74d0302f26c6d49a5098a18668087817cb4025db7eec697723258527367b6e90

Sharing

Copy URL Twitter E-mail

General

Target

74d0302f26c6d49a5098a18668087817cb4025db7eec697723258527367b6e90
Size

1.5MB
MD5

4bf74483dbabf0d22a001b18c7c740ba
SHA1

f81e672ee3b5edb2427c66ff2b76d10f3f5aa705
SHA256

74d0302f26c6d49a5098a18668087817cb4025db7eec697723258527367b6e90
SHA512

f50ddc19c924efdac307d1b49cbcd819bca7c7ee86156b1bd87c068784f07103296af42f22ae6e59ca6b4e77b7278bb2582135e82390a8eb7f2957391aa55eb7
SSDEEP

49152:0w3KLAPJE4PkAmOaqx+fHQpx+2Nkjnj7FtNuTB7uD:9aLAhE49aqx+fHQpx+2K+B7uD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74d0302f26c6d49a5098a18668087817cb4025db7eec697723258527367b6e90

Files

74d0302f26c6d49a5098a18668087817cb4025db7eec697723258527367b6e90
.sys windows:6 windows x86

e431a89f675810a4dddeeb1aa41159ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
memset
ZwWriteFile
ZwSetInformationFile
ZwQueryInformationFile
_strnicmp
PsGetProcessImageFileName
IoCreateFile
ZwClose
ExFreePoolWithTag
ZwReadFile
ZwFlushKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
ZwCreateFile
KeQuerySystemTime
ZwDeleteFile
MmIsAddressValid
RtlCopyUnicodeString
ObQueryNameString
ZwDeleteKey
ZwOpenKey
ZwQueryDirectoryFile
DbgPrint
RtlInitUnicodeString
KeUnstackDetachProcess
KeStackAttachProcess
_wcsicmp
KeGetCurrentThread
IoFreeIrp
IoFreeMdl
KeSetEvent
ExAllocatePool
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
IoGetDeviceAttachmentBaseRef
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
MmGetSystemRoutineAddress
_wcsnicmp
CmRegisterCallback
CmUnRegisterCallback
ZwTerminateProcess
ObOpenObjectByPointer
PsProcessType
PsGetProcessSectionBaseAddress
PsLookupProcessByProcessId
PsGetProcessId
PsInitialSystemProcess
IofCompleteRequest
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
NtShutdownSystem
PsCreateSystemThread
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateDevice
RtlGetVersion
KeTickCount
KeBugCheckEx
RtlUnwind
_vsnwprintf
_vsnprintf
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
PsLookupThreadByThreadId
_stricmp
ZwEnumerateKey
ZwQueryKey
_allmul
RtlEqualUnicodeString
PsGetProcessPeb
ZwAllocateVirtualMemory
ZwOpenFile

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e431a89f675810a4dddeeb1aa41159ba

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 1024B - Virtual size: 972B

.data Size: 1.5MB - Virtual size: 1.5MB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 1024B - Virtual size: 972B

.data
Size: 1.5MB - Virtual size: 1.5MB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 5KB - Virtual size: 4KB