67cebf0_native.exe
.sys windows:4 windows x86

cd1bc57fd456ceea0de17541c980aef5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmAllocateNonCachedMemory
MmFreeContiguousMemory
MmUnmapIoSpace
MmBuildMdlForNonPagedPool
MmMapIoSpace
MmProbeAndLockPages
MmGetPhysicalAddress
MmAllocateContiguousMemory
MmUnlockPages
MmUnmapLockedPages
MmMapLockedPages
ObfDereferenceObject
ZwUnmapViewOfSection
ZwMapViewOfSection
IoFreeMdl
MmFreeNonCachedMemory
ZwOpenSection
IoRegisterShutdownNotification
KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
IoDeleteSymbolicLink
IoReportResourceUsage
ZwQuerySystemInformation
memmove
MmIsAddressValid
RtlUnwind
ExAllocatePoolWithTag
IoAllocateMdl
ExFreePool
PsGetVersion
RtlInitAnsiString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
memset
ZwClose
ObReferenceObjectByHandle

hal

KfRaiseIrql
KfLowerIrql
KeStallExecutionProcessor
HalTranslateBusAddress
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
HalGetBusData
HalGetBusDataByOffset
HalSetBusDataByOffset

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 736B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 672B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd1bc57fd456ceea0de17541c980aef5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 736B - Virtual size: 716B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 992B - Virtual size: 984B

.reloc Size: 672B - Virtual size: 660B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 736B - Virtual size: 716B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 992B - Virtual size: 984B

.reloc
Size: 672B - Virtual size: 660B