f6d09707339abf6d1003f68a31684068d1a921484cd0ea159e58846f7fc32cbb

Sharing

Copy URL

Twitter E-mail

General

Target

f6d09707339abf6d1003f68a31684068d1a921484cd0ea159e58846f7fc32cbb
Size

81KB
MD5

a18ae1e60f8025ed8455dec5e9c989a1
SHA1

f091950b75860d341d914e39b967dfeae540f641
SHA256

f6d09707339abf6d1003f68a31684068d1a921484cd0ea159e58846f7fc32cbb
SHA512

02641c706aa68e874eb742bd38bcb74931f6f7253fe891949382e051d69bc10f108497fb49c70e6dfa7cb2f97dff25a2d2a20dd878d8e166c756d1f3c563900c
SSDEEP

1536:rO3ppjJwed9yhyJHvLG2B4vtaUwNLBv5Gb2uiFI3nP8cH:rO3Pjied9yh2vLV4vtaUIBv5SR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6d09707339abf6d1003f68a31684068d1a921484cd0ea159e58846f7fc32cbb

Files

f6d09707339abf6d1003f68a31684068d1a921484cd0ea159e58846f7fc32cbb
.dll windows:5 windows x64

ee984288a8386f360aa085dec1a89e8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePoolWithTag
strlen
ExAllocatePool
IoDetachDevice
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
RtlCompareMemory
KeSetEvent
KeBugCheckEx
IoFreeIrp
KeClearEvent
KeWaitForSingleObject
IoAllocateIrp
IoGetRelatedDeviceObject
KeInitializeEvent
ZwClose
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObReferenceObjectByHandle
IoFileObjectType
IoCreateFile
IofCallDriver
NtClose
IoReuseIrp
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
ZwSetInformationFile
ZwWriteFile
ObfReferenceObject
ExAllocatePoolWithTag
ZwDeleteFile
wcscat
wcscpy
wcslen
ZwQueryDirectoryFile
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQueryTimeIncrement
ZwDeleteKey
ZwOpenKey
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ZwEnumerateKey
ZwQueryKey
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwQueryValueKey
__C_specific_handler
atoi
strstr
_vsnprintf
IoBuildDeviceIoControlRequest
IoGetLowerDeviceObject
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
IoFreeMdl
PsGetVersion
MmGetSystemRoutineAddress
rand
srand
CmUnRegisterCallback
CmRegisterCallback
RtlCompareUnicodeString
ZwCreateKey
RtlQueryRegistryValues
MmSystemRangeStart
_itoa_s
PsCreateSystemThread
IoCreateSymbolicLink
RtlUnicodeStringToAnsiString
_vsnwprintf
IoCreateDevice
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
IofCompleteRequest
ObQueryNameString
RtlFreeAnsiString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcess
ZwQuerySystemInformation
KeUnstackDetachProcess
ObSetHandleAttributes
PsInitialSystemProcess
IoGetCurrentProcess
KeStackAttachProcess
PsLookupProcessByProcessId

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee984288a8386f360aa085dec1a89e8c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 36B